From c1a89ec10e66dfb054c6dabfd9a9f49a29f9fae3 Mon Sep 17 00:00:00 2001 From: Gaute Lindkvist Date: Fri, 26 Jul 2019 16:25:04 +0200 Subject: [PATCH] #4522 Ensure ResInsight does not run if the setuid bit is set on the executable. * If you run a GUI-version this is likely to be checked anyway through Qt or GTK+ but not the console version. --- ApplicationCode/Application/RiaMain.cpp | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/ApplicationCode/Application/RiaMain.cpp b/ApplicationCode/Application/RiaMain.cpp index 18fefb4f09..d63188df3d 100644 --- a/ApplicationCode/Application/RiaMain.cpp +++ b/ApplicationCode/Application/RiaMain.cpp @@ -24,6 +24,11 @@ #include "cvfProgramOptions.h" #include "cvfqtUtils.h" +#ifndef WIN32 +#include +#include +#endif + RiaApplication* createApplication(int &argc, char *argv[]) { for (int i = 1; i < argc; ++i) @@ -38,6 +43,15 @@ RiaApplication* createApplication(int &argc, char *argv[]) int main(int argc, char *argv[]) { +#ifndef WIN32 + // From Qt 5.3 and onwards Qt has a mechanism for checking this automatically + // But it only checks user id not group id, so better to do it ourselves. + if (getuid() != geteuid() || getgid() != getegid()) + { + std::cerr << "FATAL: The application binary appears to be running setuid or setgid, this is a security hole." << std::endl; + return 1; + } +#endif RiaLogging::loggerInstance()->setLevel(RI_LL_DEBUG); std::unique_ptr app (createApplication(argc, argv));