From 111f17112e935f1768e0da7a24ee15f428f61872 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 4 Jul 2005 01:54:12 +0000 Subject: make these use setres[ug]id for simple privilege dropping; ok deraadt@ millert@ moritz@ --- usr.bin/fstat/fstat.c | 18 ++++++++++-------- usr.bin/modstat/modstat.c | 8 +++++--- usr.bin/msgs/msgs.c | 11 +++++++---- usr.bin/netstat/main.c | 20 ++++++++++++-------- usr.bin/oldrdist/server.c | 12 ++++++------ usr.bin/rsh/rsh.c | 19 +++++++++++-------- usr.bin/sup/src/run.c | 14 +++++++++----- usr.bin/sup/src/supfilesrv.c | 26 +++++++++----------------- usr.bin/systat/main.c | 10 ++++++---- usr.bin/vmstat/dkstats.c | 16 +++++++++------- usr.bin/vmstat/vmstat.c | 22 ++++++++++++---------- usr.bin/write/write.c | 10 ++++++---- 12 files changed, 102 insertions(+), 84 deletions(-) diff --git a/usr.bin/fstat/fstat.c b/usr.bin/fstat/fstat.c index 88c5b088387..3c231a9ea55 100644 --- a/usr.bin/fstat/fstat.c +++ b/usr.bin/fstat/fstat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fstat.c,v 1.51 2005/05/26 05:15:56 tedu Exp $ */ +/* $OpenBSD: fstat.c,v 1.52 2005/07/04 01:54:09 djm Exp $ */ /*- * Copyright (c) 1988, 1993 @@ -37,7 +37,7 @@ static char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)fstat.c 8.1 (Berkeley) 6/6/93";*/ -static char *rcsid = "$OpenBSD: fstat.c,v 1.51 2005/05/26 05:15:56 tedu Exp $"; +static char *rcsid = "$OpenBSD: fstat.c,v 1.52 2005/07/04 01:54:09 djm Exp $"; #endif /* not lint */ #include @@ -174,6 +174,7 @@ main(int argc, char *argv[]) char *memf, *nlistf; char buf[_POSIX2_LINE_MAX]; int cnt; + gid_t gid; arg = 0; what = KERN_PROC_ALL; @@ -225,16 +226,17 @@ main(int argc, char *argv[]) * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ - if (nlistf != NULL || memf != NULL) { - setegid(getgid()); - setgid(getgid()); - } + gid = getgid(); + if (nlistf != NULL || memf != NULL) + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == NULL) errx(1, "%s", buf); - setegid(getgid()); - setgid(getgid()); + if (nlistf == NULL && memf == NULL) + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); if (*(argv += optind)) { for (; *argv; ++argv) { diff --git a/usr.bin/modstat/modstat.c b/usr.bin/modstat/modstat.c index d3934849f28..1eb46177998 100644 --- a/usr.bin/modstat/modstat.c +++ b/usr.bin/modstat/modstat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: modstat.c,v 1.21 2003/06/10 22:20:48 deraadt Exp $ */ +/* $OpenBSD: modstat.c,v 1.22 2005/07/04 01:54:10 djm Exp $ */ /* * Copyright (c) 1993 Terrence R. Lambert. @@ -114,6 +114,7 @@ main(int argc, char *argv[]) char *modname = NULL; char *endptr; int devfd; + gid_t gid; while ((c = getopt(argc, argv, "i:n:")) != -1) { switch (c) { @@ -143,8 +144,9 @@ main(int argc, char *argv[]) if ((devfd = open(_PATH_LKM, O_RDONLY)) == -1) err(2, "%s", _PATH_LKM); - setegid(getgid()); - setgid(getgid()); + gid = getgid(); + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); printf("Type Id Off %-*s Size %-*s Rev Module Name\n", POINTERSIZE, "Loadaddr", POINTERSIZE, "Info"); diff --git a/usr.bin/msgs/msgs.c b/usr.bin/msgs/msgs.c index 66091e883cb..d16e6fa93e4 100644 --- a/usr.bin/msgs/msgs.c +++ b/usr.bin/msgs/msgs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: msgs.c,v 1.29 2004/10/02 04:14:39 deraadt Exp $ */ +/* $OpenBSD: msgs.c,v 1.30 2005/07/04 01:54:10 djm Exp $ */ /* $NetBSD: