diff options
author | Carsten Haitzler (Rasterman) <raster@rasterman.com> | 2014-01-08 19:46:23 +0900 |
---|---|---|
committer | Carsten Haitzler (Rasterman) <raster@rasterman.com> | 2014-01-08 19:46:23 +0900 |
commit | b95ef3801f9719a8f8ff731e25d66a8d1dd417cd (patch) | |
tree | 258548da51b18d5fde17915bdc36cba44effcf40 /src/lib/ecore_fb | |
parent | 323f293ab538ffc7431f6598736963a834c4f880 (diff) | |
download | efl-b95ef3801f9719a8f8ff731e25d66a8d1dd417cd.tar.gz |
setuid safeness - ensure if an app that is setuid doesn't do bad things
this makes efl ignore certain env vars for thnigs and entirely removes
user modules (that no one ever used) etc. etc. to ensure that *IF* an
app is setuid, there isn't a priv escalation path that is easy.
Diffstat (limited to 'src/lib/ecore_fb')
-rw-r--r-- | src/lib/ecore_fb/ecore_fb.c | 2 | ||||
-rw-r--r-- | src/lib/ecore_fb/ecore_fb_ts.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/ecore_fb/ecore_fb.c b/src/lib/ecore_fb/ecore_fb.c index 5e16f660c2..3bce09de0b 100644 --- a/src/lib/ecore_fb/ecore_fb.c +++ b/src/lib/ecore_fb/ecore_fb.c @@ -108,7 +108,7 @@ _ecore_fb_size_get(int *w, int *h) struct fb_var_screeninfo fb_var; int fb; - if (getenv("EVAS_FB_DEV")) + if ((getuid() == getuid()) && (getenv("EVAS_FB_DEV"))) fb = open(getenv("EVAS_FB_DEV"), O_RDWR); else { diff --git a/src/lib/ecore_fb/ecore_fb_ts.c b/src/lib/ecore_fb/ecore_fb_ts.c index 93ac04a0f2..3f699c05c9 100644 --- a/src/lib/ecore_fb/ecore_fb_ts.c +++ b/src/lib/ecore_fb/ecore_fb_ts.c @@ -81,7 +81,7 @@ ecore_fb_ts_init(void) { #ifdef HAVE_TSLIB char *tslib_tsdevice = NULL; - if ( (tslib_tsdevice = getenv("TSLIB_TSDEVICE")) ) + if ((getuid() == getuid()) && ((tslib_tsdevice = getenv("TSLIB_TSDEVICE")))) { printf( "ECORE_FB: TSLIB_TSDEVICE = '%s'\n", tslib_tsdevice ); _ecore_fb_tslib_tsdev = ts_open( tslib_tsdevice, 1 ); /* 1 = nonblocking, 0 = blocking */ |