Skip to content

Commit

Permalink
Also log when set[ug]id program is owned by us
Browse files Browse the repository at this point in the history 
Log as info instead of warning, but still log.
  • Loading branch information
@remram44
remram44 committed May 10, 2018
1 parent d1848d6 commit db12ac8
Showing 1 changed file with 22 additions and 7 deletions.
29 changes: 22 additions & 7 deletions reprozip/native/syscalls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -417,14 +417,23 @@ static int record_shebangs(struct Process *process, const char *exec_target)
}
else
{
if( (statbuf.st_mode & 04000 == 04000)
&& (statbuf.st_uid != getuid()) )
if(statbuf.st_mode & 04000 == 04000)
{
log_warn(process->tid,
"executing set-uid binary! For security, Linux "
"will not give the process any\nprivileges from "
"set-uid while it is being traced. This will "
"probably break\nwhatever you are tracing.");
if(statbuf.st_uid != getuid())
{
log_warn(process->tid,
"executing set-uid binary! For security, "
"Linux will not give the process any\n"
"privileges from set-uid while it is being "
"traced. This will probably break\n"
"whatever you are tracing.");
}
else
{
log_info(process->tid,
"binary has set-uid bit set, not a problem "
"because it is owned by our user");
}
}
if(statbuf.st_mode & 02000 == 02000)
{
Expand Down Expand Up @@ -466,6 +475,12 @@ static int record_shebangs(struct Process *process, const char *exec_target)
"traced. This will probably break\n"
"whatever you are tracing.");
}
else
{
log_info(process->tid,
"binary has set-gid bit set, not a problem "
"because it is in one of our groups");
}
}
}
return 0;
Expand Down

0 comments on commit db12ac8

Please sign in to comment.