Skip to content

GitLab

Commit fc4c9757 authored by Hisham Muhammad's avatar Hisham Muhammad
Browse files

Merge pull request #315 from mklein-de/suid 

add some security checks when running SUID root
parents 82db9979 84783bd6
Hide whitespace changes
Inline Side-by-side
Process.c
View file @ fc4c9757
...@@ -513,8 +513,11 @@ void Process_toggleTag(Process* this) { ...@@ -513,8 +513,11 @@ void Process_toggleTag(Process* this) {
} }
bool Process_setPriority(Process* this, int priority) { bool Process_setPriority(Process* this, int priority) {
uid_t euid = geteuid();
seteuid(getuid());
int old_prio = getpriority(PRIO_PROCESS, this->pid); int old_prio = getpriority(PRIO_PROCESS, this->pid);
int err = setpriority(PRIO_PROCESS, this->pid, priority); int err = setpriority(PRIO_PROCESS, this->pid, priority);
seteuid(euid);
if (err == 0 && old_prio != getpriority(PRIO_PROCESS, this->pid)) { if (err == 0 && old_prio != getpriority(PRIO_PROCESS, this->pid)) {
this->nice = priority; this->nice = priority;
} }
...@@ -526,7 +529,10 @@ bool Process_changePriorityBy(Process* this, size_t delta) { ...@@ -526,7 +529,10 @@ bool Process_changePriorityBy(Process* this, size_t delta) {
} }
void Process_sendSignal(Process* this, size_t sgn) { void Process_sendSignal(Process* this, size_t sgn) {
uid_t euid = geteuid();
seteuid(getuid());
kill(this->pid, (int) sgn); kill(this->pid, (int) sgn);
seteuid(euid);
} }
long Process_pidCompare(const void* v1, const void* v2) { long Process_pidCompare(const void* v1, const void* v2) {
......
Settings.c
View file @ fc4c9757
...@@ -154,7 +154,12 @@ static void readFields(ProcessField* fields, int* flags, const char* line) { ...@@ -154,7 +154,12 @@ static void readFields(ProcessField* fields, int* flags, const char* line) {
} }
static bool Settings_read(Settings* this, const char* fileName) { static bool Settings_read(Settings* this, const char* fileName) {
FILE* fd = fopen(fileName, "r"); FILE* fd;
uid_t euid = geteuid();
seteuid(getuid());
fd = fopen(fileName, "r");
seteuid(euid);
if (!fd) if (!fd)
return false; return false;
...@@ -260,7 +265,11 @@ static void writeMeterModes(Settings* this, FILE* fd, int column) { ...@@ -260,7 +265,11 @@ static void writeMeterModes(Settings* this, FILE* fd, int column) {
bool Settings_write(Settings* this) { bool Settings_write(Settings* this) {
FILE* fd; FILE* fd;
uid_t euid = geteuid();
seteuid(getuid());
fd = fopen(this->filename, "w"); fd = fopen(this->filename, "w");
seteuid(euid);
if (fd == NULL) { if (fd == NULL) {
return false; return false;
} }
...@@ -345,6 +354,8 @@ Settings* Settings_new(int cpuCount) { ...@@ -345,6 +354,8 @@ Settings* Settings_new(int cpuCount) {
htopDir = String_cat(home, "/.config/htop"); htopDir = String_cat(home, "/.config/htop");
} }
legacyDotfile = String_cat(home, "/.htoprc"); legacyDotfile = String_cat(home, "/.htoprc");
uid_t euid = geteuid();
seteuid(getuid());
(void) mkdir(configDir, 0700); (void) mkdir(configDir, 0700);
(void) mkdir(htopDir, 0700); (void) mkdir(htopDir, 0700);
free(htopDir); free(htopDir);
...@@ -357,6 +368,7 @@ Settings* Settings_new(int cpuCount) { ...@@ -357,6 +368,7 @@ Settings* Settings_new(int cpuCount) {
free(legacyDotfile); free(legacyDotfile);
legacyDotfile = NULL; legacyDotfile = NULL;
} }
seteuid(euid);
} }
this->colorScheme = 0; this->colorScheme = 0;
this->changed = false; this->changed = false;
......
TraceScreen.c
View file @ fc4c9757
...@@ -86,6 +86,7 @@ void TraceScreen_run(TraceScreen* this) { ...@@ -86,6 +86,7 @@ void TraceScreen_run(TraceScreen* this) {
int child = fork(); int child = fork();
if (child == -1) return; if (child == -1) return;
if (child == 0) { if (child == 0) {
seteuid(getuid());
dup2(fdpair[1], STDERR_FILENO); dup2(fdpair[1], STDERR_FILENO);
int ok = fcntl(fdpair[1], F_SETFL, O_NONBLOCK); int ok = fcntl(fdpair[1], F_SETFL, O_NONBLOCK);
if (ok != -1) { if (ok != -1) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment