termux-packages/packages/squid/no-priv-drop.patch
Leonid Pliushch 6a41d7740d squid: do not use setuid/setgid and similar system calls
Otherwise seccomp will terminate it on modern Android OS versions.
2020-08-08 01:43:47 +03:00

51 lines
1.1 KiB
Diff

diff -uNr squid-4.12/src/tools.cc squid-4.12.mod/src/tools.cc
--- squid-4.12/src/tools.cc 2020-06-07 18:42:16.000000000 +0300
+++ squid-4.12.mod/src/tools.cc 2020-08-07 22:20:30.241392700 +0300
@@ -503,6 +503,9 @@
void
leave_suid(void)
{
+#ifdef __ANDROID__
+ return;
+#endif
debugs(21, 3, "leave_suid: PID " << getpid() << " called");
if (Config.effectiveGroup) {
@@ -539,6 +542,7 @@
}
}
+#ifndef __ANDROID__
#if HAVE_SETRESUID
if (setresuid(Config2.effectiveUserID, Config2.effectiveUserID, 0) < 0) {
const auto xerrno = errno;
@@ -560,6 +564,7 @@
#endif
restoreCapabilities(true);
+#endif
#if HAVE_PRCTL && defined(PR_SET_DUMPABLE)
/* Set Linux DUMPABLE flag */
@@ -574,6 +579,10 @@
void
enter_suid(void)
{
+#ifdef __ANDROID__
+ return;
+#endif
+
debugs(21, 3, "enter_suid: PID " << getpid() << " taking root privileges");
#if HAVE_SETRESUID
if (setresuid((uid_t)-1, 0, (uid_t)-1) < 0) {
@@ -600,6 +609,9 @@
void
no_suid(void)
{
+#ifdef __ANDROID__
+ return;
+#endif
uid_t uid;
leave_suid();
uid = geteuid();