convert permanent privilege revocation to use setresuid/setresgid;

ok henning@

2 files changed, 11 insertions, 14 deletions

diff --git a/bin/ksh/misc.c b/bin/ksh/misc.c
index c1a36b08572..b9a779ff349 100644
--- a/bin/ksh/misc.c
+++ b/bin/ksh/misc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: misc.c,v 1.28 2005/03/30 17:16:37 deraadt Exp $	*/
+/*	$OpenBSD: misc.c,v 1.29 2006/03/06 10:44:10 djm Exp $	*/
 
 /*
  * Miscellaneous functions
@@ -293,10 +293,11 @@ change_flag(enum sh_flag f,
 #endif /* EDIT */
 	/* Turning off -p? */
 	if (f == FPRIVILEGED && oldval && !newval) {
-		seteuid(ksheuid = getuid());
-		setuid(ksheuid);
-		setegid(getgid());
-		setgid(getgid());
+		gid_t gid = getgid();
+
+		setresgid(gid, gid, gid);
+		setgroups(1, &gid);
+		setresuid(ksheuid, ksheuid, ksheuid);
 	} else if (f == FPOSIX && newval) {
 #ifdef BRACE_EXPAND
 		Flag(FBRACEEXPAND) = 0
diff --git a/bin/systrace/intercept.c b/bin/systrace/intercept.c
index 61f72435f0b..32cc883b369 100644
--- a/bin/systrace/intercept.c
+++ b/bin/systrace/intercept.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: intercept.c,v 1.49 2004/07/07 07:31:40 marius Exp $	*/
+/*	$OpenBSD: intercept.c,v 1.50 2006/03/06 10:44:10 djm Exp $	*/
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.
@@ -323,16 +323,12 @@ intercept_run(int bg, int fd, uid_t uid, gid_t gid,
 
 		/* Change to different user */
 		if (uid || gid) {
+			if (setresgid(gid, gid, gid) == -1)
+				err(1, "setresgid");
 			if (setgroups(1, &gid) == -1)
 				err(1, "setgroups");
-			if (setgid(gid) == -1)
-				err(1, "setgid");
-			if (setegid(gid) == -1)
-				err(1, "setegid");
-			if (setuid(uid) == -1)
-				err(1, "setuid");
-			if (seteuid(uid) == -1)
-				err(1, "seteuid");
+			if (setresuid(uid, uid, uid) == -1)
+				err(1, "setresuid");
 		}
 		execvp(path, argv);