diff options
author | David Adam <zanchey@ucc.gu.uwa.edu.au> | 2014-04-20 17:51:27 +0800 |
---|---|---|
committer | David Adam <zanchey@ucc.gu.uwa.edu.au> | 2014-04-28 10:41:27 +0800 |
commit | ba1b5e34a77369e28ff563e47c088c55664a8a11 (patch) | |
tree | 1813422fabafe85d2b4aea163a0728f9ccf20fb1 /fishd.cpp | |
parent | 97c2ec8dcfe14882bafb2f2c56502427c0ffa1d0 (diff) |
Check effective credentials of socket peers
Fix for CVE-2014-2905.
Code for getpeereid() on non-BSD systems imported from the PostgreSQL
project under a BSD-style license.
Closes #1436
Diffstat (limited to 'fishd.cpp')
-rw-r--r-- | fishd.cpp | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -880,6 +880,8 @@ int main(int argc, char ** argv) int child_socket; struct sockaddr_un remote; socklen_t t; + uid_t sock_euid; + gid_t sock_egid; int max_fd; int update_count=0; @@ -1000,7 +1002,12 @@ int main(int argc, char ** argv) { debug(4, L"Connected with new child on fd %d", child_socket); - if (make_fd_nonblocking(child_socket) != 0) + if (((getpeereid(child_socket, &sock_euid, &sock_egid) != 0) || sock_euid != geteuid())) + { + debug(1, L"Wrong credentials for child on fd %d", child_socket); + close(child_socket); + } + else if (make_fd_nonblocking(child_socket) != 0) { wperror(L"fcntl"); close(child_socket); |