Don't write to htoprc file if it's not owned by EUID #1866
+7
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Explorer09
force-pushed
the
htoprc-owner-check
branch
from
ad5f050 to
07238f1
Compare
BenBE
added
enhancement
Because htop writes the new settings in an "atomic" fashion (that is, create a temp file, write content and then rename the temp file to the final name, replacing the old one), the new htoprc file could be owned by a user that's different from the original. This can cause the original user to not be able to access the htoprc file again. This scenario can happen when htop is run with elevated privileges. In Linux, this occurs when htop is run with SUID (`chmod u+s htop`). In macOS/Darwin, this occurs when htop is run with sudo (`sudo htop`) with the default sudoers configuration (specifically, with this `env_keep += "HOME"` line, which is discouraged by sudo upstream). Also, in Linux (see CAP_DAC_OVERRIDE), the root user can bypass access controls by default, meaning they can open() a file in write mode without the write permission bit on file. Check the owner and the write permission bit on the htoprc file. If the file's owner is different, or if it doesn't have write permission for owner, don't write to it on htop's exit. Signed-off-by: Kang-Che Sung <explorer09@gmail.com>
Explorer09
force-pushed
the
htoprc-owner-check
branch
from
07238f1 to
5f4ae67
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Because htop writes the new settings in an "atomic" fashion (that is, create a temp file, write content and then rename the temp file to the final name, replacing the old one), the new htoprc file could be owned by a user that's different from the original. This can cause the original user to not be able to access the htoprc file again.
This scenario can happen when htop is run with elevated privileges. In Linux, this occurs when htop is run with SUID (
chmod u+s htop). In macOS/Darwin, this occurs when htop is run with sudo (sudo htop) with the default sudoers configuration (specifically, with thisenv_keep += "HOME"line, which is discouraged by sudo upstream).Don't assume the htoprc file opened will be owned by the same effective user ID. If the file's owner is different, don't write to it on htop's exit.