external/koush/Superuser
| 修訂 | 2c9250467fe4678a042ffae6bd8d738913504437 (tree) |
|---|---|
| 時間 | 2013-08-12 10:14:41 |
| 作者 | Koushik Dutta <koushd@gmai...> |
| Commiter | Koushik Dutta |
Fix potential trust issues by using SO_PEERCRED.
Change-Id: I510fcabe3c2a7765684a31d0553ce73fa1e1ed56
Superuser/jni/su/daemon.c (diff)| @@ -154,6 +154,22 @@ static int daemon_accept(int fd) { | ||
| 154 | 154 | LOGD("remote uid: %d", daemon_from_uid); |
| 155 | 155 | daemon_from_pid = read_int(fd); |
| 156 | 156 | LOGD("remote req pid: %d", daemon_from_pid); |
| 157 | + | |
| 158 | + struct ucred credentials; | |
| 159 | + int ucred_length = sizeof(struct ucred); | |
| 160 | + /* fill in the user data structure */ | |
| 161 | + if(getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &credentials, &ucred_length)) { | |
| 162 | + LOGE("could obtain credentials from unix domain socket"); | |
| 163 | + exit(-1); | |
| 164 | + } | |
| 165 | + // if the credentials on the other side of the wire are NOT root, | |
| 166 | + // we can't trust what anything being sent. | |
| 167 | + if (credentials.uid != 0) { | |
| 168 | + daemon_from_uid = credentials.uid; | |
| 169 | + pid = credentials.pid; | |
| 170 | + daemon_from_pid = credentials.pid; | |
| 171 | + } | |
| 172 | + | |
| 157 | 173 | int argc = read_int(fd); |
| 158 | 174 | if (argc < 0 || argc > 512) { |
| 159 | 175 | LOGE("unable to allocate args: %d", argc); |
Fork