Merge pull request #315 from mklein-de/suid

add some security checks when running SUID root
This commit is contained in:
Hisham Muhammad 2016-01-06 18:19:28 -02:00
commit fc4c9757b0
3 changed files with 20 additions and 1 deletions

View File

@ -513,8 +513,11 @@ void Process_toggleTag(Process* this) {
}
bool Process_setPriority(Process* this, int priority) {
uid_t euid = geteuid();
seteuid(getuid());
int old_prio = getpriority(PRIO_PROCESS, this->pid);
int err = setpriority(PRIO_PROCESS, this->pid, priority);
seteuid(euid);
if (err == 0 && old_prio != getpriority(PRIO_PROCESS, this->pid)) {
this->nice = priority;
}
@ -526,7 +529,10 @@ bool Process_changePriorityBy(Process* this, size_t delta) {
}
void Process_sendSignal(Process* this, size_t sgn) {
uid_t euid = geteuid();
seteuid(getuid());
kill(this->pid, (int) sgn);
seteuid(euid);
}
long Process_pidCompare(const void* v1, const void* v2) {

View File

@ -154,7 +154,12 @@ static void readFields(ProcessField* fields, int* flags, const char* line) {
}
static bool Settings_read(Settings* this, const char* fileName) {
FILE* fd = fopen(fileName, "r");
FILE* fd;
uid_t euid = geteuid();
seteuid(getuid());
fd = fopen(fileName, "r");
seteuid(euid);
if (!fd)
return false;
@ -260,7 +265,11 @@ static void writeMeterModes(Settings* this, FILE* fd, int column) {
bool Settings_write(Settings* this) {
FILE* fd;
uid_t euid = geteuid();
seteuid(getuid());
fd = fopen(this->filename, "w");
seteuid(euid);
if (fd == NULL) {
return false;
}
@ -345,6 +354,8 @@ Settings* Settings_new(int cpuCount) {
htopDir = String_cat(home, "/.config/htop");
}
legacyDotfile = String_cat(home, "/.htoprc");
uid_t euid = geteuid();
seteuid(getuid());
(void) mkdir(configDir, 0700);
(void) mkdir(htopDir, 0700);
free(htopDir);
@ -357,6 +368,7 @@ Settings* Settings_new(int cpuCount) {
free(legacyDotfile);
legacyDotfile = NULL;
}
seteuid(euid);
}
this->colorScheme = 0;
this->changed = false;

View File

@ -86,6 +86,7 @@ void TraceScreen_run(TraceScreen* this) {
int child = fork();
if (child == -1) return;
if (child == 0) {
seteuid(getuid());
dup2(fdpair[1], STDERR_FILENO);
int ok = fcntl(fdpair[1], F_SETFL, O_NONBLOCK);
if (ok != -1) {