1 files changed, 18 insertions, 8 deletions
diff --git a/applets/applets.c b/applets/applets.c
index fb37fbea5..13b406ae5 100644
--- a/applets/applets.c
+++ b/applets/applets.c
@@ -48,14 +48,15 @@ static const char usage_messages[] = ""
 /* The -1 arises because of the {0,NULL,0,-1} entry. */
 const unsigned short NUM_APPLETS = sizeof(applets) / sizeof(applets[0]) - 1;
 const struct bb_applet *current_applet;
 const char *applet_name ATTRIBUTE_EXTERNALLY_VISIBLE;
 #if !BB_MMU
 bool re_execed;
 #endif
+#if ENABLE_FEATURE_SUID
+static uid_t ruid;  /* real uid */
+#endif
 #if ENABLE_FEATURE_SUID_CONFIG
@@ -143,6 +144,10 @@ static void parse_config_file(void)
        assert(!suid_config); /* Should be set to NULL by bss init. */
+        ruid = getuid();
+        if (ruid == 0) /* run by root - don't need to even read config file */
+                return;
        if ((stat(config_file, &st) != 0)       /* No config file? */
         || !S_ISREG(st.st_mode)                /* Not a regular file? */
         || (st.st_uid != 0)                    /* Not owned by root? */
@@ -324,15 +329,21 @@ static void parse_config_file(void)
        }
 }
 #else
-#define parse_config_file() ((void)0)
+static inline void parse_config_file(void)
+{
+        ruid = getuid();
+}
 #endif /* FEATURE_SUID_CONFIG */
 #if ENABLE_FEATURE_SUID
 static void check_suid(const struct bb_applet *applet)
 {
-        uid_t ruid = getuid();               /* real [ug]id */
+        uid_t rgid;  /* real gid */
-        uid_t rgid = getgid();
+        if (ruid == 0) /* set by parse_config_file() */
+                return; /* run by root - no need to check more */
+        rgid = getgid();
 #if ENABLE_FEATURE_SUID_CONFIG
        if (suid_cfg_readable) {
@@ -387,7 +398,7 @@ static void check_suid(const struct bb_applet *applet)
                if (geteuid())
                        bb_error_msg_and_die("applet requires root privileges!");
        } else if (applet->need_suid == _BB_SUID_NEVER) {
-                xsetgid(rgid);                          /* drop all privileges */
+                xsetgid(rgid);  /* drop all privileges */
                xsetuid(ruid);
        }
 }
@@ -636,8 +647,7 @@ int main(int argc, char **argv)
        if (s)
                applet_name = s + 1;
-        if (ENABLE_FEATURE_SUID_CONFIG)
+        parse_config_file(); /* ...maybe, if FEATURE_SUID_CONFIG */
-                parse_config_file();
        /* Set locale for everybody except 'init' */
        if (ENABLE_LOCALE_SUPPORT && getpid() != 1)

diff --git a/applets/applets.c b/applets/applets.c index fb37fbea5..13b406ae5 100644 --- a/applets/applets.c +++ b/applets/applets.c
@@ -48,14 +48,15 @@ static const char usage_messages[] = ""
48	/* The -1 arises because of the {0,NULL,0,-1} entry. */	48	/* The -1 arises because of the {0,NULL,0,-1} entry. */
49	const unsigned short NUM_APPLETS = sizeof(applets) / sizeof(applets[0]) - 1;	49	const unsigned short NUM_APPLETS = sizeof(applets) / sizeof(applets[0]) - 1;
50		50
51
52	const struct bb_applet *current_applet;	51	const struct bb_applet *current_applet;
53	const char *applet_name ATTRIBUTE_EXTERNALLY_VISIBLE;	52	const char *applet_name ATTRIBUTE_EXTERNALLY_VISIBLE;
54	#if !BB_MMU	53	#if !BB_MMU
55	bool re_execed;	54	bool re_execed;
56	#endif	55	#endif
57		56
58		57	#if ENABLE_FEATURE_SUID
		58	static uid_t ruid; /* real uid */
		59	#endif
59		60
60	#if ENABLE_FEATURE_SUID_CONFIG	61	#if ENABLE_FEATURE_SUID_CONFIG
61		62
@@ -143,6 +144,10 @@ static void parse_config_file(void)
143		144
144	assert(!suid_config); /* Should be set to NULL by bss init. */	145	assert(!suid_config); /* Should be set to NULL by bss init. */
145		146
		147	ruid = getuid();
		148	if (ruid == 0) /* run by root - don't need to even read config file */
		149	return;
		150
146	if ((stat(config_file, &st) != 0) /* No config file? */	151	if ((stat(config_file, &st) != 0) /* No config file? */
147	\|\| !S_ISREG(st.st_mode) /* Not a regular file? */	152	\|\| !S_ISREG(st.st_mode) /* Not a regular file? */
148	\|\| (st.st_uid != 0) /* Not owned by root? */	153	\|\| (st.st_uid != 0) /* Not owned by root? */
@@ -324,15 +329,21 @@ static void parse_config_file(void)
324	}	329	}
325	}	330	}
326	#else	331	#else
327	#define parse_config_file() ((void)0)	332	static inline void parse_config_file(void)
		333	{
		334	ruid = getuid();
		335	}
328	#endif /* FEATURE_SUID_CONFIG */	336	#endif /* FEATURE_SUID_CONFIG */
329		337
330		338
331	#if ENABLE_FEATURE_SUID	339	#if ENABLE_FEATURE_SUID
332	static void check_suid(const struct bb_applet *applet)	340	static void check_suid(const struct bb_applet *applet)
333	{	341	{
334	uid_t ruid = getuid(); /* real [ug]id */	342	uid_t rgid; /* real gid */
335	uid_t rgid = getgid();	343
		344	if (ruid == 0) /* set by parse_config_file() */
		345	return; /* run by root - no need to check more */
		346	rgid = getgid();
336		347
337	#if ENABLE_FEATURE_SUID_CONFIG	348	#if ENABLE_FEATURE_SUID_CONFIG
338	if (suid_cfg_readable) {	349	if (suid_cfg_readable) {
@@ -387,7 +398,7 @@ static void check_suid(const struct bb_applet *applet)
387	if (geteuid())	398	if (geteuid())
388	bb_error_msg_and_die("applet requires root privileges!");	399	bb_error_msg_and_die("applet requires root privileges!");
389	} else if (applet->need_suid == _BB_SUID_NEVER) {	400	} else if (applet->need_suid == _BB_SUID_NEVER) {
390	xsetgid(rgid); /* drop all privileges */	401	xsetgid(rgid); /* drop all privileges */
391	xsetuid(ruid);	402	xsetuid(ruid);
392	}	403	}
393	}	404	}
@@ -636,8 +647,7 @@ int main(int argc, char **argv)
636	if (s)	647	if (s)
637	applet_name = s + 1;	648	applet_name = s + 1;
638		649
639	if (ENABLE_FEATURE_SUID_CONFIG)	650	parse_config_file(); /* ...maybe, if FEATURE_SUID_CONFIG */
640	parse_config_file();
641		651
642	/* Set locale for everybody except 'init' */	652	/* Set locale for everybody except 'init' */
643	if (ENABLE_LOCALE_SUPPORT && getpid() != 1)	653	if (ENABLE_LOCALE_SUPPORT && getpid() != 1)