diff options
author | Mattias Andrée <maandree@kth.se> | 2021-03-25 10:06:27 +0100 |
---|---|---|
committer | Mattias Andrée <maandree@kth.se> | 2021-03-25 10:06:44 +0100 |
commit | 37295f52bda468527f2a7cbc3aa1fafabb5e8068 (patch) | |
tree | cc03eb3dca784e7aa3f882694d310f92571fafc3 | |
parent | m makefile (diff) | |
download | adjbacklight-37295f52bda468527f2a7cbc3aa1fafabb5e8068.tar.gz adjbacklight-37295f52bda468527f2a7cbc3aa1fafabb5e8068.tar.bz2 adjbacklight-37295f52bda468527f2a7cbc3aa1fafabb5e8068.tar.xz |
Remove video group membership check and use file permissions and ownership instead
Signed-off-by: Mattias Andrée <maandree@kth.se>
-rw-r--r-- | Makefile | 7 | ||||
-rw-r--r-- | adjbacklight.c | 44 | ||||
-rw-r--r-- | config.mk | 2 |
3 files changed, 7 insertions, 46 deletions
@@ -27,7 +27,10 @@ install: adjbacklight cp -- adjbacklight "$(DESTDIR)$(PREFIX)/bin" cp -- adjbacklight.1 "$(DESTDIR)$(MANPREFIX)/man1" cp -- LICENSE "$(DESTDIR)$(PREFIX)/share/licenses/adjbacklight" - chmod -- 4755 "$(DESTDIR)$(PREFIX)/bin/adjbacklight" + +post-install: + chown -- '0:$(VIDEO_GROUP)' "$(DESTDIR)$(PREFIX)/bin/adjbacklight" + chmod -- 4754 "$(DESTDIR)$(PREFIX)/bin/adjbacklight" uninstall: -rm -- "$(DESTDIR)$(PREFIX)/bin/adjbacklight" @@ -38,4 +41,4 @@ uninstall: clean: -rm -rf -- adjbacklight test *.o .testdir -.PHONY: all check install uninstall clean +.PHONY: all check install post-install uninstall clean diff --git a/adjbacklight.c b/adjbacklight.c index 6fa0066..80dd4a5 100644 --- a/adjbacklight.c +++ b/adjbacklight.c @@ -226,47 +226,6 @@ handle_device(const char *device, int get, int set, double adj, int inc, const c } -static void -check_permissions(void) -{ - long int ngroups_max; - gid_t *groups; - int ngroups; - struct group *videogrp = getgrnam("video"); - - if (!getuid()) - return; - - if (!videogrp && errno && errno != ENOENT && errno != ESRCH && errno != EPERM) { - /* Note, glibc sets errno to EIO if the group does not exist, - * this is the not the specified behavour by either POSIX or - * glibc, and it would be a security issue to treat it as OK. - * Additionally, EBADF is not treated as OK. */ - fprintf(stderr, "%s: getgrnam video: %s\n", argv0, strerror(errno)); - exit(1); - } else if (videogrp) { - ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1; - if (ngroups_max < 0 || ngroups_max > INT_MAX - 1) { - fprintf(stderr, "%s: sysconf _SC_NGROUPS_MAX: %s\n", argv0, strerror(errno)); - exit(1); - } - groups = alloca((size_t)ngroups_max * sizeof(*groups)); - ngroups = getgroups((int)ngroups_max, groups); - if (ngroups < 0) { - fprintf(stderr, "%s: getgroups: %s\n", argv0, strerror(errno)); - exit(1); - } - while (ngroups--) - if (groups[ngroups] == videogrp->gr_gid) - break; - if (ngroups < 0) { - fprintf(stderr, "%s: only root and members of the group 'video' may run this command\n", argv0); - exit(1); - } - } -} - - static int parse_set_argument(const char *str, char *set_prefix, double *set_value, const char **set_suffix) { @@ -429,9 +388,6 @@ main(int argc, char *argv[]) if (set && parse_set_argument(set, &set_prefix, &set_value, &set_suffix)) usage(); - /* Check permissions (important because the program is installed with set-uid) */ - check_permissions(); - if (!get && !set) { isinteractive = isatty(STDIN_FILENO); if (isinteractive && init_terminal(&pid, &saved_stty)) @@ -1,6 +1,8 @@ PREFIX = /usr/local MANPREFIX = $(PREFIX)/share/man +VIDEO_GROUP = video + CCFLAGS = -std=c99 -Wall -Wextra -O2 CPPFLAGS = -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_XOPEN_SOURCE=700 LDFLAGS = -s |