diff options
-rw-r--r-- | configure.ac | 6 | ||||
-rw-r--r-- | src/libmain/shared.cc | 18 |
2 files changed, 17 insertions, 7 deletions
diff --git a/configure.ac b/configure.ac index 8267cc83ce..5491eaa795 100644 --- a/configure.ac +++ b/configure.ac @@ -238,11 +238,15 @@ AM_CONDITIONAL(INIT_STATE, test "$init_state" = "yes") # Setuid installations. AC_CHECK_FUNC(setresuid, [HAVE_SETRESUID=1], [HAVE_SETRESUID=]) -AM_CONDITIONAL(HAVE_SETRESUID, test "$HAVE_SETRESUID" = "1") if test "$HAVE_SETRESUID" = "1"; then AC_DEFINE(HAVE_SETRESUID, 1, [whether we have setresuid()]) fi +AC_CHECK_FUNC(setreuid, [HAVE_SETREUID=1], [HAVE_SETREUID=]) +if test "$HAVE_SETREUID" = "1"; then + AC_DEFINE(HAVE_SETREUID, 1, [whether we have setreuid()]) +fi + # This is needed if ATerm, Berkeley DB or bzip2 are static libraries, # and the Nix libraries are dynamic. diff --git a/src/libmain/shared.cc b/src/libmain/shared.cc index b4a0f774a0..da5aeadeb6 100644 --- a/src/libmain/shared.cc +++ b/src/libmain/shared.cc @@ -244,13 +244,19 @@ static void setuidInit() could also modify the Nix executables (say, replace them by a Trojan horse), so the problem is already there. */ -#if HAVE_SETRESUID - setresuid(nixUid, nixUid, nixUid); - setresgid(nixGid, nixGid, nixGid); -#else +#if 0 && HAVE_SETRESUID + if (setresuid(nixUid, nixUid, nixUid)) abort(); + if (setresgid(nixGid, nixGid, nixGid)) abort(); +#elif HAVE_SETREUID /* Note: doesn't set saved uid/gid! */ - setuid(nixUid); - setgid(nixGid); + fprintf(stderr, "warning: cannot set saved uid\n"); + if (setreuid(nixUid, nixUid)) abort(); + if (setregid(nixGid, nixGid)) abort(); +#else + /* Note: doesn't set real and saved uid/gid! */ + fprintf(stderr, "warning: cannot set real and saved uids\n"); + if (setuid(nixUid)) abort(); + if (setgid(nixGid)) abort(); #endif } |