diff options
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | safepath.c | 6 |
2 files changed, 4 insertions, 4 deletions
@@ -9,7 +9,7 @@ one or more path components, and returns an indication whether that name is safe for the process to use. Safe means that the pathname doesn't contain any component which could be -tampered with by a user other than the real user ID of the caller, or else +tampered with by a user other than the effective user ID of the caller, or else root. ## What is significance of this check? @@ -55,8 +55,8 @@ static int safe_group(gid_t gid) return 0; } - /* Obtain passwd info about real user ID, to get at the name. */ - if (getpwuid_r(getuid(), &pw_real, buf_real, sizeof buf_real, &pwu) < 0 || + /* Obtain passwd info about effective user ID, to get at the name. */ + if (getpwuid_r(geteuid(), &pw_real, buf_real, sizeof buf_real, &pwu) < 0 || pwu == 0) { return 0; @@ -93,7 +93,7 @@ static int tamper_proof(const struct stat *st) * change the permissions to whatever they want * and modify the object. */ - if (st->st_uid != 0 && st->st_uid != getuid()) + if (st->st_uid != 0 && st->st_uid != geteuid()) return 0; /* Ownership is good, but permissions are open; object is writable to |