Replace emulated versions of setreuid() and setregid() with real syscalls.

These are spec'd by POSIX as of 1003.1-2001; deraadt@ OK

3 files changed, 256 insertions, 8 deletions

diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc
index 195534ecdb2..e6030715104 100644
--- a/lib/libc/sys/Makefile.inc
+++ b/lib/libc/sys/Makefile.inc
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile.inc,v 1.63 2002/12/02 15:54:14 millert Exp $
+#	$OpenBSD: Makefile.inc,v 1.64 2003/01/31 21:47:46 millert Exp $
 #	$NetBSD: Makefile.inc,v 1.35 1995/10/16 23:49:07 jtc Exp $
 #	@(#)Makefile.inc	8.1 (Berkeley) 6/17/93
 
@@ -51,8 +51,8 @@ ASM=	accept.o access.o acct.o adjtime.o bind.o chdir.o chflags.o chmod.o \
 	read.o readlink.o readv.o reboot.o recvfrom.o recvmsg.o rename.o \
 	revoke.o rmdir.o select.o semget.o semop.o sendmsg.o sendto.o \
 	setegid.o seteuid.o setgid.o setgroups.o setitimer.o setpgid.o \
-	setpriority.o setresgid.o setresuid.o setrlimit.o setsid.o \
-	setsockopt.o settimeofday.o \
+	setpriority.o setregid.o setreuid.o setresgid.o setresuid.o \
+	setrlimit.o setsid.o setsockopt.o settimeofday.o \
 	setuid.o shmat.o shmctl.o shmdt.o shmget.o shutdown.o sigaction.o \
 	sigaltstack.o socket.o socketpair.o stat.o statfs.o swapon.o swapctl.o \
 	symlink.o sync.o sysarch.o umask.o undelete.o unlink.o unmount.o \
@@ -222,11 +222,11 @@ MAN+=	accept.2 access.2 acct.2 adjtime.2 bind.2 brk.2 chdir.2 chflags.2 \
 	nfssvc.2 open.2 pathconf.2 \
 	pipe.2 profil.2 poll.2 ptrace.2 quotactl.2 read.2 readlink.2 reboot.2 \
 	recv.2 rename.2 revoke.2 rfork.2 rmdir.2 select.2 send.2 setgroups.2 \
-	setpgid.2 setresuid.2 setsid.2 setuid.2 shutdown.2 sigaction.2 \
-	sigaltstack.2 sigpending.2 sigprocmask.2 sigreturn.2 sigstack.2 \
-	sigsuspend.2 socket.2 socketpair.2 stat.2 statfs.2 swapctl.2 symlink.2 \
-	sync.2 sysarch.2 syscall.2 truncate.2 umask.2 unlink.2 utimes.2 \
-	vfork.2 wait.2 write.2
+	setpgid.2 setregid.2 setreuid.2 setresuid.2 setsid.2 setuid.2 \
+	shutdown.2 sigaction.2 sigaltstack.2 sigpending.2 sigprocmask.2 \
+	sigreturn.2 sigstack.2 sigsuspend.2 socket.2 socketpair.2 stat.2 \
+	statfs.2 swapctl.2 symlink.2 sync.2 sysarch.2 syscall.2 truncate.2 \
+	umask.2 unlink.2 utimes.2 vfork.2 wait.2 write.2
 
