summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThorsten Lockert <tholo@cvs.openbsd.org>1996-12-22 03:41:25 +0000
committerThorsten Lockert <tholo@cvs.openbsd.org>1996-12-22 03:41:25 +0000
commit29b942ca271faf57cf22f4d77c6198d3d9a18795 (patch)
treee78e01431d74ee7d5e7f89285861a5ce132897ca
parent6d199d4d37f161aa59adabfe73b2ce615367fedf (diff)
Deal with _POSIX_SAVED_IDS when relinquishing privileges
-rw-r--r--libexec/atrun/atrun.c6
-rw-r--r--libexec/comsat/comsat.c6
-rw-r--r--libexec/identd/identd.c12
-rw-r--r--libexec/rexecd/rexecd.c4
-rw-r--r--libexec/rpc.rwalld/rwalld.c10
-rw-r--r--libexec/rshd/rshd.c4
-rw-r--r--libexec/tftpd/tftpd.c4
-rw-r--r--libexec/uucpd/uucpd.c4
8 files changed, 37 insertions, 13 deletions
diff --git a/libexec/atrun/atrun.c b/libexec/atrun/atrun.c
index fc804d08b55..7d1b499067b 100644
--- a/libexec/atrun/atrun.c
+++ b/libexec/atrun/atrun.c
@@ -54,7 +54,7 @@
/* File scope variables */
static char *namep;
-static char rcsid[] = "$Id: atrun.c,v 1.1 1995/10/18 08:43:14 deraadt Exp $";
+static char rcsid[] = "$Id: atrun.c,v 1.2 1996/12/22 03:41:10 tholo Exp $";
/* Local functions */
static void
@@ -195,9 +195,13 @@ run_file(filename, uid)
if (initgroups(pentry->pw_name, pentry->pw_gid) < 0)
perr("Cannot init group list");
+ if (setegid(pentry->pw_gid) < 0)
+ perr("Cannot change primary group");
if (setgid(pentry->pw_gid) < 0)
perr("Cannot change primary group");
+ if (seteuid(uid) < 0)
+ perr("Cannot set user id");
if (setuid(uid) < 0)
perr("Cannot set user id");
diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c
index 55f86cc029a..65f14fb26d0 100644
--- a/libexec/comsat/comsat.c
+++ b/libexec/comsat/comsat.c
@@ -39,7 +39,7 @@ static char copyright[] =
#ifndef lint
/*static char sccsid[] = "from: @(#)comsat.c 8.1 (Berkeley) 6/4/93";*/
-static char rcsid[] = "$Id: comsat.c,v 1.3 1996/08/27 11:43:52 deraadt Exp $";
+static char rcsid[] = "$Id: comsat.c,v 1.4 1996/12/22 03:41:12 tholo Exp $";
#endif /* not lint */
#include <sys/param.h>
@@ -245,8 +245,10 @@ jkfprintf(tp, name, offset)
char line[BUFSIZ];
/* Set effective uid to user in case mail drop is on nfs */
- if ((p = getpwnam(name)) != NULL)
+ if ((p = getpwnam(name)) != NULL) {
+ (void) seteuid(p->pw_uid);
(void) setuid(p->pw_uid);
+ }
if ((fi = fopen(name, "r")) == NULL)
return;
diff --git a/libexec/identd/identd.c b/libexec/identd/identd.c
index 20e0d3934f5..fee2e467576 100644
--- a/libexec/identd/identd.c
+++ b/libexec/identd/identd.c
@@ -1,5 +1,5 @@
/*
-** $Id: identd.c,v 1.2 1996/07/25 09:50:02 deraadt Exp $
+** $Id: identd.c,v 1.3 1996/12/22 03:41:14 tholo Exp $
**
** identd.c A TCP/IP link identification protocol server
**
@@ -450,13 +450,19 @@ int main(argc,argv)
ERROR("main: listen");
}
- if (set_gid)
+ if (set_gid) {
+ if (setegid(set_gid) == -1)
+ ERROR("main: setgid");
if (setgid(set_gid) == -1)
ERROR("main: setgid");
+ }
- if (set_uid)
+ if (set_uid) {
+ if (seteuid(set_uid) == -1)
+ ERROR("main: setuid");
if (setuid(set_uid) == -1)
ERROR("main: setuid");
+ }
/*
** Do some special handling if the "-b" or "-w" flags are used
diff --git a/libexec/rexecd/rexecd.c b/libexec/rexecd/rexecd.c
index ee81b0aab45..8a013840d52 100644
--- a/libexec/rexecd/rexecd.c
+++ b/libexec/rexecd/rexecd.c
@@ -39,7 +39,7 @@ char copyright[] =
#ifndef lint
/*static char sccsid[] = "from: @(#)rexecd.c 5.12 (Berkeley) 2/25/91";*/
