su: detect inability to raise privilege

When privilege has been dropped by the 'drop' applet, the 'su' applet is unable to raise it again because ShellExecuteEx() thinks it unnecessary. Detect this situation, report an error and return exit code 2. Costs 72-112 bytes. (GitHub issue #437)
author: Ron Yorston <rmy@pobox.com> 2024-08-03 10:00:59 +0100
committer: Ron Yorston <rmy@pobox.com> 2024-08-03 10:00:59 +0100
commit: fb959dd3f29c2d0655e01147f7b0b9bb2dab4223 (patch)
tree: ff5f9a7a40c4fa2656c1ee2b794c877ada2904c4 /loginutils/suw32.c
parent: dab0de7dbe833a44b3e4c20fcd0044f2d878d10d (diff)
download: busybox-w32-fb959dd3f29c2d0655e01147f7b0b9bb2dab4223.tar.gz
busybox-w32-fb959dd3f29c2d0655e01147f7b0b9bb2dab4223.tar.bz2
busybox-w32-fb959dd3f29c2d0655e01147f7b0b9bb2dab4223.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/loginutils/suw32.c b/loginutils/suw32.c
index edf42177b..a0afe5bb7 100644
--- a/loginutils/suw32.c
+++ b/loginutils/suw32.c
@@ -44,6 +44,16 @@ int suw32_main(int argc UNUSED_PARAM, char **argv)
        char *bb_path, *cwd, *realcwd, *q, *args;
        DECLARE_PROC_ADDR(BOOL, ShellExecuteExA, SHELLEXECUTEINFOA *);
+#if ENABLE_DROP || ENABLE_CDROP || ENABLE_PDROP
+        // If privilege has been dropped (ELEVATED_PRIVILEGE but not
+        // ADMIN_ENABLED) ShellExecuteEx() thinks we already have elevated
+        // privilege and doesn't raise privilege.  In that case, give up.
+        if (elevation_state() == ELEVATED_PRIVILEGE) {
+                xfunc_error_retval = 2;
+                bb_error_msg_and_die("unable to restore privilege");
+        }
+#endif
        opt = getopt32(argv, "c:NW", &opt_command);
        argv += optind;
        if (argv[0]) {
author	Ron Yorston <rmy@pobox.com>	2024-08-03 10:00:59 +0100
committer	Ron Yorston <rmy@pobox.com>	2024-08-03 10:00:59 +0100
commit	fb959dd3f29c2d0655e01147f7b0b9bb2dab4223 (patch)
tree	ff5f9a7a40c4fa2656c1ee2b794c877ada2904c4 /loginutils/suw32.c
parent	dab0de7dbe833a44b3e4c20fcd0044f2d878d10d (diff)
download	busybox-w32-fb959dd3f29c2d0655e01147f7b0b9bb2dab4223.tar.gz busybox-w32-fb959dd3f29c2d0655e01147f7b0b9bb2dab4223.tar.bz2 busybox-w32-fb959dd3f29c2d0655e01147f7b0b9bb2dab4223.zip

diff --git a/loginutils/suw32.c b/loginutils/suw32.c index edf42177b..a0afe5bb7 100644 --- a/loginutils/suw32.c +++ b/loginutils/suw32.c
@@ -44,6 +44,16 @@ int suw32_main(int argc UNUSED_PARAM, char **argv)
44	char bb_path, cwd, realcwd, q, *args;	44	char bb_path, cwd, realcwd, q, *args;
45	DECLARE_PROC_ADDR(BOOL, ShellExecuteExA, SHELLEXECUTEINFOA *);	45	DECLARE_PROC_ADDR(BOOL, ShellExecuteExA, SHELLEXECUTEINFOA *);
46		46
		47	#if ENABLE_DROP \|\| ENABLE_CDROP \|\| ENABLE_PDROP
		48	// If privilege has been dropped (ELEVATED_PRIVILEGE but not
		49	// ADMIN_ENABLED) ShellExecuteEx() thinks we already have elevated
		50	// privilege and doesn't raise privilege. In that case, give up.
		51	if (elevation_state() == ELEVATED_PRIVILEGE) {
		52	xfunc_error_retval = 2;
		53	bb_error_msg_and_die("unable to restore privilege");
		54	}
		55	#endif
		56
47	opt = getopt32(argv, "c:NW", &opt_command);	57	opt = getopt32(argv, "c:NW", &opt_command);
48	argv += optind;	58	argv += optind;
49	if (argv[0]) {	59	if (argv[0]) {