diff options
-rw-r--r-- | daemon.c | 18 | ||||
-rw-r--r-- | su.c | 7 |
2 files changed, 18 insertions, 7 deletions
@@ -365,10 +365,28 @@ static int daemon_accept(int fd) { int ptsfd; if (pts_slave[0]) { + struct stat st; + + if (stat(pts_slave, &st)) { + PLOGE("failed to stat pts_slave"); + exit(-1); + } + + if (st.st_uid != credentials.uid) { + PLOGE("caller doesn't own proposed PTY"); + exit(-1); + } + + if (!S_ISCHR(st.st_mode)) { + PLOGE("proposed PTY isn't a chardev"); + exit(-1); + } + // Opening the TTY has to occur after the // fork() and setsid() so that it becomes // our controlling TTY and not the daemon's ptsfd = open(pts_slave, O_RDWR); + if (ptsfd == -1) { PLOGE("open(pts_slave) daemon"); exit(-1); @@ -439,7 +439,6 @@ int su_main(int argc, char *argv[], int need_client) { .name = "", }, }; - struct stat st; int c, socket_serv_fd, fd; char buf[64], *result; policy_t dballow; @@ -541,12 +540,6 @@ int su_main(int argc, char *argv[], int need_client) { allow(&ctx, NULL); } - // always allow if this is the superuser uid - // superuser needs to be able to reenable itself when disabled... - if (ctx.from.uid == st.st_uid) { - allow(&ctx, NULL); - } - // check if superuser is disabled completely if (access_disabled(&ctx.from)) { ALOGD("access_disabled"); |