-static char rcsid[] = "$Id: rexecd.c,v 1.4 1996/07/28 06:33:16 deraadt Exp $";
+static char rcsid[] = "$Id: rexecd.c,v 1.5 1996/12/22 03:41:16 tholo Exp $";
#endif /* not lint */
#include <sys/param.h>
@@ -229,8 +229,10 @@ doit(f, fromp)
if (f > 2)
(void) close(f);
setlogin(pwd->pw_name);
+ (void) setegid((gid_t)pwd->pw_gid);
(void) setgid((gid_t)pwd->pw_gid);
initgroups(pwd->pw_name, pwd->pw_gid);
+ (void) seteuid((uid_t)pwd->pw_uid);
(void) setuid((uid_t)pwd->pw_uid);
(void)strcat(path, _PATH_DEFPATH);
environ = envinit;
diff --git a/libexec/rpc.rwalld/rwalld.c b/libexec/rpc.rwalld/rwalld.c
index 1c877a4306c..e0e65892e51 100644
--- a/libexec/rpc.rwalld/rwalld.c
+++ b/libexec/rpc.rwalld/rwalld.c
@@ -28,7 +28,7 @@
*/
#ifndef lint
-static char rcsid[] = "$Id: rwalld.c,v 1.1 1995/10/18 08:43:21 deraadt Exp $";
+static char rcsid[] = "$Id: rwalld.c,v 1.2 1996/12/22 03:41:18 tholo Exp $";
#endif /* not lint */
#include <unistd.h>
@@ -73,10 +73,14 @@ main(argc, argv)
if (geteuid() == 0) {
struct passwd *pep = getpwnam("nobody");
- if (pep)
+ if (pep) {
+ seteuid(pep->pw_uid);
setuid(pep->pw_uid);
- else
+ }
+ else {
+ seteuid(getuid());
setuid(getuid());
+ }
}
/*
diff --git a/libexec/rshd/rshd.c b/libexec/rshd/rshd.c
index 6b5ca198792..07ada915b2a 100644
--- a/libexec/rshd/rshd.c
+++ b/libexec/rshd/rshd.c
@@ -39,7 +39,7 @@ static char copyright[] =
#ifndef lint
/* from: static char sccsid[] = "@(#)rshd.c 8.2 (Berkeley) 4/6/94"; */
-static char *rcsid = "$Id: rshd.c,v 1.8 1996/11/01 11:30:33 niklas Exp $";
+static char *rcsid = "$Id: rshd.c,v 1.9 1996/12/22 03:41:20 tholo Exp $";
#endif /* not lint */
/*
@@ -660,8 +660,10 @@ fail:
if (setlogin(pwd->pw_name) < 0)
syslog(LOG_ERR, "setlogin() failed: %m");
#endif
+ (void) setegid((gid_t)pwd->pw_gid);
(void) setgid((gid_t)pwd->pw_gid);
initgroups(pwd->pw_name, pwd->pw_gid);
+ (void) seteuid((uid_t)pwd->pw_uid);
(void) setuid((uid_t)pwd->pw_uid);
environ = envinit;
strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c
index c95fd652123..d848a7e05f1 100644
--- a/libexec/tftpd/tftpd.c
+++ b/libexec/tftpd/tftpd.c
@@ -39,7 +39,7 @@ char copyright[] =
#ifndef lint
/*static char sccsid[] = "from: @(#)tftpd.c 5.13 (Berkeley) 2/26/91";*/
-static char rcsid[] = "$Id: tftpd.c,v 1.4 1996/12/03 00:25:52 deraadt Exp $";
+static char rcsid[] = "$Id: tftpd.c,v 1.5 1996/12/22 03:41:22 tholo Exp $";
#endif /* not lint */
/*
@@ -145,7 +145,9 @@ main(argc, argv)
exit(1);
}
+ (void) setegid(pw->pw_gid);
(void) setgid(pw->pw_gid);
+ (void) seteuid(pw->pw_uid);
(void) setuid(pw->pw_uid);
if (ioctl(fd, FIONBIO, &on) < 0) {
diff --git a/libexec/uucpd/uucpd.c b/libexec/uucpd/uucpd.c
index 69f68841125..f515bed2d6e 100644
--- a/libexec/uucpd/uucpd.c
+++ b/libexec/uucpd/uucpd.c
@@ -42,7 +42,7 @@ char copyright[] =
#ifndef lint
/*static char sccsid[] = "from: @(#)uucpd.c 5.10 (Berkeley) 2/26/91";*/
-static char rcsid[] = "$Id: uucpd.c,v 1.6 1996/12/03 01:29:54 deraadt Exp $";
+static char rcsid[] = "$Id: uucpd.c,v 1.7 1996/12/22 03:41:24 tholo Exp $";
#endif /* not lint */
/*
@@ -202,8 +202,10 @@ struct sockaddr_in *sinp;
(void) snprintf(Loginname, sizeof(Loginname), "LOGNAME=%s", user);
dologin(pw, sinp);
setlogin(user);
+ setegid(pw->pw_gid);
setgid(pw->pw_gid);
initgroups(pw->pw_name, pw->pw_gid);
+ seteuid(pw->pw_uid);
setuid(pw->pw_uid);
chdir(pw->pw_dir);
execl(_PATH_UUCICO, "uucico", (char *)0);