diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2005-05-03 03:41:12 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2005-05-03 03:41:12 +0000 |
| commit | 5c95f5e2f59798905d4a5b67439d42ae084252e1 (patch) | |
| tree | 25eaa465c5ea04d1c9908ea6d801304b16d2d948 /usr.sbin | |
| parent | 9160bd40bfe1cf2a8155e00c62a9eeed136cfd91 (diff) | |
setresgid; ok deraadt@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/procmap/procmap.c | 16 | ||||
| -rw-r--r-- | usr.sbin/pstat/pstat.c | 18 | ||||
| -rw-r--r-- | usr.sbin/trpt/trpt.c | 16 |
3 files changed, 28 insertions, 22 deletions
diff --git a/usr.sbin/procmap/procmap.c b/usr.sbin/procmap/procmap.c index 3c199936552..de59a806eb8 100644 --- a/usr.sbin/procmap/procmap.c +++ b/usr.sbin/procmap/procmap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: procmap.c,v 1.18 2005/03/25 16:54:17 jaredy Exp $ */ +/* $OpenBSD: procmap.c,v 1.19 2005/05/03 03:41:11 djm Exp $ */ /* $NetBSD: pmap.c,v 1.1 2002/09/01 20:32:44 atatat Exp $ */ /* @@ -206,6 +206,7 @@ main(int argc, char *argv[]) struct kinfo_proc *kproc; /* struct proc proc; */ char *kmem, *kernel; + gid_t gid; pid = -1; verbose = debug = 0; @@ -261,10 +262,10 @@ main(int argc, char *argv[]) * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ - if (kernel != NULL || kmem != NULL) { - setegid(getgid()); - setgid(getgid()); - } + gid = getgid(); + if (kernel != NULL || kmem != NULL) + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); argc -= optind; argv += optind; @@ -280,8 +281,9 @@ main(int argc, char *argv[]) /* start by opening libkvm */ kd = kvm_openfiles(kernel, kmem, NULL, O_RDONLY, errbuf); - setegid(getgid()); - setgid(getgid()); + if (kernel == NULL && kmem == NULL) + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); if (kd == NULL) errx(1, "%s", errbuf); diff --git a/usr.sbin/pstat/pstat.c b/usr.sbin/pstat/pstat.c index 6bb445caac7..b9d649b202e 100644 --- a/usr.sbin/pstat/pstat.c +++ b/usr.sbin/pstat/pstat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pstat.c,v 1.49 2005/02/08 14:48:08 pat Exp $ */ +/* $OpenBSD: pstat.c,v 1.50 2005/05/03 03:41:11 djm Exp $ */ /* $NetBSD: pstat.c,v 1.27 1996/10/23 22:50:06 cgd Exp $ */ /*- @@ -40,7 +40,7 @@ static char copyright[] = #if 0 from: static char sccsid[] = "@(#)pstat.c 8.9 (Berkeley) 2/16/94"; #else -static char *rcsid = "$OpenBSD: pstat.c,v 1.49 2005/02/08 14:48:08 pat Exp $"; +static char *rcsid = "$OpenBSD: pstat.c,v 1.50 2005/05/03 03:41:11 djm Exp $"; #endif #endif /* not lint */ @@ -147,6 +147,7 @@ main(int argc, char *argv[]) int ch; extern char *optarg; extern int optind; + gid_t gid; while ((ch = getopt(argc, argv, "TM:N:fiknstv")) != -1) switch (ch) { @@ -188,17 +189,18 @@ main(int argc, char *argv[]) * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ - if (nlistf != NULL || memf != NULL) { - (void)setegid(getgid()); - (void)setgid(getgid()); - } + gid = getgid(); + if (nlistf != NULL || memf != NULL) + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); if (vnodeflag) if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == 0) errx(1, "kvm_openfiles: %s", buf); - (void)setegid(getgid()); - (void)setgid(getgid()); + if (nlistf == NULL && memf == NULL) + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); if (vnodeflag) if (kvm_nlist(kd, nl) == -1) diff --git a/usr.sbin/trpt/trpt.c b/usr.sbin/trpt/trpt.c index ba04d962fcf..b68a3e07045 100644 --- a/usr.sbin/trpt/trpt.c +++ b/usr.sbin/trpt/trpt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trpt.c,v 1.20 2004/09/24 15:02:43 markus Exp $ */ +/* $OpenBSD: trpt.c,v 1.21 2005/05/03 03:41:11 djm Exp $ */ /*- * Copyright (c) 1997 The NetBSD Foundation, Inc. @@ -146,6 +146,7 @@ main(int argc, char *argv[]) char *system = NULL, *core = NULL, *cp, errbuf[_POSIX2_LINE_MAX]; int ch, i, jflag = 0, npcbs = 0; unsigned long l; + gid_t gid; while ((ch = getopt(argc, argv, "afjM:N:p:st")) != -1) { switch (ch) { @@ -197,17 +198,18 @@ main(int argc, char *argv[]) * Discard setgid privileged if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ - if (core != NULL || system != NULL) { - setegid(getgid()); - setgid(getgid()); - } + gid = getgid(); + if (core != NULL || system != NULL) + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); kd = kvm_openfiles(system, core, NULL, O_RDONLY, errbuf); if (kd == NULL) errx(1, "can't open kmem: %s", errbuf); - setegid(getgid()); - setgid(getgid()); + if (core == NULL && system == NULL) + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); if (kvm_nlist(kd, nl)) errx(2, "%s: no namelist", system ? system : _PATH_UNIX); |