Merge pull request #109 from hph86/fix-creds

Fix Process Credentials
Pat3ickI · Mar 19, 2020 · 9faa9ae · 9faa9ae
2 parents 6ef60c9 + d00fabc
commit 9faa9ae
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/src/Makefile.am b/src/Makefile.am
@@ -5,5 +5,5 @@ light_CFLAGS   = -W -Wall -Wextra -std=gnu99 -Wno-type-limits -Wno-format-trunca
 
 if CLASSIC
 install-exec-hook:
-	chmod 4755 $(DESTDIR)$(bindir)/light
+	chmod 6755 $(DESTDIR)$(bindir)/light
 endif
diff --git a/src/light.c b/src/light.c
@@ -431,9 +431,25 @@ light_context_t* light_initialize(int argc, char **argv)
     new_ctx->run_params.value = 0;
     new_ctx->run_params.raw_mode = false;
 
+    uid_t uid = getuid();
+    uid_t euid = geteuid();
+    gid_t egid = getegid();
+    // If the real user ID is different from the effective user ID (SUID mode)
+    // and if we have the effective user ID of root (0)
+    // and if the effective group ID is different from root (0),
+    // then make sure to set the effective group ID to root (0).
+    if((uid != euid) && (euid == 0) && (egid != 0))
+    {
+        if(setegid(euid) < 0)
+        {
+            LIGHT_ERR("could not change egid from %u to %u (uid: %u, euid: %u)", egid, euid, uid, euid);
+            return false;
+        }
+    }
+
     // Setup the configuration folder
     // If we are root, use the system-wide configuration folder, otherwise try to find a user-specific folder, or fall back to ~/.config
-    if(geteuid() == 0)
+    if(euid == 0)
     {
         snprintf(new_ctx->sys_params.conf_dir, sizeof(new_ctx->sys_params.conf_dir), "%s", "/etc/light");
     }