#21: pulseaudio_fix21-2.patch - PulseAudio - Trac

pulseaudio/src/daemon/caps.c

old	new
69	69	#endif
70	70	}
71	71
	72	/* Switch to real user, but only set effective UID so
	73	we can switch back to root later */
	74	void pa_suspend_root(void) {
	75	uid_t uid = getuid();
	76
	77	if (uid == 0 \|\| geteuid() != 0)
	78	return;
	79
	80	pa_log_info("suspending root privileges.");
	81
	82	#if defined(HAVE_SETRESUID)
	83	setresuid(-1, uid, -1);
	84	#elif defined(HAVE_SETREUID)
	85	setreuid(-1, uid);
	86	#else
	87	seteuid(uid);
	88	#endif
	89	}
	90
	91	/* Re-gain root privileges */
	92	void pa_gain_root(void) {
	93	if (geteuid() == 0)
	94	return;
	95
	96	pa_log_info("gaining root privileges.");
	97
	98	#if defined(HAVE_SETRESUID)
	99	setresuid(-1, 0, -1);
	100	#elif defined(HAVE_SETREUID)
	101	setreuid(-1, 0);
	102	#else
	103	seteuid(0);
	104	#endif
	105	}
	106
72	107	#else
73	108
74	109	void pa_drop_root(void) {
75	110	}
76	111
	112	void pa_suspend_root(void) {
	113	}
	114
	115	void pa_gain_root(void) {
	116	}
77	117	#endif
78	118
79	119	#ifdef HAVE_SYS_CAPABILITY_H

old	new
331	331
332	332	setlocale(LC_ALL, "");
333	333
334		~~pa_limit_caps();~~
335
336	334	#ifdef HAVE_GETUID
337	335	real_root = getuid() == 0;
338	336	suid_root = !real_root && geteuid() == 0;
339	337
	338	pa_suspend_root();
	339
340	340	if (suid_root && (pa_own_uid_in_group(PA_REALTIME_GROUP, &gid) <= 0 \|\| gid >= 1000)) {
341	341	pa_log_warn("WARNING: called SUID root, but not in group '"PA_REALTIME_GROUP"'.");
342	342	pa_drop_root();
…	…
378	378	pa_log_set_maximal_level(conf->log_level);
379	379	pa_log_set_target(conf->auto_log_target ? PA_LOG_STDERR : conf->log_target, NULL);
380	380
381		if (conf->high_priority && conf->cmd == PA_CMD_DAEMON)
382		pa_raise_priority();
383
384		pa_drop_caps();
	381	if (conf->high_priority && conf->cmd == PA_CMD_DAEMON) {
	382	#ifdef HAVE_GETUID
	383	pa_gain_root();
	384	#endif
	385	pa_limit_caps();
	386	pa_raise_priority();
	387	pa_drop_caps();
	388	}
385	389
386	390	if (suid_root)
387	391	pa_drop_root();