aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMattias Andrée <maandree@kth.se>2021-03-25 10:06:27 +0100
committerMattias Andrée <maandree@kth.se>2021-03-25 10:06:44 +0100
commit37295f52bda468527f2a7cbc3aa1fafabb5e8068 (patch)
treecc03eb3dca784e7aa3f882694d310f92571fafc3
parentm makefile (diff)
downloadadjbacklight-37295f52bda468527f2a7cbc3aa1fafabb5e8068.tar.gz
adjbacklight-37295f52bda468527f2a7cbc3aa1fafabb5e8068.tar.bz2
adjbacklight-37295f52bda468527f2a7cbc3aa1fafabb5e8068.tar.xz
Remove video group membership check and use file permissions and ownership instead
Signed-off-by: Mattias Andrée <maandree@kth.se>
-rw-r--r--Makefile7
-rw-r--r--adjbacklight.c44
-rw-r--r--config.mk2
3 files changed, 7 insertions, 46 deletions
diff --git a/Makefile b/Makefile
index f3b9f72..8cbdd23 100644
--- a/Makefile
+++ b/Makefile
@@ -27,7 +27,10 @@ install: adjbacklight
cp -- adjbacklight "$(DESTDIR)$(PREFIX)/bin"
cp -- adjbacklight.1 "$(DESTDIR)$(MANPREFIX)/man1"
cp -- LICENSE "$(DESTDIR)$(PREFIX)/share/licenses/adjbacklight"
- chmod -- 4755 "$(DESTDIR)$(PREFIX)/bin/adjbacklight"
+
+post-install:
+ chown -- '0:$(VIDEO_GROUP)' "$(DESTDIR)$(PREFIX)/bin/adjbacklight"
+ chmod -- 4754 "$(DESTDIR)$(PREFIX)/bin/adjbacklight"
uninstall:
-rm -- "$(DESTDIR)$(PREFIX)/bin/adjbacklight"
@@ -38,4 +41,4 @@ uninstall:
clean:
-rm -rf -- adjbacklight test *.o .testdir
-.PHONY: all check install uninstall clean
+.PHONY: all check install post-install uninstall clean
diff --git a/adjbacklight.c b/adjbacklight.c
index 6fa0066..80dd4a5 100644
--- a/adjbacklight.c
+++ b/adjbacklight.c
@@ -226,47 +226,6 @@ handle_device(const char *device, int get, int set, double adj, int inc, const c
}
-static void
-check_permissions(void)
-{
- long int ngroups_max;
- gid_t *groups;
- int ngroups;
- struct group *videogrp = getgrnam("video");
-
- if (!getuid())
- return;
-
- if (!videogrp && errno && errno != ENOENT && errno != ESRCH && errno != EPERM) {
- /* Note, glibc sets errno to EIO if the group does not exist,
- * this is the not the specified behavour by either POSIX or
- * glibc, and it would be a security issue to treat it as OK.
- * Additionally, EBADF is not treated as OK. */
- fprintf(stderr, "%s: getgrnam video: %s\n", argv0, strerror(errno));
- exit(1);
- } else if (videogrp) {
- ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
- if (ngroups_max < 0 || ngroups_max > INT_MAX - 1) {
- fprintf(stderr, "%s: sysconf _SC_NGROUPS_MAX: %s\n", argv0, strerror(errno));
- exit(1);
- }
- groups = alloca((size_t)ngroups_max * sizeof(*groups));
- ngroups = getgroups((int)ngroups_max, groups);
- if (ngroups < 0) {
- fprintf(stderr, "%s: getgroups: %s\n", argv0, strerror(errno));
- exit(1);
- }
- while (ngroups--)
- if (groups[ngroups] == videogrp->gr_gid)
- break;
- if (ngroups < 0) {
- fprintf(stderr, "%s: only root and members of the group 'video' may run this command\n", argv0);
- exit(1);
- }
- }
-}
-
-
static int
parse_set_argument(const char *str, char *set_prefix, double *set_value, const char **set_suffix)
{
@@ -429,9 +388,6 @@ main(int argc, char *argv[])
if (set && parse_set_argument(set, &set_prefix, &set_value, &set_suffix))
usage();
- /* Check permissions (important because the program is installed with set-uid) */
- check_permissions();
-
if (!get && !set) {
isinteractive = isatty(STDIN_FILENO);
if (isinteractive && init_terminal(&pid, &saved_stty))
diff --git a/config.mk b/config.mk
index 6f50bbb..60571ad 100644
--- a/config.mk
+++ b/config.mk
@@ -1,6 +1,8 @@
PREFIX = /usr/local
MANPREFIX = $(PREFIX)/share/man
+VIDEO_GROUP = video
+
CCFLAGS = -std=c99 -Wall -Wextra -O2
CPPFLAGS = -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_XOPEN_SOURCE=700
LDFLAGS = -s