Skip to content

Commit c27a4ba

Browse files
pyhalovpyhalov
committed
gui-installer: try to avoid running browser as root
1 parent 1450f8b commit c27a4ba

File tree

1 file changed

+50
-5
lines changed

1 file changed

+50
-5
lines changed

usr/src/cmd/gui-install/src/welcome-screen.c

+50-5
Original file line numberDiff line numberDiff line change
@@ -29,13 +29,20 @@
2929

3030
#include <glib/gi18n.h>
3131
#include <gtk/gtk.h>
32+
#include <pwd.h>
33+
#include <stdlib.h>
34+
#include <sys/types.h>
35+
#include <sys/wait.h>
36+
#include <unistd.h>
3237
#include "callbacks.h"
3338
#include "installation-profile.h"
3439
#include "interface-globals.h"
3540
#include "window-graphics.h"
3641
#include "welcome-screen.h"
3742
#include "help-dialog.h"
3843

44+
#define XDG_OPEN "/usr/bin/xdg-open"
45+
3946
/*
4047
* Signal handler connected up by Glade XML signal autoconnect
4148
* for the release notes button clicked event.
@@ -46,19 +53,57 @@ on_releasenotesbutton_clicked(GtkWidget *widget,
4653
{
4754
GError *error = NULL;
4855
gboolean result;
56+
uid_t suid;
57+
int pid;
58+
59+
result = FALSE;
60+
/* The installer will typically be run as root under sudo,
61+
but we don't want to run browser as root */
62+
63+
suid = geteuid();
64+
if (suid == 0) {
65+
char *sudo_uid;
66+
67+
sudo_uid = getenv("SUDO_UID");
68+
if (sudo_uid)
69+
suid = strtol(sudo_uid, (char**)NULL, 10);
70+
}
71+
pid = fork();
72+
if (pid == 0) {
73+
if (suid > 0 && suid != geteuid()) {
74+
struct passwd pw;
75+
76+
setuid(suid);
77+
pw = getpwuid(suid);
78+
if (pw != NULL) {
79+
if (pw->pw_name != NULL) {
80+
setenv("USERNAME", pw->pw_name, 1);
81+
setenv("LOGNAME", pw->pw_name, 1);
82+
}
83+
if (pw->pw_dir != NULL) {
84+
setenv("HOME", pw->pw_dir, 1);
85+
}
86+
}
87+
}
88+
execl(XDG_OPEN, XDG_OPEN, RELEASENOTESURL, (char *)0);
89+
exit(-1);
90+
} else if (pid > 0) {
91+
int status;
92+
93+
waitpid(pid, &status, 0);
94+
if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
95+
result = TRUE;
96+
}
97+
}
4998

50-
result = gtk_show_uri(gtk_widget_get_screen(widget),
51-
RELEASENOTESURL,
52-
GDK_CURRENT_TIME,
53-
&error);
5499
if (result != TRUE) {
55100
gui_install_prompt_dialog(
56101
FALSE,
57102
FALSE,
58103
FALSE,
59104
GTK_MESSAGE_ERROR,
60105
_("Unable to display release notes"),
61-
error->message);
106+
NULL);
62107
g_error_free(error);
63108
}
64109
return (TRUE);

0 commit comments

Comments
 (0)