packages/logrotate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
logrotate/backport-add-sanity-check.patch

62 lines
2.0 KiB
Diff
Raw Blame History

From e8208913459d95d4c03b4e0c348e53e6f219ec5c Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Wed, 8 Apr 2020 16:38:06 +0200
Subject: [PATCH] switch_user_permanently: add sanity check that effective ids
match configuration specified ones
This patch is for fixing the issue of "switch_user_permanently: skip switchback check if switched to root"
Conflict:NA
Reference:https://github.com/logrotate/logrotate/pull/319/commits/e8208913459d95d4c03b4e0c348e53e6f219ec5c
---
logrotate.c | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/logrotate.c b/logrotate.c
index 2e315b9..6bc8ad5 100644
--- a/logrotate.c
+++ b/logrotate.c
@@ -167,18 +167,35 @@ int switch_user(uid_t user, gid_t group) {
}
static int switch_user_permanently(const struct logInfo *log) {
- gid_t group = getegid();
- uid_t user = geteuid();
+ const gid_t group = getegid();
+ const uid_t user = geteuid();
+
if (!(log->flags & LOG_FLAG_SU)) {
return 0;
}
- if (getuid() == user && getgid() == group)
+
+ if (user != log->suUid) {
+ message(MESS_ERROR, "current euid (%u) does not match uid of log configuration (%u)\n",
+ (unsigned) user, (unsigned) log->suUid);
+ return 1;
+ }
+ if (group != log->suGid) {
+ message(MESS_ERROR, "current egid (%u) does not match gid of log configuration (%u)\n",
+ (unsigned) group, (unsigned) log->suGid);
+ return 1;
+ }
+
+ /* we are already the final configuration specified user/group */
+ if (getuid() == user && getgid() == group) {
return 0;
+ }
+
/* switch to full root first */
if (setgid(getgid()) || setuid(getuid())) {
message(MESS_ERROR, "error getting rid of euid != uid\n");
return 1;
}
+
message(MESS_DEBUG, "switching uid to %u and gid to %u\n",
(unsigned) user, (unsigned) group);
if (setgid(group) || setuid(user)) {
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink