From e1edd620ee284794befa65a1b3c316d2bc959eb5 Mon Sep 17 00:00:00 2001 From: Lucas CHOLLET Date: Sun, 14 Aug 2022 21:19:05 +0200 Subject: [PATCH] pls: Use `LibCore::Account::login()` instead of manually setting the uid In addition to changing the uid, the method also changes the gid and properly sets groups. So this patch will also mitigate the security issue of `pls`. --- Userland/Utilities/pls.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Userland/Utilities/pls.cpp b/Userland/Utilities/pls.cpp index 4912a30fab..13c4f03d86 100644 --- a/Userland/Utilities/pls.cpp +++ b/Userland/Utilities/pls.cpp @@ -42,8 +42,7 @@ ErrorOr serenity_main(Main::Arguments arguments) TRY(Core::System::pledge("stdio rpath exec id")); - TRY(Core::System::setgid(0)); - TRY(Core::System::setuid(as_user_uid)); + TRY(as_user.login()); TRY(Core::System::pledge("stdio rpath exec"));