Made sure when running as the effective user root (euid is zero) we a…

…ctually become uid 0 in order to avoid file system permission errors/restrictions.
slicer69 · Jun 26, 2016 · 4b32171218f7451088f3ad7dee96d8a15250986b · 4b32171
1 parent 47b4ab9
commit 4b32171218f7451088f3ad7dee96d8a15250986b
Unified Split

Showing with 9 additions and 0 deletions.

+5 −0 doas.c

+4 −0 doas.h
diff --git a/doas.c b/doas.c
@@ -526,6 +526,11 @@ main(int argc, char **argv)
        dup2(temp_stdout, 1);
        #endif

+        /* If we effectively root, set the UID to actually be root to avoid
+           permission errors. */
+        if ( geteuid() == ROOT_UID )
+           setuid(ROOT_UID);
+
 	syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s",
 	    myname, cmdline, pw->pw_name, cwd);

diff --git a/doas.h b/doas.h
@@ -31,6 +31,10 @@ char **prepenv(struct rule *);
 #define GID_MAX 65535
 #endif

+#ifndef ROOT_UID
+#define ROOT_UID 0
+#endif
+
 #ifndef _PW_NAME_LEN
 #define _PW_NAME_LEN 32
 #endif