LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-10 13:00:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

LibCore: Add Core::System::drop_privileges()

Browse Source 
In a few places we intentionally drop privileges to reduce the potential
security surface area of networked program, with the pattern of:

```
if (setgid(getgid()) || setuid(getuid()) {
    return 1;
}
```

We can make this a bit nicer to use by creating a wrapper.
This commit is contained in:
Brian Gianforcaro 2022-03-21 00:05:42 -07:00 committed by Andreas Kling
parent 7403342387
commit 6eebd69b70
Notes: sideshowbarker 2024-07-18 04:38:32 +09:00 
Author: https://github.com/bgianfo
Commit: https://github.com/SerenityOS/serenity/commit/6eebd69b70
Pull-request: https://github.com/SerenityOS/serenity/pull/13172
Reviewed-by: https://github.com/ADKaster
Reviewed-by: https://github.com/awesomekling
Reviewed-by: https://github.com/ldm5180
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Userland/Libraries/LibCore/System.cpp
View File

@ -726,6 +726,17 @@ ErrorOr<pid_t> setsid()
return rc;
}
ErrorOr<void> drop_privileges()
{
auto gid_result = setgid(getgid());
auto uid_result = setuid(getuid());
if (gid_result.is_error() || uid_result.is_error())
return Error::from_string_literal("Failed to drop privileges");
return {};
}
ErrorOr<bool> isatty(int fd)
{
int rc = ::isatty(fd);

1
Userland/Libraries/LibCore/System.h
View File

@ -109,6 +109,7 @@ ErrorOr<void> setgid(gid_t);
ErrorOr<void> setegid(gid_t);
ErrorOr<void> setpgid(pid_t pid, pid_t pgid);
ErrorOr<pid_t> setsid();
ErrorOr<void> drop_privileges();
ErrorOr<bool> isatty(int fd);
ErrorOr<void> symlink(StringView target, StringView link_path);
ErrorOr<void> mkdir(StringView path, mode_t);