 MAN+=	extattr_get_file.2
 MLINKS+=extattr_get_file.2 extattr_set_file.2 \
diff --git a/lib/libc/sys/setregid.2 b/lib/libc/sys/setregid.2
new file mode 100644
index 00000000000..adedd38c189
--- /dev/null
+++ b/lib/libc/sys/setregid.2
@@ -0,0 +1,125 @@
+.\" $OpenBSD: setregid.2,v 1.1 2003/01/31 21:47:46 millert Exp $
+.\"
+.\" Copyright (c) 1980, 1991, 1993, 1994
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)setregid.2	8.2 (Berkeley) 4/16/94
+.\"
+.Dd January 29, 2003
+.Dt SETREGID 2
+.Os
+.Sh NAME
+.Nm setregid
+.Nd set real and effective group IDs
+.Sh SYNOPSIS
+.Fd #include <unistd.h>
+.Ft int
+.Fn setregid "gid_t rgid" "gid_t egid"
+.Sh DESCRIPTION
+The real and effective group IDs of the current process
+are set according to the arguments.
+If the real group ID is changed, the saved group ID is changed to the
+new value of the effective group ID.
+.Pp
+Unprivileged users may change either group ID to the current value
+of the real, effective, or saved group ID.
+Only the superuser may make other changes.
+.Pp
+Supplying a value of -1 for either the real or effective
+group ID forces the system to substitute the current
+ID in place of the -1 parameter.
+.Pp
+The
+.Fn setregid
+function was intended to allow swapping the real and
+effective group IDs in set-group-ID programs to temporarily relinquish
+the set-group-ID value.
+This purpose is now better served by the use of the
+.Fn setegid
+function (see
+.Xr setuid 2 ) .
+.Pp
+When setting the real and effective group IDs to the same value, the
+.Fn setgid
+function is preferred.
+.Sh RETURN VALUES
+Upon successful completion, a value of 0 is returned.
+Otherwise, a value of -1 is returned and
+.Va errno
+is set to indicate the error.
+.Sh ERRORS
+.Bl -tag -width Er
+.It Bq Er EPERM
+The current process is not the superuser and a change
+other than changing the effective group ID to the real group ID
+was specified.
+.El
+.Sh SEE ALSO
+.Xr getgid 2 ,
+.Xr setegid 2 ,
+.Xr setgid 2 ,
+.Xr setresgid 2 ,
+.Xr setuid 2
+.Sh STANDARDS
+The
+.Fn setregid
+function conforms to the
+.St -p1003.1-01
+and
+.St -xpg4.3 .
+specifications.
+.Pp
+Note, however, that prior to
+.St -p1003.1-01 ,
+the
+.Fn setregid
+function was not a part of the
+.St -p1003.1
+specification.
+As a result, it may not be implemented on all systems.
+.Sh HISTORY
+The
+.Fn setregid
+function call appeared in
+.Bx 4.2 .
+A semantically different version appeared in
+.Bx 4.4 .
+The current version, with the original semantics restored, appeared in
+.Ox 3.3 .
+.Sh CAVEATS
+The
+.Fn setregid
+function predates
+.Tn POSIX
+saved group IDs.
+This implementation changes the saved group ID to the new value of
+the effective group ID if the real group ID is changed.
+Other implementations may behave differently.
diff --git a/lib/libc/sys/setreuid.2 b/lib/libc/sys/setreuid.2
new file mode 100644
index 00000000000..60df37991a3
--- /dev/null
+++ b/lib/libc/sys/setreuid.2
@@ -0,0 +1,123 @@
+.\" Copyright (c) 1980, 1991, 1993, 1994
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"      @(#)setreuid.2	8.2 (Berkeley) 4/16/94
+.\"
+.Dd January 29, 2003
+.Dt SETREUID 2
+.Os
+.Sh NAME
+.Nm setreuid
+.Nd set real and effective user IDs
+.Sh SYNOPSIS
+.Fd #include <unistd.h>
+.Ft int
+.Fn setreuid "uid_t ruid" "uid_t euid"
+.Sh DESCRIPTION
+The real and effective user IDs of the
+current process are set according to the arguments.
+If the real user ID is changed, or the effective user ID is changed
+to a value other than the real user ID, then the saved user ID will
+be set to the effective user ID.
+.Pp
+Unprivileged users may change either user ID to the current value
+of the real, effective, or saved user ID.
+Only the superuser may make other changes.
+.Pp
+Supplying a value of -1 for either the real or effective
+user ID forces the system to substitute the current
+ID in place of the -1 parameter.
+.Pp
+The
+.Fn setreuid
+function was intended to allow swapping the real and
+effective user IDs in set-user-ID programs to temporarily relinquish
+the set-user-ID value.
+This purpose is now better served by the use of the
+.Fn seteuid
+function (see
+.Xr setuid 2 ) .
+.Pp
+When setting the real and effective user IDs to the same value, the
+.Fn setuid
+function is preferred.
+.Sh RETURN VALUES
+Upon successful completion, a value of 0 is returned.
+Otherwise, a value of -1 is returned and
+.Va errno
+is set to indicate the error.
+.Sh ERRORS
+.Bl -tag -width Er
+.It Bq Er EPERM
+The current process is not the superuser and a change
+other than changing the effective user ID to the real user ID
+was specified.
+.El
+.Sh SEE ALSO
+.Xr getuid 2 ,
+.Xr seteuid 2 ,
+.Xr setresuid 2 ,
+.Xr setuid 2
+.Sh STANDARDS
+The
+.Fn setreuid
+function conforms to the
+.St -p1003.1-01
+and
+.St -xpg4.3 .
+specifications.
+.Pp
+Note, however, that prior to
+.St -p1003.1-01 ,
+the
+.Fn setreuid
+function was not a part of the
+.St -p1003.1
+specification.
+As a result, it may not be implemented on all systems.
+.Sh HISTORY
+The
+.Fn setreuid
+function call appeared in
+.Bx 4.2 .
+A semantically different version appeared in
+.Bx 4.4 .
+The current version, with the original semantics restored, appeared in
+.Ox 3.3 .
+.Sh CAVEATS
+The
+.Fn setreuid
+function predates
+.Tn POSIX   
+saved user IDs.
+This implementation changes the saved user ID to the new value of
+the effective user ID if the real user ID is changed.
+Other implementations may behave differently.