diff options
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | src/privileges.c | 27 |
3 files changed, 29 insertions, 1 deletions
@@ -8,6 +8,7 @@ Overview of changes in lightdm 1.3.1 * Write utmp records for sessions * Install PAM configuration * Run greeters inside the "lightdm-greeter" PAM service + * Handle setresgid and setresuid not being available Overview of changes in lightdm 1.2.0 diff --git a/configure.ac b/configure.ac index 690ba6b6..d585c9b7 100644 --- a/configure.ac +++ b/configure.ac @@ -21,6 +21,8 @@ dnl ########################################################################### AC_CHECK_HEADERS(security/pam_appl.h, [], AC_MSG_ERROR(PAM not found)) +AC_CHECK_FUNCS(setresgid setresuid) + PKG_CHECK_MODULES(LIGHTDM, [ glib-2.0 >= 2.24 gio-2.0 >= 2.26 diff --git a/src/privileges.c b/src/privileges.c index 1f87b4f2..c7f4ef00 100644 --- a/src/privileges.c +++ b/src/privileges.c @@ -12,6 +12,7 @@ /* for setres*id() */ #define _GNU_SOURCE +#include <config.h> #include "privileges.h" void @@ -20,14 +21,38 @@ privileges_drop (User *user) g_return_if_fail (user != NULL); g_debug ("Dropping privileges to uid %i", user_get_uid (user)); +#ifdef HAVE_SETRESGID + g_debug ("Calling setresgid"); g_assert (setresgid (user_get_gid (user), user_get_gid (user), -1) == 0); +#else + g_assert (setgid (user_get_gid (user)) == 0); + g_assert (setegid (user_get_gid (user)) == 0); +#endif +#ifdef HAVE_SETRESUID + g_debug ("Calling setresuid"); g_assert (setresuid (user_get_uid (user), user_get_uid (user), -1) == 0); +#else + g_assert (setuid (user_get_uid (user)) == 0); + g_assert (seteuid (user_get_uid (user)) == 0); +#endif } void privileges_reclaim (void) { g_debug ("Restoring privileges"); +#ifdef HAVE_SETRESUID + g_debug ("Calling setresuid"); g_assert (setresuid (0, 0, -1) == 0); - g_assert (setresgid (0, 0, -1) == 0); +#else + g_assert (setuid (0) == 0); + g_assert (seteuid (0) == 0); +#endif +#ifdef HAVE_SETRESGID + g_debug ("Calling setresgid"); + g_assert (setresgid (0, 0, -1) == 0); +#else + g_assert (setgid (0) == 0); + g_assert (setegid (0) == 0); +#endif } |