From 84d6459bd5a0820729c57d710f886af6f423259b Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sun, 3 Dec 2006 14:32:22 +0000 Subject: * Use setreuid if setresuid is not available. --- src/libmain/shared.cc | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'src/libmain') diff --git a/src/libmain/shared.cc b/src/libmain/shared.cc index b4a0f774a..da5aeadeb 100644 --- a/src/libmain/shared.cc +++ b/src/libmain/shared.cc @@ -244,13 +244,19 @@ static void setuidInit() could also modify the Nix executables (say, replace them by a Trojan horse), so the problem is already there. */ -#if HAVE_SETRESUID - setresuid(nixUid, nixUid, nixUid); - setresgid(nixGid, nixGid, nixGid); -#else +#if 0 && HAVE_SETRESUID + if (setresuid(nixUid, nixUid, nixUid)) abort(); + if (setresgid(nixGid, nixGid, nixGid)) abort(); +#elif HAVE_SETREUID /* Note: doesn't set saved uid/gid! */ - setuid(nixUid); - setgid(nixGid); + fprintf(stderr, "warning: cannot set saved uid\n"); + if (setreuid(nixUid, nixUid)) abort(); + if (setregid(nixGid, nixGid)) abort(); +#else + /* Note: doesn't set real and saved uid/gid! */ + fprintf(stderr, "warning: cannot set real and saved uids\n"); + if (setuid(nixUid)) abort(); + if (setgid(nixGid)) abort(); #endif } -- cgit v1.2.3