diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2005-05-03 01:01:16 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2005-05-03 01:01:16 +0000 |
| commit | 6e3d4669e24109b707ee132715b0e72c4f4049ab (patch) | |
| tree | 35cdb910d7fd60d0b1c36c4322665398cb0ea552 /usr.sbin/tcpdump/privsep.c | |
| parent | d7a12bc06a5691c87253eb610bad11c519521e3a (diff) | |
more setres[ug]id; ok deraadt@
Diffstat (limited to 'usr.sbin/tcpdump/privsep.c')
| -rw-r--r-- | usr.sbin/tcpdump/privsep.c | 38 |
1 files changed, 13 insertions, 25 deletions
diff --git a/usr.sbin/tcpdump/privsep.c b/usr.sbin/tcpdump/privsep.c index 465546c9fa3..046f3a49db3 100644 --- a/usr.sbin/tcpdump/privsep.c +++ b/usr.sbin/tcpdump/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.17 2005/04/20 20:57:07 moritz Exp $ */ +/* $OpenBSD: privsep.c,v 1.18 2005/05/03 01:01:14 djm Exp $ */ /* * Copyright (c) 2003 Can Erkin Acar @@ -167,26 +167,18 @@ priv_init(int argc, char **argv) /* drop to _tcpdump */ if (setgroups(1, &pw->pw_gid) == -1) err(1, "setgroups() failed"); - if (setegid(pw->pw_gid) == -1) - err(1, "setegid() failed"); - if (setgid(pw->pw_gid) == -1) - err(1, "setgid() failed"); - if (seteuid(pw->pw_uid) == -1) - err(1, "seteuid() failed"); - if (setuid(pw->pw_uid) == -1) - err(1, "setuid() failed"); + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) + err(1, "setresgid() failed"); + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) + err(1, "setresuid() failed"); } else { /* Child - drop suid privileges */ gid = getgid(); uid = getuid(); - if (setegid(gid) == -1) - err(1, "setegid() failed"); - if (setgid(gid) == -1) - err(1, "setgid() failed"); - if (seteuid(uid) == -1) - err(1, "seteuid() failed"); - if (setuid(uid) == -1) - err(1, "setuid() failed"); + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid() failed"); + if (setresuid(uid, uid, uid) == -1) + err(1, "setresuid() failed"); } close(socks[0]); priv_fd = socks[1]; @@ -197,14 +189,10 @@ priv_init(int argc, char **argv) gid = getgid(); uid = getuid(); - if (setegid(gid) == -1) - err(1, "setegid() failed"); - if (setgid(gid) == -1) - err(1, "setgid() failed"); - if (seteuid(uid) == -1) - err(1, "seteuid() failed"); - if (setuid(uid) == -1) - err(1, "setuid() failed"); + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid() failed"); + if (setresuid(uid, uid, uid) == -1) + err(1, "setresuid() failed"); /* parse the arguments for required options so that the child * need not send them back */ |