[pipelight] refactored pipelight-0.2.7.1_fix-missing-call-to-setgroups.patch

[Björn Esser]

commit fe3426f0dc68da215ba23d8ecb4c2ecb09b3ab40
Author: Björn Esser <bjoern.esser at gmail.com>
Date:   Wed Jul 9 16:40:16 2014 +0200

    refactored pipelight-0.2.7.1_fix-missing-call-to-setgroups.patch

 ...ght-0.2.7.1_fix-missing-call-to-setgroups.patch |   62 ++++++++++++-------
 1 files changed, 39 insertions(+), 23 deletions(-)
---
diff --git a/pipelight-0.2.7.1_fix-missing-call-to-setgroups.patch b/pipelight-0.2.7.1_fix-missing-call-to-setgroups.patch
index bffdfc7..5e943fe 100644
--- a/pipelight-0.2.7.1_fix-missing-call-to-setgroups.patch
+++ b/pipelight-0.2.7.1_fix-missing-call-to-setgroups.patch
@@ -2,15 +2,24 @@ Index: mmueller2012-pipelight-e2362eb15df6/src/linux/basicplugin.c
 ===================================================================
 --- mmueller2012-pipelight-e2362eb15df6.orig/src/linux/basicplugin.c
 +++ mmueller2012-pipelight-e2362eb15df6/src/linux/basicplugin.c
-@@ -40,6 +40,7 @@
+@@ -40,6 +40,8 @@
  #include <sys/types.h>
  #include <sys/wait.h>
  #include <unistd.h>								// for POSIX api
-+#include <grp.h>								// for setgroups()
++#include <grp.h>								// for initgroups()
++#include <pwd.h>								// for struct passwd
  #include <iostream>								// for std::ios_base
  #include <string>								// for std::string
  #include <errno.h>
-@@ -160,16 +161,42 @@ void checkPermissions(){
+@@ -152,6 +154,7 @@ void checkPermissions(){
+ 	uid_t euid = geteuid();
+ 	gid_t gid  = getgid();
+ 	gid_t egid = getegid();
++	passwd* user = getpwuid(uid);
+ 
+ 	if (euid == 0 || egid == 0){
+ 		DBG_WARN("-------------------------------------------------------");
+@@ -160,18 +163,45 @@ void checkPermissions(){
  		DBG_WARN("-------------------------------------------------------");
  	}
  
@@ -25,16 +34,23 @@ Index: mmueller2012-pipelight-e2362eb15df6/src/linux/basicplugin.c
 +	 * issue to be fixed.  Seek POS36-C on the web for details about
 +	 * the problem.
 +	 *
-+	 * When dropping privileges from root, the `setgroups` call will
-+	 * remove any extraneous groups.  If we don't call this, then
-+	 * even though our uid has dropped, we may still have groups
-+	 * that enable us to do super-user things.  This will fail if we
-+	 * aren't root, so don't bother checking the return value, this
-+	 * is just done as an optimistic privilege dropping function.
-+	 *
++	 * When dropping privileges from root, the initgroups() call will
++	 * remove any extraneous groups and just use the groups the real
++	 * user is a member of.  If we don't call this, then even though
++	 * our uid has dropped, we may still have groups that enable us
++	 * to do super-user things.  This will fail if we aren't root or
++	 * could not properly acquire the user's credentials.
 +	 */
-+
-+	setgroups(0, NULL);
+ 
+-	if (gid != egid){
+-		if (setgid(gid) != 0 || getegid() != gid)
+-			result = false;
+-	}
++	if ((result = !user))
++		result = initgroups(user->pw_name, user->pw_gid);
+ 
+ 	if (!result)
++		DBG_ERROR("failed to drop group-privileges by calling initgroups().");
 +
 +	/* Order is important!  First call setgid(), last call setuid().
 +	 * The setgid() function must be run with superuser privileges,
@@ -43,17 +59,17 @@ Index: mmueller2012-pipelight-e2362eb15df6/src/linux/basicplugin.c
 +	 * program that allows for the execution of arbitrary code, an
 +	 * attacker can regain the original group privileges.
 +	 */
- 
- 	if (gid != egid){
- 		if (setgid(gid) != 0 || getegid() != gid)
- 			result = false;
- 	}
- 
-+	if (uid != euid){
-+		if (setuid(uid) != 0 || geteuid() != uid)
-+			result = false;
-+	}
 +
- 	if (!result)
++	if (gid != egid)
++		result = (setgid(gid) || getegid() != gid);
++
++	if (uid != euid)
++		result = (setuid(uid) || geteuid() != uid);
++
++	if (!result){
  		DBG_ERROR("failed to set permissions to uid=%d, gid=%d.", uid, gid);
++		DBG_ERROR("running with uid=%d, gid=%d.", geteuid(), getegid());
++	}
  }
+ 
+ /* convertWinePath */