| When ALLOW_START_AS_NON_ROOT is defined, this patch prevents pppd from: |
| a) calling seteuid(0) in connect_tty |
| b) calling setuid(0) in run_program (for running scripts in /etc/ppp) |
| We don't want pppd trying to regain root privileges in either of these |
| cases. |
| |
| diff --git a/pppd/main.c b/pppd/main.c |
| index 212540a..8217d80 100644 |
| --- a/pppd/main.c |
| +++ b/pppd/main.c |
| @@ -1830,7 +1830,9 @@ run_program(prog, args, must_exist, done, arg, wait) |
| (void) setsid(); /* No controlling tty. */ |
| (void) umask (S_IRWXG|S_IRWXO); |
| (void) chdir ("/"); /* no current directory. */ |
| +#ifndef ALLOW_START_AS_NON_ROOT |
| setuid(0); /* set real UID = root */ |
| +#endif |
| setgid(getegid()); |
| |
| #ifdef BSD |
| diff --git a/pppd/tty.c b/pppd/tty.c |
| index c9a0b33..d76b098 100644 |
| --- a/pppd/tty.c |
| +++ b/pppd/tty.c |
| @@ -575,8 +575,10 @@ int connect_tty() |
| } |
| real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0); |
| err = errno; |
| +#ifndef ALLOW_START_AS_NON_ROOT |
| if (prio < OPRIO_ROOT && seteuid(0) == -1) |
| fatal("Unable to regain privileges"); |
| +#endif |
| if (real_ttyfd >= 0) |
| break; |
| errno = err; |