From e661a4940df78fbb7b52c622ac4ae6a3a7f7d8aa Mon Sep 17 00:00:00 2001 From: Shinyzenith Date: Fri, 25 Mar 2022 20:55:28 +0530 Subject: [PATCH] [patch] CVE-2022-27815 --- Makefile | 3 +++ src/daemon.rs | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index d77329d..74e7d22 100644 --- a/Makefile +++ b/Makefile @@ -21,6 +21,9 @@ install: @mkdir -p $(TARGET_DIR) @mkdir -p $(POLKIT_DIR) @mkdir -p /etc/$(DAEMON_BINARY) + @mkdir -p /etc/$(DAEMON_BINARY)/runtime + @sudo chown root:root /etc/$(DAEMON_BINARY)/runtime + @sudo chmod 700 /etc/$(DAEMON_BINARY)/runtime @touch /etc/$(DAEMON_BINARY)/$(DAEMON_BINARY)rc @cp ./bin/$(DAEMON_BINARY) $(TARGET_DIR) @cp ./bin/$(SERVER_BINARY) $(TARGET_DIR) diff --git a/src/daemon.rs b/src/daemon.rs index 6b1d07d..ff396c0 100644 --- a/src/daemon.rs +++ b/src/daemon.rs @@ -39,6 +39,7 @@ impl KeyboardState { #[tokio::main] async fn main() -> Result<(), Box> { let args = set_command_line_args().get_matches(); + let invoking_uid = env::var("PKEXEC_UID").unwrap().parse::().unwrap(); env::set_var("RUST_LOG", "swhkd=warn"); if args.is_present("debug") { @@ -48,7 +49,7 @@ async fn main() -> Result<(), Box> { env_logger::init(); log::trace!("Logger initialized."); - let pidfile: String = String::from("/tmp/swhkd.pid"); + let pidfile: String = String::from(format!("/etc/swhkd/runtime/swhkd_{}.pid", invoking_uid)); if Path::new(&pidfile).exists() { log::trace!("Reading {} file and checking for running instances.", pidfile); let swhkd_pid = match fs::read_to_string(&pidfile) { @@ -85,7 +86,7 @@ async fn main() -> Result<(), Box> { } let load_config = || { - seteuid(env::var("PKEXEC_UID").unwrap().parse::().unwrap()); // Dropping privileges to invoking user. + seteuid(invoking_uid); // Dropping privileges to invoking user. let config_file_path: std::path::PathBuf = if args.is_present("config") { Path::new(args.value_of("config").unwrap()).to_path_buf() } else {