* cygheap.h (cygheap_user::issetuid): New method.
* dtable.cc (dtable::vfork_child_dup): Use new method to determine if we are in "setuid mode." * fork.cc (fork_parent): Ditto. * spawn.cc (spawn_guts): Ditto. * syscalls.cc (seteuid32): Ditto. (setegid32): Ditto. * environ.cc (spenv::retrieve): (Suggested by Pierre Humblet) Do potential recalculation of cygheap_user stuff when in setuid mode. Return special value when environment variable exists but should not be added. (build_env): Don't add retrieved value to dstp if it is 'dont_add'.
This commit is contained in:
@ -2093,9 +2093,8 @@ seteuid32 (__uid32_t uid)
|
||||
failed:
|
||||
cygheap->user.token = sav_token;
|
||||
cygheap->user.impersonated = sav_impersonated;
|
||||
if ( cygheap->user.token != INVALID_HANDLE_VALUE &&
|
||||
cygheap->user.impersonated &&
|
||||
!ImpersonateLoggedOnUser (cygheap->user.token))
|
||||
if (cygheap->user.issetuid ()
|
||||
&& !ImpersonateLoggedOnUser (cygheap->user.token))
|
||||
system_printf ("Impersonating in seteuid failed: %E");
|
||||
return -1;
|
||||
}
|
||||
@ -2144,8 +2143,7 @@ setegid32 (__gid32_t gid)
|
||||
myself->gid = gid;
|
||||
|
||||
/* If impersonated, update primary group and revert */
|
||||
if (cygheap->user.token != INVALID_HANDLE_VALUE
|
||||
&& cygheap->user.impersonated)
|
||||
if (cygheap->user.issetuid ())
|
||||
{
|
||||
if (!SetTokenInformation (cygheap->user.token,
|
||||
TokenPrimaryGroup,
|
||||
@ -2166,8 +2164,7 @@ setegid32 (__gid32_t gid)
|
||||
"TokenPrimaryGroup): %E");
|
||||
CloseHandle (ptok);
|
||||
}
|
||||
if (cygheap->user.token != INVALID_HANDLE_VALUE
|
||||
&& cygheap->user.impersonated
|
||||
if (cygheap->user.issetuid ()
|
||||
&& !ImpersonateLoggedOnUser (cygheap->user.token))
|
||||
system_printf ("Impersonating in setegid failed: %E");
|
||||
return 0;
|
||||
|
Reference in New Issue
Block a user