[pipelight] refactored pipelight-0.2.7.1_fix-missing-call-to-setgroups.patch
Björn Esser
besser82 at fedoraproject.org
Wed Jul 9 14:44:07 UTC 2014
commit fe3426f0dc68da215ba23d8ecb4c2ecb09b3ab40
Author: Björn Esser <bjoern.esser at gmail.com>
Date: Wed Jul 9 16:40:16 2014 +0200
refactored pipelight-0.2.7.1_fix-missing-call-to-setgroups.patch
...ght-0.2.7.1_fix-missing-call-to-setgroups.patch | 62 ++++++++++++-------
1 files changed, 39 insertions(+), 23 deletions(-)
---
diff --git a/pipelight-0.2.7.1_fix-missing-call-to-setgroups.patch b/pipelight-0.2.7.1_fix-missing-call-to-setgroups.patch
index bffdfc7..5e943fe 100644
--- a/pipelight-0.2.7.1_fix-missing-call-to-setgroups.patch
+++ b/pipelight-0.2.7.1_fix-missing-call-to-setgroups.patch
@@ -2,15 +2,24 @@ Index: mmueller2012-pipelight-e2362eb15df6/src/linux/basicplugin.c
===================================================================
--- mmueller2012-pipelight-e2362eb15df6.orig/src/linux/basicplugin.c
+++ mmueller2012-pipelight-e2362eb15df6/src/linux/basicplugin.c
-@@ -40,6 +40,7 @@
+@@ -40,6 +40,8 @@
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h> // for POSIX api
-+#include <grp.h> // for setgroups()
++#include <grp.h> // for initgroups()
++#include <pwd.h> // for struct passwd
#include <iostream> // for std::ios_base
#include <string> // for std::string
#include <errno.h>
-@@ -160,16 +161,42 @@ void checkPermissions(){
+@@ -152,6 +154,7 @@ void checkPermissions(){
+ uid_t euid = geteuid();
+ gid_t gid = getgid();
+ gid_t egid = getegid();
++ passwd* user = getpwuid(uid);
+
+ if (euid == 0 || egid == 0){
+ DBG_WARN("-------------------------------------------------------");
+@@ -160,18 +163,45 @@ void checkPermissions(){
DBG_WARN("-------------------------------------------------------");
}
@@ -25,16 +34,23 @@ Index: mmueller2012-pipelight-e2362eb15df6/src/linux/basicplugin.c
+ * issue to be fixed. Seek POS36-C on the web for details about
+ * the problem.
+ *
-+ * When dropping privileges from root, the `setgroups` call will
-+ * remove any extraneous groups. If we don't call this, then
-+ * even though our uid has dropped, we may still have groups
-+ * that enable us to do super-user things. This will fail if we
-+ * aren't root, so don't bother checking the return value, this
-+ * is just done as an optimistic privilege dropping function.
-+ *
++ * When dropping privileges from root, the initgroups() call will
++ * remove any extraneous groups and just use the groups the real
++ * user is a member of. If we don't call this, then even though
++ * our uid has dropped, we may still have groups that enable us
++ * to do super-user things. This will fail if we aren't root or
++ * could not properly acquire the user's credentials.
+ */
-+
-+ setgroups(0, NULL);
+
+- if (gid != egid){
+- if (setgid(gid) != 0 || getegid() != gid)
+- result = false;
+- }
++ if ((result = !user))
++ result = initgroups(user->pw_name, user->pw_gid);
+
+ if (!result)
++ DBG_ERROR("failed to drop group-privileges by calling initgroups().");
+
+ /* Order is important! First call setgid(), last call setuid().
+ * The setgid() function must be run with superuser privileges,
@@ -43,17 +59,17 @@ Index: mmueller2012-pipelight-e2362eb15df6/src/linux/basicplugin.c
+ * program that allows for the execution of arbitrary code, an
+ * attacker can regain the original group privileges.
+ */
-
- if (gid != egid){
- if (setgid(gid) != 0 || getegid() != gid)
- result = false;
- }
-
-+ if (uid != euid){
-+ if (setuid(uid) != 0 || geteuid() != uid)
-+ result = false;
-+ }
+
- if (!result)
++ if (gid != egid)
++ result = (setgid(gid) || getegid() != gid);
++
++ if (uid != euid)
++ result = (setuid(uid) || geteuid() != uid);
++
++ if (!result){
DBG_ERROR("failed to set permissions to uid=%d, gid=%d.", uid, gid);
++ DBG_ERROR("running with uid=%d, gid=%d.", geteuid(), getegid());
++ }
}
+
+ /* convertWinePath */
More information about the scm-commits
mailing list