summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZach van Rijn <me@zv.io>2023-11-29 22:31:21 -0600
committerZach van Rijn <me@zv.io>2023-11-30 00:00:07 -0600
commit0ea8950ff12bd97ebe3cc4bbc9c5cac5652fb0a9 (patch)
tree41879bfcbebb937e1c53e9674062910056bc84d7
parent78d8ecc99ea39c6564f90ba63a1ba791df25abc6 (diff)
downloadapk-tools-2.14.0+adelie1.tar.gz
apk-tools-2.14.0+adelie1.tar.bz2
apk-tools-2.14.0+adelie1.tar.xz
apk-tools-2.14.0+adelie1.zip
database: run triggers with r*id = e*idHEADv2.14.0+adelie1current
The 'apk' utility is intended to run as root, however it is not strictly necessary depending on the tasks it needs to execute. If invoked as euid 0 but ruid something else, the mismatch is detected by the (shell) interpreter, which sets euid to ruid, which can cause a trigger expecting privileges to fail silently. Fixes: horizon#379
-rw-r--r--src/database.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/database.c b/src/database.c
index 9864543..b916d59 100644
--- a/src/database.c
+++ b/src/database.c
@@ -1949,6 +1949,19 @@ int apk_db_run_script(struct apk_database *db, char *fn, char **argv)
exit(127);
}
+ if (getuid() != geteuid())
+ {
+ if (setgid(getegid()) != 0) {
+ apk_error("%s: setgid: %s", basename(fn), strerror(errno));
+ exit(127);
+ }
+
+ if (setuid(geteuid()) != 0) {
+ apk_error("%s: setuid: %s", basename(fn), strerror(errno));
+ exit(127);
+ }
+ }
+
execve(fn, argv, environment);
exit(127); /* should not get here */
}