msgs.c,v 1.7 1995/09/28 06:57:40 tls Exp $ */ /*- @@ -40,7 +40,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)msgs.c 8.2 (Berkeley) 4/28/95"; #else -static char rcsid[] = "$OpenBSD: msgs.c,v 1.29 2004/10/02 04:14:39 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: msgs.c,v 1.30 2005/07/04 01:54:10 djm Exp $"; #endif #endif /* not lint */ @@ -173,8 +173,11 @@ main(int argc, char *argv[]) #endif time(&t); - seteuid(uid = getuid()); - setuid(uid); + uid = getuid(); + if (setresuid(uid, uid, uid) == -1) { + perror("setresuid"); + exit(1); + } ruptible = (signal(SIGINT, SIG_IGN) == SIG_DFL); if (ruptible) signal(SIGINT, SIG_DFL); diff --git a/usr.bin/netstat/main.c b/usr.bin/netstat/main.c index 6f024a1a734..bc69a48afa4 100644 --- a/usr.bin/netstat/main.c +++ b/usr.bin/netstat/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.60 2005/06/16 16:03:32 jaredy Exp $ */ +/* $OpenBSD: main.c,v 1.61 2005/07/04 01:54:10 djm Exp $ */ /* $NetBSD: main.c,v 1.9 1996/05/07 02:55:02 thorpej Exp $ */ /* @@ -40,7 +40,7 @@ char copyright[] = #if 0 static char sccsid[] = "from: @(#)main.c 8.4 (Berkeley) 3/1/94"; #else -static char *rcsid = "$OpenBSD: main.c,v 1.60 2005/06/16 16:03:32 jaredy Exp $"; +static char *rcsid = "$OpenBSD: main.c,v 1.61 2005/07/04 01:54:10 djm Exp $"; #endif #endif /* not lint */ @@ -52,6 +52,7 @@ static char *rcsid = "$OpenBSD: main.c,v 1.60 2005/06/16 16:03:32 jaredy Exp $"; #include #include +#include #include #include #include @@ -255,6 +256,7 @@ main(int argc, char *argv[]) int ch; char *nlistf = NULL, *memf = NULL, *ep; char buf[_POSIX2_LINE_MAX]; + gid_t gid; u_long pcbaddr = 0; af = AF_UNSPEC; @@ -390,18 +392,20 @@ main(int argc, char *argv[]) * guys can't print interesting stuff from kernel memory. * Dumping PCB info is also restricted. */ - if (nlistf != NULL || memf != NULL || Pflag) { - setegid(getgid()); - setgid(getgid()); - } + gid = getgid(); + if (nlistf != NULL || memf != NULL || Pflag) + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); if ((kvmd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == NULL) { fprintf(stderr, "%s: kvm_open: %s\n", __progname, buf); exit(1); } - setegid(getgid()); - setgid(getgid()); + + if (nlistf == NULL && memf == NULL && !Pflag) + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); #define BACKWARD_COMPATIBILITY #ifdef BACKWARD_COMPATIBILITY diff --git a/usr.bin/oldrdist/server.c b/usr.bin/oldrdist/server.c index db1c6d6a7aa..775201b9329 100644 --- a/usr.bin/oldrdist/server.c +++ b/usr.bin/oldrdist/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.28 2005/04/13 02:33:08 deraadt Exp $ */ +/* $OpenBSD: server.c,v 1.29 2005/07/04 01:54:10 djm Exp $ */ /* * Copyright (c) 1983, 1993 @@ -31,7 +31,7 @@ #ifndef lint /* from: static char sccsid[] = "@(#)server.c 8.1 (Berkeley) 6/9/93"; */ -static char *rcsid = "$OpenBSD: server.c,v 1.28 2005/04/13 02:33:08 deraadt Exp $"; +static char *rcsid = "$OpenBSD: server.c,v 1.29 2005/07/04 01:54:10 djm Exp $"; #endif /* not lint */ #include @@ -1389,10 +1389,10 @@ dospecial(cmd) (void) close(fd[0]); (void) close(fd[1]); #if defined(DIRECT_RCMD) - setegid(groupid); - setgid(groupid); - seteuid(userid); - setuid(userid); + if (setgroups(1, &groupid) == -1 || + setresgid(groupid, groupid, groupid) == -1 || + setresuid(userid, userid, userid) == -1) + _exit(127); #endif /* DIRECT_RCMD */ execl(_PATH_BSHELL, "sh", "-c", cmd, (char *)NULL); _exit(127); diff --git a/usr.bin/rsh/rsh.c b/usr.bin/rsh/rsh.c index 6a18aa836cf..39a693501de 100644 --- a/usr.bin/rsh/rsh.c +++ b/usr.bin/rsh/rsh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsh.c,v 1.37 2005/04/01 04:06:40 deraadt Exp $ */ +/* $OpenBSD: rsh.c,v 1.38 2005/07/04 01:54:10 djm Exp $ */ /*- * Copyright (c) 1983, 1990 The Regents of the University of California. @@ -37,7 +37,7 @@ static const char copyright[] = #ifndef lint /*static const char sccsid[] = "from: @(#)rsh.c 5.24 (Berkeley) 7/1/91";*/ -static const char rcsid[] = "$OpenBSD: rsh.c,v 1.37 2005/04/01 04:06:40 deraadt Exp $"; +static const char rcsid[] = "$OpenBSD: rsh.c,v 1.38 2005/07/04 01:54:10 djm Exp $"; #endif /* not lint */ #include @@ -77,10 +77,11 @@ main(int argc, char *argv[]) struct passwd *pw; struct servent *sp; sigset_t mask, omask; - int argoff = 0, asrsh = 0, ch, dflag = 0, nflag = 0, one = 1, rem, uid; + int argoff = 0, asrsh = 0, ch, dflag = 0, nflag = 0, one = 1, rem; char *args, *host = NULL, *user = NULL; pid_t pid = 0; extern char *__progname; + uid_t uid; /* if called as something other than "rsh", use it as the host name */ if (strcmp(__progname, "rsh") != 0) @@ -116,14 +117,16 @@ main(int argc, char *argv[]) } optind += argoff; + uid = getuid(); + /* if haven't gotten a host yet, do so */ if (!host && !(host = argv[optind++])) usage(); /* if no command, login to remote host via ssh. */ if (!argv[optind]) { - seteuid(getuid()); - setuid(getuid()); + if (setresuid(uid, uid, uid) == -1) + err(1, "setresuid"); if (asrsh) *argv = "ssh"; execv(_PATH_SSH, argv); @@ -135,7 +138,7 @@ main(int argc, char *argv[]) if (geteuid() != 0) errx(1, "must be setuid root"); - if ((pw = getpwuid(uid = getuid())) == NULL) + if ((pw = getpwuid(uid)) == NULL) errx(1, "unknown user ID %u", uid); if (user == NULL) user = pw->pw_name; @@ -154,8 +157,8 @@ main(int argc, char *argv[]) if (rfd2 < 0) errx(1, "can't establish stderr"); - (void)seteuid(uid); - (void)setuid(uid); + if (setresuid(uid, uid, uid) == -1) + err(1, "setresuid"); if (dflag) { if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, &one, diff --git a/usr.bin/sup/src/run.c b/usr.bin/sup/src/run.c index b49a4bdc668..c96a592dfa8 100644 --- a/usr.bin/sup/src/run.c +++ b/usr.bin/sup/src/run.c @@ -1,4 +1,4 @@ -/* $OpenBSD: run.c,v 1.13 2002/06/12 06:07:16 mpech Exp $ */ +/* $OpenBSD: run.c,v 1.14 2005/07/04 01:54:10 djm Exp $ */ /* * Copyright (c) 1991 Carnegie Mellon University @@ -170,15 +170,19 @@ dorun(name, argv, usepath) pid_t pid; struct sigaction ignoresig, intsig, quitsig; int status; + uid_t uid; + gid_t gid; if ((pid = fork()) == -1) return(-1); /* no more process's, so exit with error */ if (pid == 0) { /* child process */ - setegid(getgid()); - setgid(getgid()); - seteuid(getuid()); - setuid(getuid()); + uid = getuid(); + gid = getgid(); + if (setgroups(1, &gid) == -1 || + setresgid(gid, gid, gid) == -1 || + setresuid(uid, uid, uid) == -1) + _exit(0377); if (usepath) execvp(name,argv); else diff --git a/usr.bin/sup/src/supfilesrv.c b/usr.bin/sup/src/supfilesrv.c index 31709e08f20..e90432e1bd7 100644 --- a/usr.bin/sup/src/supfilesrv.c +++ b/usr.bin/sup/src/supfilesrv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: supfilesrv.c,v 1.34 2004/05/31 15:48:26 pedro Exp $ */ +/* $OpenBSD: