1 files changed, 15 insertions, 9 deletions
diff --git a/applets/applets.c b/applets/applets.c
index ebd1ff313..a974743da 100644
--- a/applets/applets.c
+++ b/applets/applets.c
@@ -320,7 +320,7 @@ static void parse_config_file(void)
 }
 #else
-#define parse_config_file()
+#define parse_config_file() ((void)0)
 #endif /* CONFIG_FEATURE_SUID_CONFIG */
 #ifdef CONFIG_FEATURE_SUID
@@ -340,20 +340,26 @@ static void check_suid(struct BB_applet *applet)
                if (sct) {
                        mode_t m = sct->m_mode;
-                        if (sct->m_uid == ruid)       /* same uid */
+                        if (sct->m_uid == ruid)
+                                /* same uid */
                                m >>= 6;
-                        else if ((sct->m_gid == rgid) || ingroup(ruid, sct->m_gid))  /* same group / in group */
+                        else if ((sct->m_gid == rgid) || ingroup(ruid, sct->m_gid))
+                                /* same group / in group */
                                m >>= 3;
                        if (!(m & S_IXOTH))           /* is x bit not set ? */
                                bb_error_msg_and_die("you have no permission to run this applet!");
-                        if ((sct->m_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {     /* *both* have to be set for sgid */
+                        if (sct->m_gid != 0) {
-                                xsetgid(sct->m_gid);
+                                /* _both_ have to be set for sgid */
-                        } else xsetgid(rgid);                /* no sgid -> drop */
+                                if ((sct->m_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
+                                        xsetgid(sct->m_gid);
-                        if (sct->m_mode & S_ISUID) xsetuid(sct->m_uid);
+                                } else xsetgid(rgid); /* no sgid -> drop */
-                        else xsetuid(ruid);                  /* no suid -> drop */
+                        }
+                        if (sct->m_uid != 0) {
+                                if (sct->m_mode & S_ISUID) xsetuid(sct->m_uid);
+                                else xsetuid(ruid); /* no suid -> drop */
+                        }
                } else {
                        /* default: drop all privileges */
                        xsetgid(rgid);

diff --git a/applets/applets.c b/applets/applets.c index ebd1ff313..a974743da 100644 --- a/applets/applets.c +++ b/applets/applets.c
@@ -320,7 +320,7 @@ static void parse_config_file(void)
320	}	320	}
321		321
322	#else	322	#else
323	#define parse_config_file()	323	#define parse_config_file() ((void)0)
324	#endif /* CONFIG_FEATURE_SUID_CONFIG */	324	#endif /* CONFIG_FEATURE_SUID_CONFIG */
325		325
326	#ifdef CONFIG_FEATURE_SUID	326	#ifdef CONFIG_FEATURE_SUID
@@ -340,20 +340,26 @@ static void check_suid(struct BB_applet *applet)
340	if (sct) {	340	if (sct) {
341	mode_t m = sct->m_mode;	341	mode_t m = sct->m_mode;
342		342
343	if (sct->m_uid == ruid) /* same uid */	343	if (sct->m_uid == ruid)
		344	/* same uid */
344	m >>= 6;	345	m >>= 6;
345	else if ((sct->m_gid == rgid) \|\| ingroup(ruid, sct->m_gid)) /* same group / in group */	346	else if ((sct->m_gid == rgid) \|\| ingroup(ruid, sct->m_gid))
		347	/* same group / in group */
346	m >>= 3;	348	m >>= 3;
347		349
348	if (!(m & S_IXOTH)) /* is x bit not set ? */	350	if (!(m & S_IXOTH)) /* is x bit not set ? */
349	bb_error_msg_and_die("you have no permission to run this applet!");	351	bb_error_msg_and_die("you have no permission to run this applet!");
350		352
351	if ((sct->m_mode & (S_ISGID \| S_IXGRP)) == (S_ISGID \| S_IXGRP)) { /* both have to be set for sgid */	353	if (sct->m_gid != 0) {
352	xsetgid(sct->m_gid);	354	/* _both_ have to be set for sgid */
353	} else xsetgid(rgid); /* no sgid -> drop */	355	if ((sct->m_mode & (S_ISGID \| S_IXGRP)) == (S_ISGID \| S_IXGRP)) {
354		356	xsetgid(sct->m_gid);
355	if (sct->m_mode & S_ISUID) xsetuid(sct->m_uid);	357	} else xsetgid(rgid); /* no sgid -> drop */
356	else xsetuid(ruid); /* no suid -> drop */	358	}
		359	if (sct->m_uid != 0) {
		360	if (sct->m_mode & S_ISUID) xsetuid(sct->m_uid);
		361	else xsetuid(ruid); /* no suid -> drop */
		362	}
357	} else {	363	} else {
358	/* default: drop all privileges */	364	/* default: drop all privileges */
359	xsetgid(rgid);	365	xsetgid(rgid);