From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 19 Dec 2022 16:29:40 +0000 (+0100)
Subject: argv-util: do proper permission check while when changing process name
X-Git-Tag: v253-rc1~242^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=03ee26168f0f32e6e0b9a172b75a5189b0ca2c05;p=thirdparty%2Fsystemd.git

argv-util: do proper permission check while when changing process name

Process renaming happens very seldomly so we are able to afford proper
permission check, i.e. actually check for CAP_SYS_RESOURCE capability
instead of euid.
---

diff --git a/src/basic/argv-util.c b/src/basic/argv-util.c
index 54649f4bda8..fe152502fd8 100644
--- a/src/basic/argv-util.c
+++ b/src/basic/argv-util.c
@@ -6,6 +6,7 @@
 #include <unistd.h>
 
 #include "argv-util.h"
+#include "capability-util.h"
 #include "errno-util.h"
 #include "missing_sched.h"
 #include "parse-util.h"
@@ -83,12 +84,9 @@ static int update_argv(const char name[], size_t l) {
                 return 0;
         can_do = false; /* We'll set it to true only if the whole process works */
 
-        /* Let's not bother with this if we don't have euid == 0. Strictly speaking we should check for the
-         * CAP_SYS_RESOURCE capability which is independent of the euid. In our own code the capability generally is
-         * present only for euid == 0, hence let's use this as quick bypass check, to avoid calling mmap() if
-         * PR_SET_MM_ARG_{START,END} fails with EPERM later on anyway. After all geteuid() is dead cheap to call, but
-         * mmap() is not. */
-        if (geteuid() != 0)
+        /* Calling prctl() with PR_SET_MM_ARG_{START,END} requires CAP_SYS_RESOURCE so let's use this as quick bypass
+         * check, to avoid calling mmap() should PR_SET_MM_ARG_{START,END} fail with EPERM later on anyway. */
+        if (!have_effective_cap(CAP_SYS_RESOURCE))
                 return log_debug_errno(SYNTHETIC_ERRNO(EPERM),
                                        "Skipping PR_SET_MM, as we don't have privileges.");