diff options
-rw-r--r-- | source3/lib/util_sec.c | 8 | ||||
-rw-r--r-- | source3/libsmb/clientgen.c | 6 | ||||
-rw-r--r-- | source3/utils/smbpasswd.c | 2 |
3 files changed, 15 insertions, 1 deletions
diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c index a07e7d0e1a..c559647bf4 100644 --- a/source3/lib/util_sec.c +++ b/source3/lib/util_sec.c @@ -413,3 +413,11 @@ main() exit(0); } #endif + +/**************************************************************************** +Check if we are setuid root. Used in libsmb and smbpasswd parinoia checks. +****************************************************************************/ +BOOL is_setuid_root(void) +{ + return (geteuid() == (uid_t)0) && (getuid() != (uid_t)0); +} diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index ec8d2e2bfc..d509924a26 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -154,6 +154,12 @@ struct cli_state *cli_initialise(struct cli_state *cli) { BOOL alloced_cli = False; + /* Check the effective uid - make sure we are not setuid */ + if (is_setuid_root()) { + DEBUG(0,("libsmb based programs must *NOT* be setuid root.\n")); + return NULL; + } + if (!cli) { cli = (struct cli_state *)malloc(sizeof(*cli)); if (!cli) diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 6a330812e1..ee8bae7a4a 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -933,7 +933,7 @@ int main(int argc, char **argv) strupper(global_myname); /* Check the effective uid - make sure we are not setuid */ - if ((geteuid() == (uid_t)0) && (getuid() != (uid_t)0)) { + if (is_setuid_root()) { fprintf(stderr, "smbpasswd must *NOT* be setuid root.\n"); exit(1); } |