supfilesrv.c,v 1.35 2005/07/04 01:54:10 djm Exp $ */ /* * Copyright (c) 1992 Carnegie Mellon University @@ -1852,14 +1852,10 @@ changeuid(namep, passwordp, fileuid, filegid) #if CMUCS if (setgroups(grps[0], &grps[1]) < 0) logerr("setgroups: %%m"); - if (setegid((gid_t)grp->gr_gid) < 0) - logerr("setegid: %%m"); - if (setgid((gid_t)grp->gr_gid) < 0) - logerr("setgid: %%m"); - if (seteuid(pwd->pw_uid) < 0) - logerr("seteuid: %%m"); - if (setuid(pwd->pw_uid) < 0) - logerr("setuid: %%m"); + if (setresgid(grp->gr_gid, grp->gr_gid, grp->gr_gid) < 0) + logerr("setresgid: %%m"); + if (setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid) < 0) + logerr("setresuid: %%m"); #else /* CMUCS */ #ifdef HAS_LOGIN_CAP if (setusercontext(NULL, pwd, pwd->pw_uid, LOGIN_SETALL) < 0) @@ -1867,18 +1863,14 @@ changeuid(namep, passwordp, fileuid, filegid) #else if (initgroups(pwd->pw_name,pwd->pw_gid) < 0) return ("Error setting group list"); - if (setegid(pwd->pw_gid) < 0) - logerr("setegid: %%m"); - if (setgid(pwd->pw_gid) < 0) - logerr("setgid: %%m"); + if (setresgid(pwd->pw_gid, pwd->pw_gid, pwd->pw_gid) < 0) + logerr("setresgid: %%m"); #ifndef NO_SETLOGIN if (setlogin(pwd->pw_name) < 0) logerr("setlogin: %%m"); #endif - if (seteuid(pwd->pw_uid) < 0) - logerr("seteuid: %%m"); - if (setuid(pwd->pw_uid) < 0) - logerr("setuid: %%m"); + if (setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid) < 0) + logerr("setresuid: %%m"); #endif /* HAS_LOGIN_CAP */ #endif /* CMUCS */ return (NULL); diff --git a/usr.bin/systat/main.c b/usr.bin/systat/main.c index 78e5acf5ee2..f74c6647eb6 100644 --- a/usr.bin/systat/main.c +++ b/usr.bin/systat/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.30 2004/04/26 19:22:30 itojun Exp $ */ +/* $OpenBSD: main.c,v 1.31 2005/07/04 01:54:10 djm Exp $ */ /* $NetBSD: main.c,v 1.8 1996/05/10 23:16:36 thorpej Exp $ */ /*- @@ -40,7 +40,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)main.c 8.1 (Berkeley) 6/6/93"; #endif -static char rcsid[] = "$OpenBSD: main.c,v 1.30 2004/04/26 19:22:30 itojun Exp $"; +static char rcsid[] = "$OpenBSD: main.c,v 1.31 2005/07/04 01:54:10 djm Exp $"; #endif /* not lint */ #include @@ -87,6 +87,7 @@ main(int argc, char *argv[]) { int ch; char errbuf[_POSIX2_LINE_MAX]; + gid_t gid; kd = kvm_openfiles(NULL, NULL, NULL, O_RDONLY, errbuf); if (kd == NULL) { @@ -94,8 +95,9 @@ main(int argc, char *argv[]) exit(1); } - setegid(getgid()); - setgid(getgid()); + gid = getgid(); + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); while ((ch = getopt(argc, argv, "nw:")) != -1) switch (ch) { diff --git a/usr.bin/vmstat/dkstats.c b/usr.bin/vmstat/dkstats.c index 2b58fe53304..d27244d5f71 100644 --- a/usr.bin/vmstat/dkstats.c +++ b/usr.bin/vmstat/dkstats.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dkstats.c,v 1.25 2004/04/22 22:28:37 millert Exp $ */ +/* $OpenBSD: dkstats.c,v 1.26 2005/07/04 01:54:10 djm Exp $ */ /* $NetBSD: dkstats.c,v 1.1 1996/05/10 23:19:27 thorpej Exp $ */ /* @@ -409,16 +409,17 @@ dkinit(int select) size_t size; struct clockinfo clkinfo; char *disknames, *name, *bufpp; + gid_t gid; if (once) return(1); + gid = getgid(); if (nlistf != NULL || memf != NULL) { #if !defined(NOKVM) - if (memf != NULL) { - setegid(getgid()); - setgid(getgid()); - } + if (memf != NULL) + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); /* Open the