diff options
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | src/fcopy/main.c | 21 |
2 files changed, 18 insertions, 4 deletions
diff --git a/.gitignore b/.gitignore index 554d1985b..0882eeecf 100644 --- a/.gitignore +++ b/.gitignore | |||
@@ -25,6 +25,7 @@ src/fnet/fnet | |||
25 | src/fseccomp/fseccomp | 25 | src/fseccomp/fseccomp |
26 | src/fcopy/fcopy | 26 | src/fcopy/fcopy |
27 | src/fldd/fldd | 27 | src/fldd/fldd |
28 | src/fbuilder/fbuilder | ||
28 | uids.h | 29 | uids.h |
29 | seccomp | 30 | seccomp |
30 | seccomp.debug | 31 | seccomp.debug |
diff --git a/src/fcopy/main.c b/src/fcopy/main.c index da5ade428..9f525f2a8 100644 --- a/src/fcopy/main.c +++ b/src/fcopy/main.c | |||
@@ -22,6 +22,7 @@ | |||
22 | #include <fcntl.h> | 22 | #include <fcntl.h> |
23 | #include <ftw.h> | 23 | #include <ftw.h> |
24 | #include <errno.h> | 24 | #include <errno.h> |
25 | #include <pwd.h> | ||
25 | 26 | ||
26 | int arg_quiet = 0; | 27 | int arg_quiet = 0; |
27 | static int arg_follow_link = 0; | 28 | static int arg_follow_link = 0; |
@@ -199,17 +200,29 @@ static char *check(const char *src) { | |||
199 | if (!rsrc || stat(rsrc, &s) == -1) | 200 | if (!rsrc || stat(rsrc, &s) == -1) |
200 | goto errexit; | 201 | goto errexit; |
201 | 202 | ||
202 | // check uid | 203 | // on systems with systemd-resolved installed /etc/resolve.conf is a symlink to |
204 | // /run/systemd/resolve/resolv.conf; this file is owned by systemd-resolve user | ||
203 | // checking gid will fail for files with a larger group such as /usr/bin/mutt_dotlock | 205 | // checking gid will fail for files with a larger group such as /usr/bin/mutt_dotlock |
204 | if (s.st_uid != getuid()/* || s.st_gid != getgid()*/) | 206 | uid_t user = getuid(); |
205 | goto errexit; | 207 | if (user == 0 && strcmp(rsrc, "/run/systemd/resolve/resolv.conf") == 0) { |
208 | // check user systemd-resolve | ||
209 | struct passwd *p = getpwnam("systemd-resolve"); | ||
210 | if (!p) | ||
211 | goto errexit; | ||
212 | if (s.st_uid != user && s.st_uid != p->pw_uid) | ||
213 | goto errexit; | ||
214 | } | ||
215 | else { | ||
216 | if (s.st_uid != user /* || s.st_gid != getgid()*/) | ||
217 | goto errexit; | ||
218 | } | ||
206 | 219 | ||
207 | // dir, link, regular file | 220 | // dir, link, regular file |
208 | if (S_ISDIR(s.st_mode) || S_ISREG(s.st_mode) || S_ISLNK(s.st_mode)) | 221 | if (S_ISDIR(s.st_mode) || S_ISREG(s.st_mode) || S_ISLNK(s.st_mode)) |
209 | return rsrc; // normal exit from the function | 222 | return rsrc; // normal exit from the function |
210 | 223 | ||
211 | errexit: | 224 | errexit: |
212 | fprintf(stderr, "Error fcopy: invalid file %s\n", src); | 225 | fprintf(stderr, "Edddddrror fcopy: invalid file %s\n", src); |
213 | exit(1); | 226 | exit(1); |
214 | } | 227 | } |
215 | 228 | ||