Security review: make privilege dropping-restoring optional.

This is/was necessary only on macOS, because you needed root in order to read the process list. This was never necessary on Linux, and it also raises security concerns, so now it needs to be enabled explicitly at build time.
2025-07-13 12:44:34 +03:00 · 2017-07-26 15:40:55 -03:00
parent f205f7004c
commit 543d65c6ab
7 changed files with 92 additions and 21 deletions
--- a/CRT.h
+++ b/CRT.h
@ -9,6 +9,9 @@ Released under the GNU GPL, see the COPYING file
 in the source distribution for its full text.
 */

+#if HAVE_SETUID_ENABLED
+#endif
+
 #define ColorIndex(i,j) ((7-i)*8+j)

 #define ColorPair(i,j) COLOR_PAIR(ColorIndex(i,j))
@ -154,6 +157,25 @@ extern int CRT_colorScheme;

 void *backtraceArray[128];

+#if HAVE_SETUID_ENABLED
+
+#define DIE(msg) do { CRT_done(); fprintf(stderr, msg); exit(1); } while(0)
+
+void CRT_dropPrivileges();
+
+void CRT_restorePrivileges();
+
+#else
+
+/* Turn setuid operations into NOPs */
+
+#ifndef CRT_dropPrivileges
+#define CRT_dropPrivileges()
+#define CRT_restorePrivileges()
+#endif
+
+#endif
+
 // TODO: pass an instance of Settings instead.

 void CRT_init(int delay, int colorScheme);