Merge pull request #315 from mklein-de/suid

add some security checks when running SUID root
2016-01-06 18:19:28 -02:00 · 2016-01-06 18:19:28 -02:00 · fc4c9757b0
parent 82db9979b1 84783bd6f0
commit fc4c9757b0
3 changed files with 20 additions and 1 deletions
--- a/Process.c
+++ b/Process.c
@ -513,8 +513,11 @@ void Process_toggleTag(Process* this) {
 }
 bool Process_setPriority(Process* this, int priority) {
   uid_t euid = geteuid();
   seteuid(getuid());
   int old_prio = getpriority(PRIO_PROCESS, this->pid);
   int err = setpriority(PRIO_PROCESS, this->pid, priority);
   seteuid(euid);
   if (err == 0 && old_prio != getpriority(PRIO_PROCESS, this->pid)) {
      this->nice = priority;
   }
@ -526,7 +529,10 @@ bool Process_changePriorityBy(Process* this, size_t delta) {
 }
 void Process_sendSignal(Process* this, size_t sgn) {
   uid_t euid = geteuid();
   seteuid(getuid());
   kill(this->pid, (int) sgn);
   seteuid(euid);
 }
 long Process_pidCompare(const void* v1, const void* v2) {
--- a/Settings.c
+++ b/Settings.c
@ -154,7 +154,12 @@ static void readFields(ProcessField* fields, int* flags, const char* line) {
 }
 static bool Settings_read(Settings* this, const char* fileName) {
-   FILE* fd = fopen(fileName, "r");
+   FILE* fd;
   uid_t euid = geteuid();
   seteuid(getuid());
   fd = fopen(fileName, "r");
   seteuid(euid);
   if (!fd)
      return false;
@ -260,7 +265,11 @@ static void writeMeterModes(Settings* this, FILE* fd, int column) {
 bool Settings_write(Settings* this) {
   FILE* fd;
   uid_t euid = geteuid();
   seteuid(getuid());
   fd = fopen(this->filename, "w");
   seteuid(euid);
   if (fd == NULL) {
      return false;
   }
@ -345,6 +354,8 @@ Settings* Settings_new(int cpuCount) {
         htopDir = String_cat(home, "/.config/htop");
      }
      legacyDotfile = String_cat(home, "/.htoprc");
      uid_t euid = geteuid();
      seteuid(getuid());
      (void) mkdir(configDir, 0700);
      (void) mkdir(htopDir, 0700);
      free(htopDir);
@ -357,6 +368,7 @@ Settings* Settings_new(int cpuCount) {
         free(legacyDotfile);
         legacyDotfile = NULL;
      }
      seteuid(euid);
   }
   this->colorScheme = 0;
   this->changed = false;
--- a/TraceScreen.c
+++ b/TraceScreen.c
@ -86,6 +86,7 @@ void TraceScreen_run(TraceScreen* this) {
   int child = fork();
   if (child == -1) return;
   if (child == 0) {
      seteuid(getuid());
      dup2(fdpair[1], STDERR_FILENO);
      int ok = fcntl(fdpair[1], F_SETFL, O_NONBLOCK);
      if (ok != -1) {