andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

os: move xf86PrivsElevated here

Browse Source 
Having different types of code all trying to check for elevated privileges
is a bad idea. This implementation is the most thorough one.

Signed-off-by: Nicolai Hähnle <nicolai.haehnle@amd.com>
Reviewed-by: Ben Crocker <bcrocker@redhat.com>
Reviewed-by: Antoine Martin <antoine@nagafix.co.uk>
Tested-by: Ben Crocker <bcrocker@redhat.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
This commit is contained in:
Nicolai Hähnle 2018-03-13 17:46:34 -04:00 committed by Adam Jackson
parent 1519475a43
commit 9ef602de46
3 changed files with 67 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
hw/xfree86/common/xf86Init.c
View File

@ -238,64 +238,7 @@ xf86PrintBanner(void)
Bool
xf86PrivsElevated(void)
{
static Bool privsTested = FALSE;
static Bool privsElevated = TRUE;
if (!privsTested) {
#if defined(WIN32)
privsElevated = FALSE;
#else
if ((getuid() != geteuid()) || (getgid() != getegid())) {
privsElevated = TRUE;
}
else {
#if defined(HAVE_ISSETUGID)
privsElevated = issetugid();
#elif defined(HAVE_GETRESUID)
uid_t ruid, euid, suid;
gid_t rgid, egid, sgid;
if ((getresuid(&ruid, &euid, &suid) == 0) &&
(getresgid(&rgid, &egid, &sgid) == 0)) {
privsElevated = (euid != suid) || (egid != sgid);
}
else {
printf("Failed getresuid or getresgid");
/* Something went wrong, make defensive assumption */
privsElevated = TRUE;
}
#else
if (getuid() == 0) {
/* running as root: uid==euid==0 */
privsElevated = FALSE;
}
else {
/*
* If there are saved ID's the process might still be privileged
* even though the above test succeeded. If issetugid() and
* getresgid() aren't available, test this by trying to set
* euid to 0.
*/
unsigned int oldeuid;
oldeuid = geteuid();
if (seteuid(0) != 0) {
privsElevated = FALSE;
}
else {
if (seteuid(oldeuid) != 0) {
FatalError("Failed to drop privileges. Exiting\n");
}
privsElevated = TRUE;
}
}
#endif
}
#endif
privsTested = TRUE;
}
return privsElevated;
return PrivsElevated();
}
static void

3
include/os.h
View File

@ -366,6 +366,9 @@ System(const char *cmdline);
#define Fclose(a) fclose(a)
#endif
extern _X_EXPORT Bool
PrivsElevated(void);
extern _X_EXPORT void
CheckUserParameters(int argc, char **argv, char **envp);
extern _X_EXPORT void

63
os/utils.c
View File

@ -1719,6 +1719,69 @@ System(const char *cmdline)
}
#endif
Bool
PrivsElevated(void)
{
static Bool privsTested = FALSE;
static Bool privsElevated = TRUE;
if (!privsTested) {
#if defined(WIN32)
privsElevated = FALSE;
#else
if ((getuid() != geteuid()) || (getgid() != getegid())) {
privsElevated = TRUE;
}
else {
#if defined(HAVE_ISSETUGID)
privsElevated = issetugid();
#elif defined(HAVE_GETRESUID)
uid_t ruid, euid, suid;
gid_t rgid, egid, sgid;
if ((getresuid(&ruid, &euid, &suid) == 0) &&
(getresgid(&rgid, &egid, &sgid) == 0)) {
privsElevated = (euid != suid) || (egid != sgid);
}
else {
printf("Failed getresuid or getresgid");
/* Something went wrong, make defensive assumption */
privsElevated = TRUE;
}
#else
if (getuid() == 0) {
/* running as root: uid==euid==0 */
privsElevated = FALSE;
}
else {
/*
* If there are saved ID's the process might still be privileged
* even though the above test succeeded. If issetugid() and
* getresgid() aren't available, test this by trying to set
* euid to 0.
*/
unsigned int oldeuid;
oldeuid = geteuid();
if (seteuid(0) != 0) {
privsElevated = FALSE;
}
else {
if (seteuid(oldeuid) != 0) {
FatalError("Failed to drop privileges. Exiting\n");
}
privsElevated = TRUE;
}
}
#endif
}
#endif
privsTested = TRUE;
}
return privsElevated;
}
/*
* CheckUserParameters: check for long command line arguments and long
* environment variables. By default, these checks are only done when