summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>1996-12-22 03:29:13 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>1996-12-22 03:29:13 +0000
commitc685da080d7d6ef4da40968519030fcf518289f4 (patch)
tree3d3c481aab15688149f43911b9e9fa5b610d15b9
parentb9e51bce4b9f1693731b39bfbb2873af2e60d83c (diff)
Deal with _POSIX_SAVED_IDS when relinquishing privileges
-rw-r--r--usr.sbin/iostat/iostat.c6
-rw-r--r--usr.sbin/pppd/main.c7
-rw-r--r--usr.sbin/pstat/pstat.c8
-rw-r--r--usr.sbin/slstats/slstats.c8
-rw-r--r--usr.sbin/timed/timedc/timedc.c5
-rw-r--r--usr.sbin/traceroute/traceroute.c3
-rw-r--r--usr.sbin/trpt/trpt.c6
-rw-r--r--usr.sbin/trsp/trsp.c7
8 files changed, 35 insertions, 15 deletions
diff --git a/usr.sbin/iostat/iostat.c b/usr.sbin/iostat/iostat.c
index a591e568729..f038f6e113a 100644
--- a/usr.sbin/iostat/iostat.c
+++ b/usr.sbin/iostat/iostat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: iostat.c,v 1.5 1996/11/02 00:35:50 millert Exp $ */
+/* $OpenBSD: iostat.c,v 1.6 1996/12/22 03:28:56 deraadt Exp $ */
/* $NetBSD: iostat.c,v 1.10 1996/10/25 18:21:58 scottr Exp $ */
/*
@@ -176,8 +176,10 @@ main(argc, argv)
* Discard setgid privileges if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
*/
- if (nlistf != NULL || memf != NULL)
+ if (nlistf != NULL || memf != NULL) {
+ setegid(getgid());
setgid(getgid());
+ }
dkinit(0);
dkreadstats();
diff --git a/usr.sbin/pppd/main.c b/usr.sbin/pppd/main.c
index 5ff49361733..374bad88bf7 100644
--- a/usr.sbin/pppd/main.c
+++ b/usr.sbin/pppd/main.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: main.c,v 1.11 1996/08/20 04:48:27 deraadt Exp $ */
+/* $OpenBSD: main.c,v 1.12 1996/12/22 03:29:01 deraadt Exp $ */
/*
* main.c - Point-to-Point Protocol main module
@@ -20,7 +20,7 @@
*/
#ifndef lint
-static char rcsid[] = "$OpenBSD: main.c,v 1.11 1996/08/20 04:48:27 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: main.c,v 1.12 1996/12/22 03:29:01 deraadt Exp $";
#endif
#include <stdio.h>
@@ -1010,7 +1010,10 @@ device_script(program, in, out)
close(errfd);
}
}
+ /* revoke privs */
+ seteuid(getuid());
setuid(getuid());
+ setegid(getgid());
setgid(getgid());
execl("/bin/sh", "sh", "-c", program, (char *)0);
syslog(LOG_ERR, "could not exec /bin/sh: %m");
diff --git a/usr.sbin/pstat/pstat.c b/usr.sbin/pstat/pstat.c
index e1910895f99..8dd039749da 100644
--- a/usr.sbin/pstat/pstat.c
+++ b/usr.sbin/pstat/pstat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pstat.c,v 1.6 1996/11/24 23:42:11 millert Exp $ */
+/* $OpenBSD: pstat.c,v 1.7 1996/12/22 03:29:03 deraadt Exp $ */
/* $NetBSD: pstat.c,v 1.27 1996/10/23 22:50:06 cgd Exp $ */
/*-
@@ -44,7 +44,7 @@ static char copyright[] =
#if 0
from: static char sccsid[] = "@(#)pstat.c 8.9 (Berkeley) 2/16/94";
#else
-static char *rcsid = "$OpenBSD: pstat.c,v 1.6 1996/11/24 23:42:11 millert Exp $";
+static char *rcsid = "$OpenBSD: pstat.c,v 1.7 1996/12/22 03:29:03 deraadt Exp $";
#endif
#endif /* not lint */
@@ -208,8 +208,10 @@ main(argc, argv)
* Discard setgid privileges if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
*/
- if (nlistf != NULL || memf != NULL)
+ if (nlistf != NULL || memf != NULL) {
+ (void)setegid(getgid());
(void)setgid(getgid());
+ }
if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == 0)
errx(1, "kvm_openfiles: %s", buf);
diff --git a/usr.sbin/slstats/slstats.c b/usr.sbin/slstats/slstats.c
index 31066f64c07..a55640cbda8 100644
--- a/usr.sbin/slstats/slstats.c
+++ b/usr.sbin/slstats/slstats.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: slstats.c,v 1.6 1996/12/10 15:14:33 deraadt Exp $ */
