1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
Description: cannot reclaim root
"Thus, a set-user-ID-root program wishing to temporarily drop root
privileges, assume the identity of an unprivileged user, and then regain
root privileges afterward cannot use setuid(). You can accomplish this
with seteuid(2)."
(http://linux.die.net/man/2/setuid)
"For portability, it is recommended that new non-privileged applications
use the seteuid() and setegid() functions instead."
(http://pubs.opengroup.org/onlinepubs/009695399/functions/setuid.html)
Index: lightdm-1.10.3/common/privileges.c
===================================================================
--- lightdm-1.10.3.orig/common/privileges.c
+++ lightdm-1.10.3/common/privileges.c
@@ -23,13 +23,11 @@ privileges_drop (uid_t uid, gid_t gid)
#ifdef HAVE_SETRESGID
g_assert (setresgid (gid, gid, -1) == 0);
#else
- g_assert (setgid (gid) == 0);
g_assert (setegid (gid) == 0);
#endif
#ifdef HAVE_SETRESUID
g_assert (setresuid (uid, uid, -1) == 0);
#else
- g_assert (setuid (uid) == 0);
g_assert (seteuid (uid) == 0);
#endif
}
@@ -40,13 +38,11 @@ privileges_reclaim (void)
#ifdef HAVE_SETRESUID
g_assert (setresuid (0, 0, -1) == 0);
#else
- g_assert (setuid (0) == 0);
g_assert (seteuid (0) == 0);
#endif
#ifdef HAVE_SETRESGID
g_assert (setresgid (0, 0, -1) == 0);
#else
- g_assert (setgid (0) == 0);
g_assert (setegid (0) == 0);
#endif
}
|
