Made sure when running as the effective user root (euid is zero) we actually become

uid 0 in order to avoid file system permission errors/restrictions.
2024-09-06 08:32:00 +00:00 · 2016-06-26 16:24:42 -03:00 · 2016-06-26 16:24:42 -03:00 · 4b32171218
parent 47b4ab919a
commit 4b32171218
2 changed files with 9 additions and 0 deletions
--- a/doas.c
+++ b/doas.c
@ -526,6 +526,11 @@ main(int argc, char **argv)
        dup2(temp_stdout, 1);
        #endif

+        /* If we effectively root, set the UID to actually be root to avoid
+           permission errors. */
+        if ( geteuid() == ROOT_UID )
+           setuid(ROOT_UID);
+
 	syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s",
 	    myname, cmdline, pw->pw_name, cwd);

--- a/doas.h
+++ b/doas.h
@ -31,6 +31,10 @@ char **prepenv(struct rule *);
 #define GID_MAX 65535
 #endif

+#ifndef ROOT_UID
+#define ROOT_UID 0
+#endif
+
 #ifndef _PW_NAME_LEN
 #define _PW_NAME_LEN 32
 #endif