Check effective credentials of socket peers

Fix for CVE-2014-2905. Code for getpeereid() on non-BSD systems imported from the PostgreSQL project under a BSD-style license. Closes #1436
author: David Adam <zanchey@ucc.gu.uwa.edu.au> 2014-04-20 17:51:27 +0800
committer: David Adam <zanchey@ucc.gu.uwa.edu.au> 2014-04-28 10:41:27 +0800
commit: ba1b5e34a77369e28ff563e47c088c55664a8a11 (patch)
tree: 1813422fabafe85d2b4aea163a0728f9ccf20fb1 /env_universal.cpp
parent: 97c2ec8dcfe14882bafb2f2c56502427c0ffa1d0 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/env_universal.cpp b/env_universal.cpp
index 64f39832..9c6165fe 100644
--- a/env_universal.cpp
+++ b/env_universal.cpp
@@ -89,6 +89,8 @@ static int try_get_socket_once(void)
 
     wdir = path;
     wuname = user;
+    uid_t seuid;
+    gid_t segid;
 
     if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
     {
@@ -142,6 +144,13 @@ static int try_get_socket_once(void)
         return -1;
     }
 
+    if ((getpeereid(s, &seuid, &segid) != 0) || seuid != geteuid())
+    {
+        debug(1, L"Wrong credentials for socket %s at fd %d", name.c_str(), s);
+        close(s);
+        return -1;
+    }
+
     if ((make_fd_nonblocking(s) != 0) || (fcntl(s, F_SETFD, FD_CLOEXEC) != 0))
     {
         wperror(L"fcntl");
author	David Adam <zanchey@ucc.gu.uwa.edu.au>	2014-04-20 17:51:27 +0800
committer	David Adam <zanchey@ucc.gu.uwa.edu.au>	2014-04-28 10:41:27 +0800
commit	ba1b5e34a77369e28ff563e47c088c55664a8a11 (patch)
tree	1813422fabafe85d2b4aea163a0728f9ccf20fb1 /env_universal.cpp
parent	97c2ec8dcfe14882bafb2f2c56502427c0ffa1d0 (diff)