diff --git a/configure.ac b/configure.ac index 27b796c..6ace45c 100644 --- a/configure.ac +++ b/configure.ac @@ -25,6 +25,9 @@ AC_C_CONST AC_PROG_GCC_TRADITIONAL AC_CONFIG_MACRO_DIR([m4]) +dnl Overwrite default archiver flags. +AC_SUBST(AR_FLAGS, [cr]) + dnl Check for header files that do not exist on all platforms AC_CHECK_HEADERS([libutil.h pthread.h pty.h strings.h sys/prctl.h sys/uio.h \ util.h utmp.h utmpx.h]) diff --git a/debian/watch b/debian/watch deleted file mode 100644 index d7d49e5..0000000 --- a/debian/watch +++ /dev/null @@ -1,2 +0,0 @@ -version=3 -https://github.com/shellinabox/shellinabox/tags .*/v?(\d\S*)\.tar\.gz diff --git a/shellinabox/launcher.c b/shellinabox/launcher.c index 5348b6c..066c8fb 100644 --- a/shellinabox/launcher.c +++ b/shellinabox/launcher.c @@ -128,6 +128,8 @@ typedef struct pam_handle pam_handle_t; #define UNUSED(x) do { (void)(x); } while (0) #endif +#define UNUSED_RETURN(x) do { (void)((x)+1); } while (0) + #undef pthread_once #undef execle int execle(const char *, const char *, ...); @@ -668,8 +670,8 @@ void destroyUtmp(struct Utmp *utmp) { uid_t r_gid, e_gid, s_gid; check(!getresuid(&r_uid, &e_uid, &s_uid)); check(!getresgid(&r_gid, &e_gid, &s_gid)); - setresuid(0, 0, 0); - setresgid(0, 0, 0); + UNUSED_RETURN(setresuid(0, 0, 0)); + UNUSED_RETURN(setresgid(0, 0, 0)); setutxent(); pututxline(&utmp->utmpx); @@ -1543,9 +1545,10 @@ static void childProcess(struct Service *service, int width, int height, cfsetospeed(&tt, B38400); tcsetattr(0, TCSAFLUSH, &tt); - // Assert root privileges in order to update utmp entry. - setresuid(0, 0, 0); - setresgid(0, 0, 0); + // Assert root privileges in order to update utmp entry. We can only do that, + // if we have root permissions otherwise this fails. + UNUSED_RETURN(setresuid(0, 0, 0)); + UNUSED_RETURN(setresgid(0, 0, 0)); #ifdef HAVE_UTMPX_H setutxent(); struct utmpx utmpx = utmp->utmpx; diff --git a/shellinabox/privileges.c b/shellinabox/privileges.c index ae1e20b..e7baf6e 100644 --- a/shellinabox/privileges.c +++ b/shellinabox/privileges.c @@ -59,10 +59,11 @@ #include "shellinabox/privileges.h" #include "logging/logging.h" +#define UNUSED_RETURN(x) do { (void)((x)+1); } while (0) + int runAsUser = -1; int runAsGroup = -1; - #ifndef HAVE_GETRESUID int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid) { *ruid = getuid(); @@ -136,7 +137,7 @@ void lowerPrivileges(void) { // Temporarily lower user privileges. If we used to have "root" privileges, // we can later still regain them. - setresuid(-1, -1, 0); + UNUSED_RETURN(setresuid(-1, -1, 0)); if (runAsUser >= 0) { // Try to switch to the user-provided user id.