vor 12 Jahren · 390e7e38f2
--- a/lib/tests/test_utils.c
+++ b/lib/tests/test_utils.c
@@ -38,7 +38,7 @@ main (int argc, char **argv)
 
				 	state_data *temp_state_data;
			
 
				 	time_t	current_time;
			
 
				 
			
 
				-	plan_tests(150);
			
 
				+	plan_tests(151);
			
 
				 
			
 
				 	ok( this_nagios_plugin==NULL, "nagios_plugin not initialised");
			
 
				 
			
@@ -440,6 +440,8 @@ main (int argc, char **argv)
 
				 
			
 
				 	ok( this_nagios_plugin==NULL, "Free'd this_nagios_plugin" );
			
 
				 
			
 
				+	ok( np_suid() == FALSE, "test aren't suid" );
			
 
				+
			
 
				 	return exit_status();
			
 
				 }
			
 
				 
			
--- a/lib/utils_base.c
+++ b/lib/utils_base.c
@@ -30,6 +30,8 @@
 
				 #include <ctype.h>
			
 
				 #include <fcntl.h>
			
 
				 #include <sys/stat.h>
			
 
				+#include <unistd.h>
			
 
				+#include <sys/types.h>
			
 
				 
			
 
				 #define np_free(ptr) { if(ptr) { free(ptr); ptr = NULL; } }
			
 
				 
			
@@ -415,10 +417,15 @@ void _cleanup_state_data() {
 
				 char* _np_state_calculate_location_prefix(){
			
 
				 	char *env_dir;
			
 
				 
			
 
				-	env_dir = getenv("NAGIOS_PLUGIN_STATE_DIRECTORY");
			
 
				-	if(env_dir && env_dir[0] != '\0')
			
 
				-		return env_dir;
			
 
				-	return NP_STATE_DIR_PREFIX;
			
 
				+	/* Do not allow passing NP_STATE_DIRECTORY in setuid plugins
			
 
				+	 * for security reasons */
			
 
				+
			
 
				+	if (np_suid() == FALSE) {
			
 
				+		env_dir = getenv("NAGIOS_PLUGIN_STATE_DIRECTORY");
			
 
				+		if(env_dir && env_dir[0] != '\0')
			
 
				+			return env_dir;
			
 
				+		return NP_STATE_DIR_PREFIX;
			
 
				+	}
			
 
				 }
			
 
				 
			
 
				 /*
			
--- a/lib/utils_base.h
+++ b/lib/utils_base.h
@@ -102,4 +102,8 @@ void np_init(char *, int argc, char **argv);
 
				 void np_set_args(int argc, char **argv);
			
 
				 void np_cleanup();
			
 
				 
			
 
				+/* np_suid() returns true if the real and effective uids differs, such as when
			
 
				++ * running a suid plugin */
			
 
				+#define np_suid() (getuid() != geteuid())
			
 
				+
			
 
				 #endif /* _UTILS_BASE_ */