[rt-commit] r163 - in /redwax-tool/trunk: ChangeLog redwax-tool.c

rt-commit at redwax.eu rt-commit at redwax.eu
Fri Nov 3 23:05:00 CET 2023 

Author: minfrin at redwax.eu
Date: Fri Nov  3 23:04:59 2023
New Revision: 163

Log:
Use seteuid() and setegid() for temporarily switching 
users.

Modified:
    redwax-tool/trunk/ChangeLog
    redwax-tool/trunk/redwax-tool.c

Modified: redwax-tool/trunk/ChangeLog
==============================================================================
--- redwax-tool/trunk/ChangeLog	(original)
+++ redwax-tool/trunk/ChangeLog	Fri Nov  3 23:04:59 2023
@@ -1,5 +1,8 @@
 
 Changes with v0.9.4
+
+ *) Use seteuid() and setegid() for temporarily switching
+    users. [Graham Leggett]
 
  *) Add support for reading certificates from the MacOS
     Keychain. [Graham Leggett]

Modified: redwax-tool/trunk/redwax-tool.c
==============================================================================
--- redwax-tool/trunk/redwax-tool.c	(original)
+++ redwax-tool/trunk/redwax-tool.c	Fri Nov  3 23:04:59 2023
@@ -274,6 +274,9 @@
 #define REDWAX_PASSTHROUGH "passthrough"
 
 #define REDWAX_SECRET_MAX HUGE_STRING_LEN
+
+static uid_t euid;
+static gid_t egid;
 
 static const apr_getopt_option_t
     cmdline_opts[] =
@@ -1152,25 +1155,11 @@
     return APR_SUCCESS;
 }
 
-apr_status_t redwax_user_cleanup(void *dummy)
-{
-    setuid(getuid());
-
-    return APR_SUCCESS;
-}
-
-apr_status_t redwax_group_cleanup(void *dummy)
-{
-    setgid(getgid());
-
-    return APR_SUCCESS;
-}
-
 apr_status_t redwax_set_user(redwax_tool_t *r, const char *user)
 {
     struct passwd *pw;
 
-    setuid(getuid());
+    seteuid(euid);
 
     if (!user) {
         return APR_SUCCESS;
@@ -1182,7 +1171,7 @@
 
     if (pw) {
 
-        setuid(pw->pw_uid);
+        seteuid(pw->pw_uid);
 
         if (errno) {
             redwax_print_error(r, "Could not set the user to '%s': %s\n", user,
@@ -1204,7 +1193,7 @@
 {
     struct group *gr;
 
-    setgid(getgid());
+    setegid(egid);
 
     if (!group) {
         return APR_SUCCESS;
@@ -1214,7 +1203,7 @@
 
     if (gr) {
 
-        setgid(gr->gr_gid);
+        setegid(gr->gr_gid);
 
         if (errno) {
             redwax_print_error(r, "Could not set the group to '%s': %s\n", group,
@@ -3300,6 +3289,9 @@
 
     apr_status_t status;
     int rc;
+
+    euid = geteuid();
+    egid = getegid();
 
     /* lets get APR off the ground, and make sure it terminates cleanly */
     if (APR_SUCCESS != (status = apr_app_initialize(&argc, &argv, NULL))) {

More information about the rt-commit mailing list