Skip to content

Commit

Permalink
Merge pull request #26 from inobulles/condition-suid
Browse files Browse the repository at this point in the history 
lib: Only `set(re)uid` if initial UID != 0
  • Loading branch information
@obiwac
obiwac authored Jul 8, 2023
2 parents 544f9fb + 71cf838 commit f2db313
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 7 deletions.
10 changes: 5 additions & 5 deletions src/lib/create.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ int aquarium_create_struct(aquarium_opts_t* opts) {
// build filestructure if it doesn't yet exist for convenience
// also create a sanctioned templates file with some default and trusted entries

if (setuid(0) < 0) {
if (opts->initial_uid && setuid(0) < 0) {
warnx("setuid(0): %s", strerror(errno));
return -1;
}
Expand Down Expand Up @@ -86,7 +86,7 @@ int aquarium_create_struct(aquarium_opts_t* opts) {

err:

if (setreuid(opts->initial_uid, 0) < 0) {
if (opts->initial_uid && setreuid(opts->initial_uid, 0) < 0) {
warnx("setreuid(%d): %s", opts->initial_uid, strerror(errno));
rv = -1;
}
Expand Down Expand Up @@ -297,7 +297,7 @@ int aquarium_create(aquarium_opts_t* opts, char const* pointer_path, char const*

// setuid root

if (setuid(0) < 0) {
if (opts->initial_uid && setuid(0) < 0) {
warnx("setuid(0): %s", strerror(errno));
goto setuid_root_err;
}
Expand Down Expand Up @@ -331,7 +331,7 @@ int aquarium_create(aquarium_opts_t* opts, char const* pointer_path, char const*

// finish writing pointer file as user

if (setreuid(opts->initial_uid, 0) < 0) {
if (opts->initial_uid && setreuid(opts->initial_uid, 0) < 0) {
warnx("setreuid(%d, 0): %s", opts->initial_uid, strerror(errno));
goto setuid_user_err;
}
Expand Down Expand Up @@ -374,7 +374,7 @@ int aquarium_create(aquarium_opts_t* opts, char const* pointer_path, char const*
db_open_err:
extract_template_err:

if (setreuid(opts->initial_uid, 0) < 0) {
if (opts->initial_uid && setreuid(opts->initial_uid, 0) < 0) {
warnx("setreuid(%d, 0): %s", opts->initial_uid, strerror(errno));
rv = -1;
}
Expand Down
4 changes: 2 additions & 2 deletions src/lib/enter.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,7 +370,7 @@ int aquarium_enter(aquarium_opts_t* opts, char const* path, aquarium_enter_cb_t

// setuid root

if (setuid(0) < 0) {
if (opts->initial_uid && setuid(0) < 0) {
warnx("setuid(0): %s", strerror(errno));
goto setuid_root_err;
}
Expand Down Expand Up @@ -573,7 +573,7 @@ int aquarium_enter(aquarium_opts_t* opts, char const* path, aquarium_enter_cb_t

mount_tmpfs_err:

if (setreuid(opts->initial_uid, 0) < 0) {
if (opts->initial_uid && setreuid(opts->initial_uid, 0) < 0) {
warnx("setreuid(%d, 0): %s", opts->initial_uid, strerror(errno));
rv = -1;
}
Expand Down

0 comments on commit f2db313

Please sign in to comment.