mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Parionia to ensure people don't install libsmb based programs setuid root.
libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing
all sort of fun and games.
Andrew Bartlett
(This used to be commit 0c8e9339d8
)
This commit is contained in:
parent
1f829e19eb
commit
2fc8e32ad3
@ -413,3 +413,11 @@ main()
|
||||
exit(0);
|
||||
}
|
||||
#endif
|
||||
|
||||
/****************************************************************************
|
||||
Check if we are setuid root. Used in libsmb and smbpasswd parinoia checks.
|
||||
****************************************************************************/
|
||||
BOOL is_setuid_root(void)
|
||||
{
|
||||
return (geteuid() == (uid_t)0) && (getuid() != (uid_t)0);
|
||||
}
|
||||
|
@ -154,6 +154,12 @@ struct cli_state *cli_initialise(struct cli_state *cli)
|
||||
{
|
||||
BOOL alloced_cli = False;
|
||||
|
||||
/* Check the effective uid - make sure we are not setuid */
|
||||
if (is_setuid_root()) {
|
||||
DEBUG(0,("libsmb based programs must *NOT* be setuid root.\n"));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (!cli) {
|
||||
cli = (struct cli_state *)malloc(sizeof(*cli));
|
||||
if (!cli)
|
||||
|
@ -933,7 +933,7 @@ int main(int argc, char **argv)
|
||||
strupper(global_myname);
|
||||
|
||||
/* Check the effective uid - make sure we are not setuid */
|
||||
if ((geteuid() == (uid_t)0) && (getuid() != (uid_t)0)) {
|
||||
if (is_setuid_root()) {
|
||||
fprintf(stderr, "smbpasswd must *NOT* be setuid root.\n");
|
||||
exit(1);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user