diff options
| author | Nicholas Marriott <nicm@cvs.openbsd.org> | 2018-11-16 06:41:59 +0000 |
|---|---|---|
| committer | Nicholas Marriott <nicm@cvs.openbsd.org> | 2018-11-16 06:41:59 +0000 |
| commit | 3a66e96bcb0b016317efcc95b8c9a75aee82436a (patch) | |
| tree | a0f7c880feb09ce41eb431e0af7b90e644d3b03f | |
| parent | 1927c5d14813ef80abe1b92137b658353bfbc8b4 (diff) | |
Include "id" in pledge (for setres[ug]id, setgroups) if the shell is
privileged and remove it when dropping privileges (set +p), setting a
flag to make sure we don't do it again.
ok deraadt millert
| -rw-r--r-- | bin/ksh/main.c | 13 | ||||
| -rw-r--r-- | bin/ksh/misc.c | 10 |
2 files changed, 18 insertions, 5 deletions
diff --git a/bin/ksh/main.c b/bin/ksh/main.c index 0c5282cf161..fd8fbb14bd2 100644 --- a/bin/ksh/main.c +++ b/bin/ksh/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.93 2018/09/29 14:13:19 millert Exp $ */ +/* $OpenBSD: main.c,v 1.94 2018/11/16 06:41:58 nicm Exp $ */ /* * startup, main loop, environments and error handling @@ -142,11 +142,18 @@ main(int argc, char *argv[]) char **wp; struct env env; pid_t ppid; + int rv; kshname = argv[0]; - if (pledge("stdio rpath wpath cpath fattr flock getpw proc exec tty", - NULL) == -1) { + if (issetugid()) { /* could later drop privileges */ + rv = pledge("stdio rpath wpath cpath fattr flock getpw proc " + "exec tty id", NULL); + } else { + rv = pledge("stdio rpath wpath cpath fattr flock getpw proc " + "exec tty", NULL); + } + if (rv == -1) { perror("pledge"); exit(1); } diff --git a/bin/ksh/misc.c b/bin/ksh/misc.c index 079276feec9..89d7860d965 100644 --- a/bin/ksh/misc.c +++ b/bin/ksh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.70 2018/04/09 17:53:36 tobias Exp $ */ +/* $OpenBSD: misc.c,v 1.71 2018/11/16 06:41:58 nicm Exp $ */ /* * Miscellaneous functions @@ -16,6 +16,7 @@ #include "charclass.h" short ctypes [UCHAR_MAX+1]; /* type bits for unsigned char */ +static int dropped_privileges; static int do_gmatch(const unsigned char *, const unsigned char *, const unsigned char *, const unsigned char *); @@ -290,12 +291,17 @@ change_flag(enum sh_flag f, } } else /* Turning off -p? */ - if (f == FPRIVILEGED && oldval && !newval) { + if (f == FPRIVILEGED && oldval && !newval && issetugid() && + !dropped_privileges) { gid_t gid = getgid(); setresgid(gid, gid, gid); setgroups(1, &gid); setresuid(ksheuid, ksheuid, ksheuid); + + pledge("stdio rpath wpath cpath fattr flock getpw proc " + "exec tty", NULL); + dropped_privileges = 1; } else if (f == FPOSIX && newval) { Flag(FBRACEEXPAND) = 0; } |