OilfieldToolsNet/ResInsight
4
0
Fork 0
mirror of https://github.com/OPM/ResInsight.git synced 2025-02-25 18:55:39 -06:00
Code Issues Packages Projects Releases Wiki Activity

#4522 Ensure ResInsight does not run if the setuid bit is set on the executable.

Browse Source 
* If you run a GUI-version this is likely to be checked anyway through Qt or GTK+ but not the console version.
This commit is contained in:
Gaute Lindkvist 2019-07-26 16:25:04 +02:00
parent 3ba962aefb
commit c1a89ec10e
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ApplicationCode/Application/RiaMain.cpp
View File

@ -24,6 +24,11 @@
#include "cvfProgramOptions.h"
#include "cvfqtUtils.h"
#ifndef WIN32
#include <unistd.h>
#include <sys/types.h>
#endif
RiaApplication* createApplication(int &argc, char *argv[])
{
for (int i = 1; i < argc; ++i)
@ -38,6 +43,15 @@ RiaApplication* createApplication(int &argc, char *argv[])
int main(int argc, char *argv[])
{
#ifndef WIN32
// From Qt 5.3 and onwards Qt has a mechanism for checking this automatically
// But it only checks user id not group id, so better to do it ourselves.
if (getuid() != geteuid() || getgid() != getegid())
{
std::cerr << "FATAL: The application binary appears to be running setuid or setgid, this is a security hole." << std::endl;
return 1;
}
#endif
RiaLogging::loggerInstance()->setLevel(RI_LL_DEBUG);
std::unique_ptr<RiaApplication> app (createApplication(argc, argv));