diff options
author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2006-12-03T14·32+0000 |
---|---|---|
committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2006-12-03T14·32+0000 |
commit | 84d6459bd5a0820729c57d710f886af6f423259b (patch) | |
tree | d4f622bca182911be84078346b2bd13c8eaf577f | |
parent | a9f92410541e15e994c3306215608cb33ff101e2 (diff) |
* Use setreuid if setresuid is not available.
-rw-r--r-- | configure.ac | 6 | ||||
-rw-r--r-- | src/libmain/shared.cc | 18 |
2 files changed, 17 insertions, 7 deletions
diff --git a/configure.ac b/configure.ac index 8267cc83cea0..5491eaa795e2 100644 --- a/configure.ac +++ b/configure.ac @@ -238,11 +238,15 @@ AM_CONDITIONAL(INIT_STATE, test "$init_state" = "yes") # Setuid installations. AC_CHECK_FUNC(setresuid, [HAVE_SETRESUID=1], [HAVE_SETRESUID=]) -AM_CONDITIONAL(HAVE_SETRESUID, test "$HAVE_SETRESUID" = "1") if test "$HAVE_SETRESUID" = "1"; then AC_DEFINE(HAVE_SETRESUID, 1, [whether we have setresuid()]) fi +AC_CHECK_FUNC(setreuid, [HAVE_SETREUID=1], [HAVE_SETREUID=]) +if test "$HAVE_SETREUID" = "1"; then + AC_DEFINE(HAVE_SETREUID, 1, [whether we have setreuid()]) +fi + # This is needed if ATerm, Berkeley DB or bzip2 are static libraries, # and the Nix libraries are dynamic. diff --git a/src/libmain/shared.cc b/src/libmain/shared.cc index b4a0f774a066..da5aeadeb673 100644 --- a/src/libmain/shared.cc +++ b/src/libmain/shared.cc @@ -244,13 +244,19 @@ static void setuidInit() could also modify the Nix executables (say, replace them by a Trojan horse), so the problem is already there. */ -#if HAVE_SETRESUID - setresuid(nixUid, nixUid, nixUid); - setresgid(nixGid, nixGid, nixGid); -#else +#if 0 && HAVE_SETRESUID + if (setresuid(nixUid, nixUid, nixUid)) abort(); + if (setresgid(nixGid, nixGid, nixGid)) abort(); +#elif HAVE_SETREUID /* Note: doesn't set saved uid/gid! */ - setuid(nixUid); - setgid(nixGid); + fprintf(stderr, "warning: cannot set saved uid\n"); + if (setreuid(nixUid, nixUid)) abort(); + if (setregid(nixGid, nixGid)) abort(); +#else + /* Note: doesn't set real and saved uid/gid! */ + fprintf(stderr, "warning: cannot set real and saved uids\n"); + if (setuid(nixUid)) abort(); + if (setgid(nixGid)) abort(); #endif } |