Derrick Stolee <derrickstolee@xxxxxxxxxx> writes: >> Original discussion in : >> >> https://lore.kernel.org/git/4ef9287b-6260-9538-7c89-cffb611520ee@xxxxxxxxx/ > > I agree that the idea behind this change is a good one. The escalation > of privilege isn't a huge concern when the "real" user is the same. > The only way to trick the root user here is to set an environment > variable, in which case they might as well modify PATH and be done with > it. How much do we really want to trust SUDO_UID or DOSA_UID are telling the truth, though? >> + euid = geteuid(); >> + if (euid == ROOT_UID) { >> + /* we might have raised our priviledges with sudo or doas */ > > Similar spelling error here. > >> + const char *real_uid = getenv("SUDO_UID"); >> + if (real_uid && *real_uid) >> + euid = atoi(real_uid); >> + else { >> + real_uid = getenv("DOAS_UID"); >> + if (real_uid && *real_uid) >> + euid = atoi(real_uid); >> + } > > I imagine that something else could be added here to help Windows > users who have elevated to administrator privileges. It will use a > completely different mechanism, though, if needed at all. We can > delay that for now. > > Thanks, > -Stolee
