diff options
| author | Daiki Ueno <dueno@redhat.com> | 2018-05-29 16:30:35 +0200 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2018-05-30 15:21:25 +0200 |
| commit | 71b62aa1cdbdec3724c8e451f621309994dc59a0 (patch) | |
| tree | 4ae3c255e69f94c5920b89c1e1b91d6ffd44ebab | |
| parent | 79f928492dba6a46c63e77d6b22c17c23e66403b (diff) | |
common: Don't rely on issetugid() when it is broken
On macOS and FreeBSD, issetugid() has different semantics from the
original OpenBSD implementation and cannot reliably detect if the
process made setuid/setgid:
https://gist.github.com/nicowilliams/4daf74a3a0c86848d3cbd9d0cdb5e26e
This should fix:
https://bugs.freedesktop.org/show_bug.cgi?id=67451
https://bugs.freedesktop.org/show_bug.cgi?id=100287
| -rw-r--r-- | common/compat.c | 2 | ||||
| -rw-r--r-- | configure.ac | 15 |
2 files changed, 15 insertions, 2 deletions
diff --git a/common/compat.c b/common/compat.c index 2e559c7..1153f95 100644 --- a/common/compat.c +++ b/common/compat.c @@ -805,7 +805,7 @@ getauxval (unsigned long type) extern int __libc_enable_secure; secure = __libc_enable_secure; -#elif defined(HAVE_ISSETUGID) +#elif defined(HAVE_ISSETUGID) && defined(HAVE_ISSETUGID_OPENBSD) secure = issetugid (); #elif defined(OS_UNIX) diff --git a/configure.ac b/configure.ac index 5f561a1..2daf31a 100644 --- a/configure.ac +++ b/configure.ac @@ -105,7 +105,7 @@ if test "$os_unix" = "yes"; then AC_CHECK_HEADERS([sys/resource.h ucred.h]) AC_CHECK_MEMBERS([struct dirent.d_type],,,[#include <dirent.h>]) AC_CHECK_FUNCS([getprogname getexecname basename mkstemp mkdtemp]) - AC_CHECK_FUNCS([getauxval issetugid getresuid secure_getenv]) + AC_CHECK_FUNCS([getauxval getresuid secure_getenv]) AC_CHECK_FUNCS([strnstr memdup strndup strerror_r]) AC_CHECK_FUNCS([reallocarray]) AC_CHECK_FUNCS([fdwalk]) @@ -113,6 +113,19 @@ if test "$os_unix" = "yes"; then AC_CHECK_FUNCS([getpeereid]) AC_CHECK_FUNCS([getpeerucred]) + # Check if issetugid() is available and has compatible behavior with OpenBSD + AC_CHECK_FUNCS([issetugid], [ + AC_MSG_CHECKING([whether issetugid() can detect setuid/setgid]) + issetugid_openbsd=no + AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <unistd.h>]], + [[return issetugid ();]])], + [chmod 02777 ./conftest$EXEEXT; ./conftest$EXEEXT || issetugid_openbsd=yes]) + if test "$issetugid_openbsd" = yes; then + AC_DEFINE([HAVE_ISSETUGID_OPENBSD], [1], [Whether issetugid() has compatible behavior with OpenBSD]) + fi + AC_MSG_RESULT([$issetugid_openbsd]) + ]) + # Required functions AC_CHECK_FUNCS([gmtime_r], [AC_DEFINE([HAVE_GMTIME_R], 1, [Whether gmtime_r() is available])], |