+/* $OpenBSD: slstats.c,v 1.7 1996/12/22 03:29:06 deraadt Exp $ */
/* $NetBSD: slstats.c,v 1.6.6.1 1996/06/07 01:42:30 thorpej Exp $ */
/*
@@ -25,7 +25,7 @@
*/
#ifndef lint
-static char rcsid[] = "$OpenBSD: slstats.c,v 1.6 1996/12/10 15:14:33 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: slstats.c,v 1.7 1996/12/22 03:29:06 deraadt Exp $";
#endif
#define INET
@@ -133,8 +133,10 @@ main(argc, argv)
* Discard setgid privileges if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
*/
- if (kmemf != NULL || kernel != NULL)
+ if (kmemf != NULL || kernel != NULL) {
+ setegid(getgid());
setgid(getgid());
+ }
memset(errbuf, 0, sizeof(errbuf));
if ((kd = kvm_openfiles(kernel, kmemf, NULL, O_RDONLY, errbuf)) == NULL)
diff --git a/usr.sbin/timed/timedc/timedc.c b/usr.sbin/timed/timedc/timedc.c
index 5ac743a1d30..9c5d0d573a1 100644
--- a/usr.sbin/timed/timedc/timedc.c
+++ b/usr.sbin/timed/timedc/timedc.c
@@ -42,7 +42,7 @@ static char sccsid[] = "@(#)timedc.c 5.1 (Berkeley) 5/11/93";
#endif /* not lint */
#ifdef sgi
-#ident "$Revision: 1.1 $"
+#ident "$Revision: 1.2 $"
#endif
#include "timedc.h"
@@ -77,6 +77,9 @@ main(int argc, char *argv[])
fprintf(stderr, "Could not get privileged resources\n");
exit(1);
}
+ /* revoke privs */
+
+ (void) seteuid(getuid());
(void) setuid(getuid());
if (--argc > 0) {
diff --git a/usr.sbin/traceroute/traceroute.c b/usr.sbin/traceroute/traceroute.c
index ecf84ceb187..b52183a7cc7 100644
--- a/usr.sbin/traceroute/traceroute.c
+++ b/usr.sbin/traceroute/traceroute.c
@@ -312,6 +312,9 @@ main(argc, argv)
err(5, "icmp socket");
if ((sndsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
err(5, "raw socket");
+
+ /* revoke privs */
+ seteuid(getuid());
setuid(getuid());
lsrr = 0;
diff --git a/usr.sbin/trpt/trpt.c b/usr.sbin/trpt/trpt.c
index 7f5769884cf..3bab7298bd0 100644
--- a/usr.sbin/trpt/trpt.c
+++ b/usr.sbin/trpt/trpt.c
@@ -39,7 +39,7 @@ char copyright[] =
#ifndef lint
/*static char sccsid[] = "from: @(#)trpt.c 5.14 (Berkeley) 7/1/91";*/
-static char rcsid[] = "$Id: trpt.c,v 1.3 1996/06/03 18:06:18 deraadt Exp $";
+static char rcsid[] = "$Id: trpt.c,v 1.4 1996/12/22 03:29:10 deraadt Exp $";
#endif /* not lint */
#include <sys/param.h>
@@ -167,8 +167,10 @@ main(argc, argv)
* Discard setgid priviledges if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
*/
- if (!strcmp(core, _PATH_KMEM) || !strcmp(system, _PATH_UNIX))
+ if (!strcmp(core, _PATH_KMEM) || !strcmp(system, _PATH_UNIX)) {
+ setegid(getgid());
setgid(getgid());
+ }
if (nlist(system, nl) < 0 || !nl[0].n_value) {
fprintf(stderr, "trpt: %s: no namelist\n", system);
diff --git a/usr.sbin/trsp/trsp.c b/usr.sbin/trsp/trsp.c
index 566a4ad31c1..ff161d40add 100644
--- a/usr.sbin/trsp/trsp.c
+++ b/usr.sbin/trsp/trsp.c
@@ -39,7 +39,7 @@ char copyright[] =
#ifndef lint
/*static char sccsid[] = "from: @(#)trsp.c 6.8 (Berkeley) 3/2/91";*/
-static char rcsid[] = "$Id: trsp.c,v 1.3 1996/06/03 18:06:23 deraadt Exp $";
+static char rcsid[] = "$Id: trsp.c,v 1.4 1996/12/22 03:29:12 deraadt Exp $";
#endif /* not lint */
#include <sys/cdefs.h>
@@ -149,8 +149,11 @@ again:
* Discard setgid privileges if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
*/
- if (!strcmp(system, _PATH_UNIX) || !strcmp(core, _PATH_KMEM))
+ if (!strcmp(system, _PATH_UNIX) || !strcmp(core, _PATH_KMEM)) {
+ setegid(getgid());
setgid(getgid());
+ }
+
(void) nlist(system, nl);
if (nl[0].n_value == 0) {
fprintf(stderr, "trsp: %s: no namelist\n", system);