git.ipfire.org Git - thirdparty/cups.git/commit

author	Max Kellermann <max.kellermann@gmail.com>
	Sat, 10 May 2025 20:54:48 +0000 (22:54 +0200)
committer	Max Kellermann <max.kellermann@gmail.com>
	Sat, 10 May 2025 20:58:55 +0000 (22:58 +0200)
commit	5a142576e8a4716504b2b72e597f766fb2e0bb05
tree	0ca2bb791339a6de98dfa68032ee629d67a4a66d	tree
parent	350361790d17784f26762a405d0b3e328d20c9d6	commit \| diff

cups/globals: use getauxval(AT_SECURE) for SUID check

Comparing effective and real uid/gid is not a proper way to check for
SUID execution:

1. this does not consider file capabilities

2. this check breaks when NO_NEW_PRIVS is used as the Linux kernel
resets effective ids during execve(); this means the check is
false, but the process still has raised capabilities

For more details about the NO_NEW_PRIVS problem, check this post and
the surrounding thread:

https://lore.kernel.org/lkml/20250509184105.840928-1-max.kellermann@ionos.com/

Signed-off-by: Max Kellermann <max.kellermann@ionos.com>

config-scripts/cups-common.m4		diff \| blob \| blame \| history
config.h.in		diff \| blob \| blame \| history
cups/globals.c		diff \| blob \| blame \| history