diff options
| -rw-r--r-- | etc/aliases | 7 | ||||
| -rw-r--r-- | etc/group | 5 | ||||
| -rw-r--r-- | etc/inetd.conf | 10 | ||||
| -rw-r--r-- | etc/master.passwd | 5 | ||||
| -rw-r--r-- | libexec/rpc.rstatd/rstatd.c | 8 | ||||
| -rw-r--r-- | libexec/rpc.rusersd/rusersd.c | 8 | ||||
| -rw-r--r-- | usr.sbin/portmap/portmap.c | 21 |
7 files changed, 50 insertions, 14 deletions
diff --git a/etc/aliases b/etc/aliases index 3bf605b66e8..c822666d47a 100644 --- a/etc/aliases +++ b/etc/aliases @@ -1,5 +1,5 @@ # -# $OpenBSD: aliases,v 1.9 2002/07/15 22:33:23 millert Exp $ +# $OpenBSD: aliases,v 1.10 2002/07/15 23:47:57 deraadt Exp $ # # Aliases in this file will NOT be expanded in the header from # Mail, but WILL be visible over networks or from /bin/mail. @@ -26,6 +26,11 @@ popa3d: root proxy: root smmsp: root sshd: root +_portmap: root +_rstatd: root +_identd: root +_rusersd: root +_fingerd: root # Well-known aliases -- these should be filled in! # root: diff --git a/etc/group b/etc/group index 49d1ebb3280..ef3a0738173 100644 --- a/etc/group +++ b/etc/group @@ -14,7 +14,12 @@ staff:*:20:root smmsp:*:25: popa3d:*:26: sshd:*:27: +_portmap:*:28: +_identd:*:29: +_rstatd:*:30: guest:*:31:root +_rusersd:*:32: +_fingerd:*:33: utmp:*:45: crontab:*:66: www:*:67: diff --git a/etc/inetd.conf b/etc/inetd.conf index 2c8793c1cb7..b189f3486bf 100644 --- a/etc/inetd.conf +++ b/etc/inetd.conf @@ -1,4 +1,4 @@ -# $OpenBSD: inetd.conf,v 1.48 2002/06/28 22:40:31 deraadt Exp $ +# $OpenBSD: inetd.conf,v 1.49 2002/07/15 23:47:57 deraadt Exp $ # # Internet server configuration database # @@ -11,10 +11,10 @@ #shell stream tcp nowait root /usr/libexec/rshd rshd -L #shell stream tcp6 nowait root /usr/libexec/rshd rshd -L #uucpd stream tcp nowait root /usr/libexec/uucpd uucpd -#finger stream tcp nowait nobody /usr/libexec/fingerd fingerd -lsm -#finger stream tcp6 nowait nobody /usr/libexec/fingerd fingerd -lsm -ident stream tcp nowait nobody /usr/libexec/identd identd -el -ident stream tcp6 nowait nobody /usr/libexec/identd identd -el +#finger stream tcp nowait _fingerd /usr/libexec/fingerd fingerd -lsm +#finger stream tcp6 nowait _fingerd /usr/libexec/fingerd fingerd -lsm +ident stream tcp nowait _identd /usr/libexec/identd identd -el +ident stream tcp6 nowait _identd /usr/libexec/identd identd -el #tftp dgram udp wait root /usr/libexec/tftpd tftpd -s /tftpboot #tftp dgram udp6 wait root /usr/libexec/tftpd tftpd -s /tftpboot 127.0.0.1:comsat dgram udp wait root /usr/libexec/comsat comsat diff --git a/etc/master.passwd b/etc/master.passwd index c71c9da8261..bf5d852a7ed 100644 --- a/etc/master.passwd +++ b/etc/master.passwd @@ -5,6 +5,11 @@ bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin smmsp:*:25:25::0:0:Sendmail Message Submission Program:/nonexistent:/sbin/nologin popa3d:*:26:26::0:0:POP3 server:/var/empty:/sbin/nologin sshd:*:27:27::0:0:sshd privsep:/var/empty:/sbin/nologin +_portmap:*:28:28::0:0:portmap:/var/empty:/sbin/nologin +_identd:*:29:29::0:0:identd:/var/empty:/sbin/nologin +_rstatd:*:30:30::0:0:rpc.rstatd:/var/empty:/sbin/nologin +_rusersd:*:32:32::0:0:rpc.rusersd:/var/empty:/sbin/nologin +_fingerd:*:33:33::0:0:fingerd:/var/empty:/sbin/nologin uucp:*:66:1::0:0:UNIX-to-UNIX Copy:/var/spool/uucppublic:/usr/libexec/uucp/uucico www:*:67:67::0:0:HTTP server:/var/www:/sbin/nologin named:*:70:70::0:0:BIND Name Service