82c455ef94
Change-Id: I1a852b0cb4fe0b08fcc00f2f7ab15eea3d36801b Reviewed-on: https://gerrit.libreoffice.org/21133 Reviewed-by: Ashod Nakashian <ashnakash@gmail.com> Tested-by: Ashod Nakashian <ashnakash@gmail.com>
103 lines
2.6 KiB
C++
103 lines
2.6 KiB
C++
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
|
|
/*
|
|
* This file is part of the LibreOffice project.
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*/
|
|
|
|
#ifndef INCLUDED_CAPABILITIES
|
|
#define INCLUDED_CAPABILITIES
|
|
|
|
#ifdef __linux
|
|
#include <sys/capability.h>
|
|
#endif
|
|
|
|
#include "Util.hpp"
|
|
|
|
#if ENABLE_DEBUG
|
|
#include <sys/types.h>
|
|
#include <pwd.h>
|
|
|
|
static int uid = 0;
|
|
#endif
|
|
|
|
static
|
|
void dropCapability(
|
|
#ifdef __linux
|
|
cap_value_t capability
|
|
#endif
|
|
)
|
|
{
|
|
#ifdef __linux
|
|
cap_t caps;
|
|
cap_value_t cap_list[] = { capability };
|
|
|
|
caps = cap_get_proc();
|
|
if (caps == nullptr)
|
|
{
|
|
Log::error("Error: cap_get_proc() failed.");
|
|
exit(1);
|
|
}
|
|
|
|
if (cap_set_flag(caps, CAP_EFFECTIVE, sizeof(cap_list)/sizeof(cap_list[0]), cap_list, CAP_CLEAR) == -1 ||
|
|
cap_set_flag(caps, CAP_PERMITTED, sizeof(cap_list)/sizeof(cap_list[0]), cap_list, CAP_CLEAR) == -1)
|
|
{
|
|
Log::error("Error: cap_set_flag() failed.");
|
|
exit(1);
|
|
}
|
|
|
|
if (cap_set_proc(caps) == -1)
|
|
{
|
|
Log::error("Error: cap_set_proc() failed.");
|
|
exit(1);
|
|
}
|
|
|
|
char *capText = cap_to_text(caps, nullptr);
|
|
Log::info("Capabilities now: " + std::string(capText));
|
|
cap_free(capText);
|
|
|
|
cap_free(caps);
|
|
#endif
|
|
// We assume that on non-Linux we don't need to be root to be able to hardlink to files we
|
|
// don't own, so drop root.
|
|
if (geteuid() == 0 && getuid() != 0)
|
|
{
|
|
// The program is setuid root. Not normal on Linux where we use setcap, but if this
|
|
// needs to run on non-Linux Unixes, setuid root is what it will bneed to be to be able
|
|
// to do chroot().
|
|
if (setuid(getuid()) != 0)
|
|
{
|
|
Log::error("Error: setuid() failed.");
|
|
}
|
|
}
|
|
#if ENABLE_DEBUG
|
|
if (geteuid() == 0 && getuid() == 0)
|
|
{
|
|
#ifdef __linux
|
|
// Argh, awful hack
|
|
if (capability == CAP_FOWNER)
|
|
return;
|
|
#endif
|
|
|
|
// Running under sudo, probably because being debugged? Let's drop super-user rights.
|
|
if (uid == 0)
|
|
{
|
|
struct passwd *nobody = getpwnam("nobody");
|
|
if (nobody)
|
|
uid = nobody->pw_uid;
|
|
else
|
|
uid = 65534;
|
|
}
|
|
if (setuid(uid) != 0)
|
|
{
|
|
Log::error("setuid() failed.");
|
|
}
|
|
}
|
|
#endif
|
|
}
|
|
|
|
#endif
|
|
|
|
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|