From e8208913459d95d4c03b4e0c348e53e6f219ec5c Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Wed, 8 Apr 2020 16:38:06 +0200
Subject: [PATCH] switch_user_permanently: add sanity check that effective ids
 match configuration specified ones

This patch is for fixing the issue of "switch_user_permanently: skip switchback check if switched to root"

Conflict:NA
Reference:https://github.com/logrotate/logrotate/pull/319/commits/e8208913459d95d4c03b4e0c348e53e6f219ec5c

---
 logrotate.c | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/logrotate.c b/logrotate.c
index 2e315b9..6bc8ad5 100644
--- a/logrotate.c
+++ b/logrotate.c
@@ -167,18 +167,35 @@ int switch_user(uid_t user, gid_t group) {
 }
 
 static int switch_user_permanently(const struct logInfo *log) {
-    gid_t group = getegid();
-    uid_t user = geteuid();
+    const gid_t group = getegid();
+    const uid_t user = geteuid();
+
     if (!(log->flags & LOG_FLAG_SU)) {
         return 0;
     }
-    if (getuid() == user && getgid() == group)
+
+    if (user != log->suUid) {
+        message(MESS_ERROR, "current euid (%u) does not match uid of log configuration (%u)\n",
+                (unsigned) user, (unsigned) log->suUid);
+        return 1;
+    }
+    if (group != log->suGid) {
+        message(MESS_ERROR, "current egid (%u) does not match gid of log configuration (%u)\n",
+                (unsigned) group, (unsigned) log->suGid);
+        return 1;
+    }
+
+    /* we are already the final configuration specified user/group */
+    if (getuid() == user && getgid() == group) {
         return 0;
+    }
+
     /* switch to full root first */
     if (setgid(getgid()) || setuid(getuid())) {
         message(MESS_ERROR, "error getting rid of euid != uid\n");
         return 1;
     }
+
     message(MESS_DEBUG, "switching uid to %u and gid to %u\n",
             (unsigned) user, (unsigned) group);
     if (setgid(group) || setuid(user)) {
-- 
2.27.0