[PATCH xserver] check for elevated privileges not uid=0 (V2)
Tormod Volden
lists.tormod at gmail.com
Mon Oct 10 10:46:19 PDT 2011
On Mon, Oct 10, 2011 at 6:43 PM, Antoine Martin wrote:
>> I have been using this patch for days without any visible side effects.
>> Can I please get some reviewed-by / acks?
>>
Any functional issues aside, your patch will need some style polishing
before it can get any rubber stamps:
> Subject: [PATCH xserver] check for elevated privileges not uid=0 (V3)
First, the V3 in the subject should be inside the []'s to not be
included in the commit message. Check other commits to see if there is
a common practice of capitalization or module or section prefix in
this line if you really want to please.
+static Bool privsTested = FALSE;
+static Bool privsElevated = FALSE;
+Bool xf86PrivsElevated(void)
You must have messed up from V2 to V3 because the variables ended
outside the function again. Note that in V2 there was missing a blank
line after the variable declarations.
+ uid_t ruid, euid, suid;
+ gid_t rgid, egid, sgid;
+ if ((getresuid(&ruid, &euid, &suid) == 0) &&
Missing blank line again.
+ */
+ unsigned int oldeuid;
+ oldeuid = geteuid();
And again.
+ (getresgid(&rgid, &egid, &sgid) == 0))
+ privsElevated = (euid != suid) || (egid != sgid);
+#else
+ /*
+ * If there are saved ID's the process might still be priviledged
privileged
+ * even though the above test succeeded. If issetugid() and
I also consider double space after period a typographical mistake, but
I am not gonna run a crusade here :)
+ if (seteuid(0) != 0) {
+ privsElevated = FALSE;
You use != 0 to check for failure here...
+ } else {
+ if (seteuid(oldeuid) == -1) {
... but == -1 here. Is there any reason for not being consistent?
+ /* XXX ouch, coudn't get back to original uid
+ what can we do ??? */
If we get to this point, the code in the patch has failed. It should
apologize deeply and offer your phone number for technical support :)
Seriously, it should print an "internal error" message of some kind,
maybe including __function__. Just quitting silently and leave a
cryptic 127 that might or not propagate to the user does not cut it.
+ _exit(127);
Why do you use _exit() and not exit() here? This is not e.g. a forked
child that should escape normal clean-up?
Best regards,
Tormod
More information about the xorg-devel
mailing list