From patchwork Mon Feb 17 12:16:53 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans de Goede X-Patchwork-Id: 3662901 Return-Path: X-Original-To: patchwork-intel-gfx@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 065BFBF13A for ; Mon, 17 Feb 2014 12:17:21 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 3ABE42013A for ; Mon, 17 Feb 2014 12:17:20 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) by mail.kernel.org (Postfix) with ESMTP id 81856200E8 for ; Mon, 17 Feb 2014 12:17:19 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 181C5FA57C; Mon, 17 Feb 2014 04:17:18 -0800 (PST) X-Original-To: intel-gfx@lists.freedesktop.org Delivered-To: intel-gfx@lists.freedesktop.org Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by gabe.freedesktop.org (Postfix) with ESMTP id 99097FA73E for ; Mon, 17 Feb 2014 04:17:02 -0800 (PST) Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s1HCH1eH021494 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 17 Feb 2014 07:17:01 -0500 Received: from shalem.localdomain.com (vpn1-7-24.ams2.redhat.com [10.36.7.24]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s1HCGu7h010532; Mon, 17 Feb 2014 07:16:59 -0500 From: Hans de Goede To: intel-gfx@lists.freedesktop.org Date: Mon, 17 Feb 2014 13:16:53 +0100 Message-Id: <1392639414-3909-4-git-send-email-hdegoede@redhat.com> In-Reply-To: <1392639414-3909-1-git-send-email-hdegoede@redhat.com> References: <1392639414-3909-1-git-send-email-hdegoede@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 Cc: peter.hutterer@redhat.com Subject: [Intel-gfx] [PATCH 3/4] backlight: Drop rights before executing pkexec X-BeenThere: intel-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Intel graphics driver community testing & development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: intel-gfx-bounces@lists.freedesktop.org Errors-To: intel-gfx-bounces@lists.freedesktop.org X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Event though we've failed to open the backlight normally, we may still be running under a suid-root xserver, so drop any elevated rights before executing what we hope will be pkxec. Signed-off-by: Hans de Goede --- src/backlight.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/backlight.c b/src/backlight.c index 518d756..dc26307 100644 --- a/src/backlight.c +++ b/src/backlight.c @@ -295,6 +295,10 @@ static int __backlight_helper_init(struct backlight *b, char *iface) switch ((b->pid = fork())) { case 0: + if (setgid(getgid()) != 0) + _exit(127); + if (setuid(getuid()) != 0) + _exit(127); close(fds[1]); dup2(fds[0], 0); close(fds[0]);