Fix last commit; to emulate setuid daemon + PRIV_END we need to

set the real & effective uids to the calling user and the saved
uid to daemon.  Fixes a problem where lpr could not print files
that were not world-readable.

1 files changed, 5 insertions, 5 deletions

diff --git a/usr.sbin/lpr/lprm/lprm.c b/usr.sbin/lpr/lprm/lprm.c
index 0604817fe7d..010c99b27d1 100644
--- a/usr.sbin/lpr/lprm/lprm.c
+++ b/usr.sbin/lpr/lprm/lprm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: lprm.c,v 1.14 2003/03/11 04:36:55 millert Exp $	*/
+/*	$OpenBSD: lprm.c,v 1.15 2003/03/25 02:15:21 millert Exp $	*/
 /*	$$NetBSD: lprm.c,v 1.9 1999/08/16 03:12:32 simonb Exp $	*/
 
 /*
@@ -45,7 +45,7 @@ static const char copyright[] =
 #if 0
 static const char sccsid[] = "@(#)lprm.c	8.1 (Berkeley) 6/6/93";
 #else
-static const char rcsid[] = "$OpenBSD: lprm.c,v 1.14 2003/03/11 04:36:55 millert Exp $";
+static const char rcsid[] = "$OpenBSD: lprm.c,v 1.15 2003/03/25 02:15:21 millert Exp $";
 #endif
 #endif /* not lint */
 
@@ -98,7 +98,7 @@ main(int argc, char **argv)
 	int ch;
 
 	/*
-	 * Simulate setuid daemon but with real and effective swapped.
+	 * Simulate setuid daemon w/ PRIV_END called.
 	 * We don't want lpr to actually be setuid daemon since that
 	 * requires that the lpr binary be owned by user daemon, which
 	 * is potentially unsafe.
@@ -109,8 +109,8 @@ main(int argc, char **argv)
 	real_uid = getuid();
 	effective_gid = pw->pw_gid;
 	real_gid = getgid();
-	setresgid(effective_gid, real_gid, effective_gid);
-	setresuid(effective_uid, real_uid, effective_uid);
+	setresgid(real_gid, real_gid, effective_gid);
+	setresuid(real_uid, real_uid, effective_uid);
 
 	gethostname(host, sizeof(host));
 	openlog("lprm", 0, LOG_LPR);