diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2002-06-08 01:53:44 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2002-06-08 01:53:44 +0000 |
| commit | 16c2ffab14daba8ec85369749a7f5da0849d2d55 (patch) | |
| tree | 913bd4afb3022d2751aea865e7a9a0c6d046fff1 /usr.sbin/lpr/common_source/lp.h | |
| parent | f1da2a2b8fda92ebc29cd063f882352d44750caf (diff) | |
Remove setuid root from lp*. lpr needs to be setuid daemon so the
files it creates are not owned by the user spooling them but the
others (lpc, lpq, lprm) can get away with setgid daemon. lpd runs
as user daemon for most things, only changing its uid to 0 for
things that must be done as root.
For the time being, don't require connections to come from a reserved
port since lpq/lpr/lprm can't acquire that w/o setuid root. In the
near future we will have a mechanism for select non-root processes
to grab reserved ports.
The upshot of this is that spool directories must be writable by
group daemon and the files within the spool dirs must be owned by
daemon.
Diffstat (limited to 'usr.sbin/lpr/common_source/lp.h')
| -rw-r--r-- | usr.sbin/lpr/common_source/lp.h | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/usr.sbin/lpr/common_source/lp.h b/usr.sbin/lpr/common_source/lp.h index 9a3cedb372a..2734028e37d 100644 --- a/usr.sbin/lpr/common_source/lp.h +++ b/usr.sbin/lpr/common_source/lp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: lp.h,v 1.9 2002/05/20 23:13:50 millert Exp $ */ +/* $OpenBSD: lp.h,v 1.10 2002/06/08 01:53:43 millert Exp $ */ /* $NetBSD: lp.h,v 1.14 2000/04/16 14:43:58 mrg Exp $ */ /* @@ -92,7 +92,8 @@ extern int remote; /* true if sending files to a remote host */ extern char *printcapdb[]; /* printcap database array */ extern u_int wait_time; /* time to wait for remote responses */ -extern uid_t uid, euid; /* real and effective user id's */ +extern uid_t real_uid, effective_uid; +extern gid_t real_gid, effective_gid; extern volatile sig_atomic_t gotintr; @@ -104,6 +105,23 @@ struct queue { char q_name[MAXNAMLEN+1]; /* control file name */ }; +/* + * Macros to raise/lower permissions. + */ +#define PRIV_START do { \ + int save_errno = errno; \ + (void)seteuid(effective_uid); \ + (void)setegid(effective_gid); \ + errno = save_errno; \ +} while (0) + +#define PRIV_END do { \ + int save_errno = errno; \ + (void)setegid(real_gid); \ + (void)seteuid(real_uid); \ + errno = save_errno; \ +} while (0) + #include <sys/cdefs.h> __BEGIN_DECLS @@ -125,7 +143,6 @@ int inlist(char *, char *); int iscf(struct dirent *); int isowner(char *, char *); void ldump(char *, char *, int); -int lockchk(char *); void prank(int); void process(char *); void rmjob(void); @@ -134,4 +151,5 @@ void show(char *, char *, int); int startdaemon(char *); void nodaemon(void); void delay(int); +int safe_open(const char *, int, mode_t); __END_DECLS |