picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

timesync: use current uid when started as non-root user

Browse source 
Fixes #7883.
This commit is contained in:
Yu Watanabe 2018-01-15 23:40:23 +09:00
parent 5a45fde547
commit 444c1915f9
1 changed files with 11 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
src/timesync/timesyncd.c
View file

@ -96,7 +96,7 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) {
int main(int argc, char *argv[]) {
_cleanup_(manager_freep) Manager *m = NULL;
const char *user = "systemd-timesync";
uid_t uid;
uid_t uid, uid_current;
gid_t gid;
int r;
@ -113,10 +113,15 @@ int main(int argc, char *argv[]) {
goto finish;
}
r = get_user_creds(&user, &uid, &gid, NULL, NULL);
if (r < 0) {
log_error_errno(r, "Cannot resolve user name %s: %m", user);
goto finish;
uid = uid_current = geteuid();
gid = getegid();
if (uid_current == 0) {
r = get_user_creds(&user, &uid, &gid, NULL, NULL);
if (r < 0) {
log_error_errno(r, "Cannot resolve user name %s: %m", user);
goto finish;
}
}
r = load_clock_timestamp(uid, gid);
@ -125,7 +130,7 @@ int main(int argc, char *argv[]) {
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume all
* privileges are already dropped. */
if (geteuid() == 0) {
if (uid_current == 0) {
r = drop_privileges(uid, gid, (1ULL << CAP_SYS_TIME));
if (r < 0)
goto finish;