Fix potential trust issues by using SO_PEERCRED.

author Koushik Dutta <koushd@gmail.com>

Mon, 12 Aug 2013 01:14:41 +0000 (18:14 -0700)

committer Koushik Dutta <koushd@gmail.com>

Mon, 12 Aug 2013 01:14:41 +0000 (18:14 -0700)
author Koushik Dutta <koushd@gmail.com>
Mon, 12 Aug 2013 01:14:41 +0000 (18:14 -0700)
committer Koushik Dutta <koushd@gmail.com>
Mon, 12 Aug 2013 01:14:41 +0000 (18:14 -0700)
diff --git a/Superuser/jni/su/daemon.c b/Superuser/jni/su/daemon.c

index 5a5f04c..753e886 100644 (file)
--- a/Superuser/jni/su/daemon.c
+++ b/Superuser/jni/su/daemon.c
@@ -154,6 +154,22 @@ static int daemon_accept(int fd) {
      LOGD("remote uid: %d", daemon_from_uid);
      daemon_from_pid = read_int(fd);
      LOGD("remote req pid: %d", daemon_from_pid);
+
+    struct ucred credentials;
+    int ucred_length = sizeof(struct ucred);
+    /* fill in the user data structure */
+    if(getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &credentials, &ucred_length)) {
+        LOGE("could obtain credentials from unix domain socket");
+        exit(-1);
+    }
+    // if the credentials on the other side of the wire are NOT root,
+    // we can't trust what anything being sent.
+    if (credentials.uid != 0) {
+        daemon_from_uid = credentials.uid;
+        pid = credentials.pid;
+        daemon_from_pid = credentials.pid;
+    }
+
      int argc = read_int(fd);
      if (argc < 0 || argc > 512) {
          LOGE("unable to allocate args: %d", argc);
author	Koushik Dutta <koushd@gmail.com>
	Mon, 12 Aug 2013 01:14:41 +0000 (18:14 -0700)
committer	Koushik Dutta <koushd@gmail.com>
	Mon, 12 Aug 2013 01:14:41 +0000 (18:14 -0700)