os: move xf86PrivsElevated here
Having different types of code all trying to check for elevated privileges is a bad idea. This implementation is the most thorough one. Signed-off-by: Nicolai Hähnle <nicolai.haehnle@amd.com> Reviewed-by: Ben Crocker <bcrocker@redhat.com> Reviewed-by: Antoine Martin <antoine@nagafix.co.uk> Tested-by: Ben Crocker <bcrocker@redhat.com> Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
This commit is contained in:
Nicolai Hähnle
Adam Jackson
parent
1519475a43
commit
9ef602de46
|
|
@ -238,64 +238,7 @@ xf86PrintBanner(void)
|
||||||
Bool
|
Bool
|
||||||
xf86PrivsElevated(void)
|
xf86PrivsElevated(void)
|
||||||
{
|
{
|
||||||
static Bool privsTested = FALSE;
|
return PrivsElevated();
|
||||||
static Bool privsElevated = TRUE;
|
|
||||||
|
|
||||||
if (!privsTested) {
|
|
||||||
#if defined(WIN32)
|
|
||||||
privsElevated = FALSE;
|
|
||||||
#else
|
|
||||||
if ((getuid() != geteuid()) || (getgid() != getegid())) {
|
|
||||||
privsElevated = TRUE;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
#if defined(HAVE_ISSETUGID)
|
|
||||||
privsElevated = issetugid();
|
|
||||||
#elif defined(HAVE_GETRESUID)
|
|
||||||
uid_t ruid, euid, suid;
|
|
||||||
gid_t rgid, egid, sgid;
|
|
||||||
|
|
||||||
if ((getresuid(&ruid, &euid, &suid) == 0) &&
|
|
||||||
(getresgid(&rgid, &egid, &sgid) == 0)) {
|
|
||||||
privsElevated = (euid != suid) || (egid != sgid);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
printf("Failed getresuid or getresgid");
|
|
||||||
/* Something went wrong, make defensive assumption */
|
|
||||||
privsElevated = TRUE;
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
if (getuid() == 0) {
|
|
||||||
/* running as root: uid==euid==0 */
|
|
||||||
privsElevated = FALSE;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
/*
|
|
||||||
* If there are saved ID's the process might still be privileged
|
|
||||||
* even though the above test succeeded. If issetugid() and
|
|
||||||
* getresgid() aren't available, test this by trying to set
|
|
||||||
* euid to 0.
|
|
||||||
*/
|
|
||||||
unsigned int oldeuid;
|
|
||||||
|
|
||||||
oldeuid = geteuid();
|
|
||||||
|
|
||||||
if (seteuid(0) != 0) {
|
|
||||||
privsElevated = FALSE;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
if (seteuid(oldeuid) != 0) {
|
|
||||||
FatalError("Failed to drop privileges. Exiting\n");
|
|
||||||
}
|
|
||||||
privsElevated = TRUE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
privsTested = TRUE;
|
|
||||||
}
|
|
||||||
return privsElevated;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
|
|
||||||
|
|
@ -366,6 +366,9 @@ System(const char *cmdline);
|
||||||
#define Fclose(a) fclose(a)
|
#define Fclose(a) fclose(a)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
extern _X_EXPORT Bool
|
||||||
|
PrivsElevated(void);
|
||||||
|
|
||||||
extern _X_EXPORT void
|
extern _X_EXPORT void
|
||||||
CheckUserParameters(int argc, char **argv, char **envp);
|
CheckUserParameters(int argc, char **argv, char **envp);
|
||||||
extern _X_EXPORT void
|
extern _X_EXPORT void
|
||||||
|
|
|
||||||
63
os/utils.c
63
os/utils.c
|
|
@ -1719,6 +1719,69 @@ System(const char *cmdline)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
Bool
|
||||||
|
PrivsElevated(void)
|
||||||
|
{
|
||||||
|
static Bool privsTested = FALSE;
|
||||||
|
static Bool privsElevated = TRUE;
|
||||||
|
|
||||||
|
if (!privsTested) {
|
||||||
|
#if defined(WIN32)
|
||||||
|
privsElevated = FALSE;
|
||||||
|
#else
|
||||||
|
if ((getuid() != geteuid()) || (getgid() != getegid())) {
|
||||||
|
privsElevated = TRUE;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
#if defined(HAVE_ISSETUGID)
|
||||||
|
privsElevated = issetugid();
|
||||||
|
#elif defined(HAVE_GETRESUID)
|
||||||
|
uid_t ruid, euid, suid;
|
||||||
|
gid_t rgid, egid, sgid;
|
||||||
|
|
||||||
|
if ((getresuid(&ruid, &euid, &suid) == 0) &&
|
||||||
|
(getresgid(&rgid, &egid, &sgid) == 0)) {
|
||||||
|
privsElevated = (euid != suid) || (egid != sgid);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
printf("Failed getresuid or getresgid");
|
||||||
|
/* Something went wrong, make defensive assumption */
|
||||||
|
privsElevated = TRUE;
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
if (getuid() == 0) {
|
||||||
|
/* running as root: uid==euid==0 */
|
||||||
|
privsElevated = FALSE;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
/*
|
||||||
|
* If there are saved ID's the process might still be privileged
|
||||||
|
* even though the above test succeeded. If issetugid() and
|
||||||
|
* getresgid() aren't available, test this by trying to set
|
||||||
|
* euid to 0.
|
||||||
|
*/
|
||||||
|
unsigned int oldeuid;
|
||||||
|
|
||||||
|
oldeuid = geteuid();
|
||||||
|
|
||||||
|
if (seteuid(0) != 0) {
|
||||||
|
privsElevated = FALSE;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if (seteuid(oldeuid) != 0) {
|
||||||
|
FatalError("Failed to drop privileges. Exiting\n");
|
||||||
|
}
|
||||||
|
privsElevated = TRUE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
privsTested = TRUE;
|
||||||
|
}
|
||||||
|
return privsElevated;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* CheckUserParameters: check for long command line arguments and long
|
* CheckUserParameters: check for long command line arguments and long
|
||||||
* environment variables. By default, these checks are only done when
|
* environment variables. By default, these checks are only done when
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue