argv-util: do proper permission check while when changing process name

Process renaming happens very seldomly so we are able to afford proper permission check, i.e. actually check for CAP_SYS_RESOURCE capability instead of euid.
2025-03-31 14:50:15 +03:00 · 2022-12-19 17:29:40 +01:00 · 2022-12-19 17:29:40 +01:00 · 03ee26168f
commit 03ee26168f
parent 5ac1e0eff3
1 changed files with 4 additions and 6 deletions
--- a/src/basic/argv-util.c
+++ b/src/basic/argv-util.c
@ -6,6 +6,7 @@
 #include <unistd.h>

 #include "argv-util.h"
+#include "capability-util.h"
 #include "errno-util.h"
 #include "missing_sched.h"
 #include "parse-util.h"
@ -83,12 +84,9 @@ static int update_argv(const char name[], size_t l) {
                return 0;
        can_do = false; /* We'll set it to true only if the whole process works */

-        /* Let's not bother with this if we don't have euid == 0. Strictly speaking we should check for the
-         * CAP_SYS_RESOURCE capability which is independent of the euid. In our own code the capability generally is
-         * present only for euid == 0, hence let's use this as quick bypass check, to avoid calling mmap() if
-         * PR_SET_MM_ARG_{START,END} fails with EPERM later on anyway. After all geteuid() is dead cheap to call, but
-         * mmap() is not. */
-        if (geteuid() != 0)
+        /* Calling prctl() with PR_SET_MM_ARG_{START,END} requires CAP_SYS_RESOURCE so let's use this as quick bypass
+         * check, to avoid calling mmap() should PR_SET_MM_ARG_{START,END} fail with EPERM later on anyway. */
+        if (!have_effective_cap(CAP_SYS_RESOURCE))
                return log_debug_errno(SYNTHETIC_ERRNO(EPERM),
                                       "Skipping PR_SET_MM, as we don't have privileges.");