summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/lib/util_sec.c8
-rw-r--r--source3/libsmb/clientgen.c6
-rw-r--r--source3/utils/smbpasswd.c2
3 files changed, 15 insertions, 1 deletions
diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
index a07e7d0e1a..c559647bf4 100644
--- a/source3/lib/util_sec.c
+++ b/source3/lib/util_sec.c
@@ -413,3 +413,11 @@ main()
exit(0);
}
#endif
+
+/****************************************************************************
+Check if we are setuid root. Used in libsmb and smbpasswd parinoia checks.
+****************************************************************************/
+BOOL is_setuid_root(void)
+{
+ return (geteuid() == (uid_t)0) && (getuid() != (uid_t)0);
+}
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index ec8d2e2bfc..d509924a26 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -154,6 +154,12 @@ struct cli_state *cli_initialise(struct cli_state *cli)
{
BOOL alloced_cli = False;
+ /* Check the effective uid - make sure we are not setuid */
+ if (is_setuid_root()) {
+ DEBUG(0,("libsmb based programs must *NOT* be setuid root.\n"));
+ return NULL;
+ }
+
if (!cli) {
cli = (struct cli_state *)malloc(sizeof(*cli));
if (!cli)
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 6a330812e1..ee8bae7a4a 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -933,7 +933,7 @@ int main(int argc, char **argv)
strupper(global_myname);
/* Check the effective uid - make sure we are not setuid */
- if ((geteuid() == (uid_t)0) && (getuid() != (uid_t)0)) {
+ if (is_setuid_root()) {
fprintf(stderr, "smbpasswd must *NOT* be setuid root.\n");
exit(1);
}