kernel. */ if (kd == NULL && @@ -426,8 +427,9 @@ dkinit(int select) errbuf)) == NULL) errx(1, "kvm_openfiles: %s", errbuf); - setegid(getgid()); - setgid(getgid()); + if (memf == NULL) + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); /* Obtain the namelist symbols from the kernel. */ if (kvm_nlist(kd, namelist)) diff --git a/usr.bin/vmstat/vmstat.c b/usr.bin/vmstat/vmstat.c index 31bb4233d6d..d989e1a0fd9 100644 --- a/usr.bin/vmstat/vmstat.c +++ b/usr.bin/vmstat/vmstat.c @@ -1,5 +1,5 @@ /* $NetBSD: vmstat.c,v 1.29.4.1 1996/06/05 00:21:05 cgd Exp $ */ -/* $OpenBSD: vmstat.c,v 1.95 2005/04/21 04:42:56 mickey Exp $ */ +/* $OpenBSD: vmstat.c,v 1.96 2005/07/04 01:54:10 djm Exp $ */ /* * Copyright (c) 1980, 1986, 1991, 1993 @@ -40,7 +40,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)vmstat.c 8.1 (Berkeley) 6/6/93"; #else -static const char rcsid[] = "$OpenBSD: vmstat.c,v 1.95 2005/04/21 04:42:56 mickey Exp $"; +static const char rcsid[] = "$OpenBSD: vmstat.c,v 1.96 2005/07/04 01:54:10 djm Exp $"; #endif #endif /* not lint */ @@ -151,6 +151,7 @@ main(int argc, char *argv[]) u_int interval; int reps; char errbuf[_POSIX2_LINE_MAX]; + gid_t gid; interval = reps = todo = 0; while ((c = getopt(argc, argv, "c:fiM:mN:stw:vz")) != -1) { @@ -199,9 +200,10 @@ main(int argc, char *argv[]) if (todo == 0) todo = VMSTAT; + gid = getgid(); if (nlistf != NULL || memf != NULL) { - setegid(getgid()); - setgid(getgid()); + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); } /* @@ -215,9 +217,11 @@ main(int argc, char *argv[]) if (kd == 0) errx(1, "kvm_openfiles: %s", errbuf); + if (nlistf == NULL && memf == NULL) + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); + if ((c = kvm_nlist(kd, namelist)) != 0) { - setgid(getgid()); - setegid(getegid()); if (c > 0) { (void)fprintf(stderr, @@ -234,12 +238,10 @@ main(int argc, char *argv[]) errx(1, "kvm_nlist: %s", kvm_geterr(kd)); } #ifdef notyet - } + } else if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); #endif /* notyet */ - setegid(getegid()); - setgid(getgid()); - mib[0] = CTL_HW; mib[1] = HW_NCPU; size = sizeof(ncpu); diff --git a/usr.bin/write/write.c b/usr.bin/write/write.c index 70c4b8e434a..442abdcd23d 100644 --- a/usr.bin/write/write.c +++ b/usr.bin/write/write.c @@ -1,4 +1,4 @@ -/* $OpenBSD: write.c,v 1.22 2003/07/10 00:06:52 david Exp $ */ +/* $OpenBSD: write.c,v 1.23 2005/07/04 01:54:11 djm Exp $ */ /* $NetBSD: write.c,v 1.5 1995/08/31 21:48:32 jtc Exp $ */ /* @@ -43,7 +43,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)write.c 8.2 (Berkeley) 4/27/95"; #endif -static char *rcsid = "$OpenBSD: write.c,v 1.22 2003/07/10 00:06:52 david Exp $"; +static char *rcsid = "$OpenBSD: write.c,v 1.23 2005/07/04 01:54:11 djm Exp $"; #endif /* not lint */ #include @@ -240,6 +240,7 @@ do_write(char *tty, char *mytty, uid_t myuid) struct passwd *pwd; time_t now; char path[MAXPATHLEN], host[MAXHOSTNAMELEN], line[512]; + gid_t gid; /* Determine our login name before the we reopen() stdout */ if ((login = getlogin()) == NULL) { @@ -254,8 +255,9 @@ do_write(char *tty, char *mytty, uid_t myuid) err(1, "%s", path); /* revoke privs, now that we have opened the tty */ - setegid(getgid()); - setgid(getgid()); + gid = getgid(); + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); (void)signal(SIGINT, done); (void)signal(SIGHUP, done); -- cgit v1.2.3