Daemon:/var/named:/sbin/nologin diff --git a/libexec/rpc.rstatd/rstatd.c b/libexec/rpc.rstatd/rstatd.c index fe52c06664d..86a35afd986 100644 --- a/libexec/rpc.rstatd/rstatd.c +++ b/libexec/rpc.rstatd/rstatd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rstatd.c,v 1.11 2002/06/28 22:59:20 deraadt Exp $ */ +/* $OpenBSD: rstatd.c,v 1.12 2002/07/15 23:47:57 deraadt Exp $ */ /*- * Copyright (c) 1993, John Brezak @@ -34,7 +34,7 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: rstatd.c,v 1.11 2002/06/28 22:59:20 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: rstatd.c,v 1.12 2002/07/15 23:47:57 deraadt Exp $"; #endif /* not lint */ #include <sys/types.h> @@ -87,7 +87,9 @@ main(int argc, char *argv[]) struct sockaddr_in from; SVCXPRT *transp; - pw = getpwnam("nobody"); + pw = getpwnam("_rstatd"); + if (!pw) + pw = getpwnam("nobody"); if (chroot("/var/empty") == -1) { syslog(LOG_ERR, "cannot chdir to /var/empty."); exit(1); diff --git a/libexec/rpc.rusersd/rusersd.c b/libexec/rpc.rusersd/rusersd.c index 520a351863a..a9913eded31 100644 --- a/libexec/rpc.rusersd/rusersd.c +++ b/libexec/rpc.rusersd/rusersd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rusersd.c,v 1.9 2002/06/28 23:22:21 deraadt Exp $ */ +/* $OpenBSD: rusersd.c,v 1.10 2002/07/15 23:47:57 deraadt Exp $ */ /*- * Copyright (c) 1993 John Brezak @@ -29,7 +29,7 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: rusersd.c,v 1.9 2002/06/28 23:22:21 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: rusersd.c,v 1.10 2002/07/15 23:47:57 deraadt Exp $"; #endif /* not lint */ #include <sys/types.h> @@ -74,7 +74,9 @@ main(int argc, char *argv[]) exit(1); } - pw = getpwnam("nobody"); + pw = getpwnam("_rusersd"); + if (!pw) + pw = getpwnam("nobody"); if (chroot("/var/empty") == -1) { syslog(LOG_ERR, "cannot chdir to /var/empty."); exit(1); diff --git a/usr.sbin/portmap/portmap.c b/usr.sbin/portmap/portmap.c index 88315450227..b4276ff8a32 100644 --- a/usr.sbin/portmap/portmap.c +++ b/usr.sbin/portmap/portmap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: portmap.c,v 1.24 2002/07/09 22:20:43 deraadt Exp $ */ +/* $OpenBSD: portmap.c,v 1.25 2002/07/15 23:47:57 deraadt Exp $ */ /*- * Copyright (c) 1996, 1997 Theo de Raadt (OpenBSD). All rights reserved. @@ -44,7 +44,7 @@ char copyright[] = #if 0 static char sccsid[] = "from: @(#)portmap.c 5.4 (Berkeley) 4/19/91"; #else -static char rcsid[] = "$OpenBSD: portmap.c,v 1.24 2002/07/09 22:20:43 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: portmap.c,v 1.25 2002/07/15 23:47:57 deraadt Exp $"; #endif #endif /* not lint */ @@ -121,6 +121,7 @@ main(int argc, char *argv[]) int sock, lsock, c, on = 1, len = sizeof(struct sockaddr_in); struct sockaddr_in addr, laddr; struct pmaplist *pml; + struct passwd *pw; SVCXPRT *xprt; while ((c = getopt(argc, argv, "d")) != -1) { @@ -242,6 +243,22 @@ main(int argc, char *argv[]) pml->pml_next = pmaplist; pmaplist = pml; + pw = getpwnam("_portmap"); + if (!pw) + pw = getpwnam("nobody"); + if (chroot("/var/empty") == -1) { + syslog(LOG_ERR, "cannot chdir to /var/empty."); + exit(1); + } + chdir("/"); + if (pw) { + setgroups(1, &pw->pw_gid); + setegid(pw->pw_gid); + setgid(pw->pw_gid); + seteuid(pw->pw_uid); + setuid(pw->pw_uid); + } + (void)svc_register(xprt, PMAPPROG, PMAPVERS, reg_service, FALSE); (void)signal(SIGCHLD, (void (*)())reap); |