Deal with _POSIX_SAVED_IDS when relinquishing privileges

diff --git a/usr.sbin/iostat/iostat.c b/usr.sbin/iostat/iostat.c
index a591e56..f038f6e 100644 (file)
--- a/usr.sbin/iostat/iostat.c
+++ b/usr.sbin/iostat/iostat.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: iostat.c,v 1.5 1996/11/02 00:35:50 millert Exp $      */
+/*     $OpenBSD: iostat.c,v 1.6 1996/12/22 03:28:56 deraadt Exp $      */
 /*     $NetBSD: iostat.c,v 1.10 1996/10/25 18:21:58 scottr Exp $       */
 
 /*
@@ -176,8 +176,10 @@ main(argc, argv)
         * Discard setgid privileges if not the running kernel so that bad
         * guys can't print interesting stuff from kernel memory.
         */
-       if (nlistf != NULL || memf != NULL)
+       if (nlistf != NULL || memf != NULL) {
+               setegid(getgid());
                setgid(getgid());
+       }
 
        dkinit(0);
        dkreadstats();

diff --git a/usr.sbin/pppd/main.c b/usr.sbin/pppd/main.c
index 5ff4936..374bad8 100644 (file)
--- a/usr.sbin/pppd/main.c
+++ b/usr.sbin/pppd/main.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: main.c,v 1.11 1996/08/20 04:48:27 deraadt Exp $       */
+/*     $OpenBSD: main.c,v 1.12 1996/12/22 03:29:01 deraadt Exp $       */
 
 /*
  * main.c - Point-to-Point Protocol main module
@@ -20,7 +20,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$OpenBSD: main.c,v 1.11 1996/08/20 04:48:27 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: main.c,v 1.12 1996/12/22 03:29:01 deraadt Exp $";
 #endif
 
 #include <stdio.h>
@@ -1010,7 +1010,10 @@ device_script(program, in, out)
                 close(errfd);
             }
         }
+       /* revoke privs */
+       seteuid(getuid());
        setuid(getuid());
+       setegid(getgid());
        setgid(getgid());
        execl("/bin/sh", "sh", "-c", program, (char *)0);
        syslog(LOG_ERR, "could not exec /bin/sh: %m");

diff --git a/usr.sbin/pstat/pstat.c b/usr.sbin/pstat/pstat.c
index e191089..8dd0397 100644 (file)
--- a/usr.sbin/pstat/pstat.c
+++ b/usr.sbin/pstat/pstat.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pstat.c,v 1.6 1996/11/24 23:42:11 millert Exp $       */
+/*     $OpenBSD: pstat.c,v 1.7 1996/12/22 03:29:03 deraadt Exp $       */
 /*     $NetBSD: pstat.c,v 1.27 1996/10/23 22:50:06 cgd Exp $   */
 
 /*-
@@ -44,7 +44,7 @@ static char copyright[] =
 #if 0
 from: static char sccsid[] = "@(#)pstat.c      8.9 (Berkeley) 2/16/94";
 #else
-static char *rcsid = "$OpenBSD: pstat.c,v 1.6 1996/11/24 23:42:11 millert Exp $";
+static char *rcsid = "$OpenBSD: pstat.c,v 1.7 1996/12/22 03:29:03 deraadt Exp $";
 #endif
 #endif /* not lint */
 
@@ -208,8 +208,10 @@ main(argc, argv)
         * Discard setgid privileges if not the running kernel so that bad
         * guys can't print interesting stuff from kernel memory.
         */
-       if (nlistf != NULL || memf != NULL)
+       if (nlistf != NULL || memf != NULL) {
+               (void)setegid(getgid());
                (void)setgid(getgid());
+       }
 
        if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == 0)
                errx(1, "kvm_openfiles: %s", buf);

diff --git a/usr.sbin/slstats/slstats.c b/usr.sbin/slstats/slstats.c
index 31066f6..a55640c 100644 (file)
--- a/usr.sbin/slstats/slstats.c
+++ b/usr.sbin/slstats/slstats.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: slstats.c,v 1.6 1996/12/10 15:14:33 deraadt Exp $     */
+/*     $OpenBSD: slstats.c,v 1.7 1996/12/22 03:29:06 deraadt Exp $     */
 /*     $NetBSD: slstats.c,v 1.6.6.1 1996/06/07 01:42:30 thorpej Exp $  */
 
 /*
@@ -25,7 +25,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$OpenBSD: slstats.c,v 1.6 1996/12/10 15:14:33 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: slstats.c,v 1.7 1996/12/22 03:29:06 deraadt Exp $";
 #endif
 
 #define INET
@@ -133,8 +133,10 @@ main(argc, argv)
         * Discard setgid privileges if not the running kernel so that bad
         * guys can't print interesting stuff from kernel memory.
         */
-       if (kmemf != NULL || kernel != NULL)
+       if (kmemf != NULL || kernel != NULL) {
+               setegid(getgid());
                setgid(getgid());
+       }
 
        memset(errbuf, 0, sizeof(errbuf));
        if ((kd = kvm_openfiles(kernel, kmemf, NULL, O_RDONLY, errbuf)) == NULL)

diff --git a/usr.sbin/timed/timedc/timedc.c b/usr.sbin/timed/timedc/timedc.c
index 5faf6c2..9c5d0d5 100644 (file)
--- a/usr.sbin/timed/timedc/timedc.c
+++ b/usr.sbin/timed/timedc/timedc.c
@@ -42,7 +42,7 @@ static char sccsid[] = "@(#)timedc.c  5.1 (Berkeley) 5/11/93";
 #endif /* not lint */
 
 #ifdef sgi
-#ident "$Revision: 1.1.1.1 $"
+#ident "$Revision: 1.2 $"
 #endif
 
 #include "timedc.h"
@@ -77,6 +77,9 @@ main(int argc, char *argv[])
                fprintf(stderr, "Could not get privileged resources\n");
                exit(1);
        }
+       /* revoke privs */
+
+       (void) seteuid(getuid());
        (void) setuid(getuid());
 
        if (--argc > 0) {

diff --git a/usr.sbin/traceroute/traceroute.c b/usr.sbin/traceroute/traceroute.c
index ecf84ce..b52183a 100644 (file)
--- a/usr.sbin/traceroute/traceroute.c
+++ b/usr.sbin/traceroute/traceroute.c
@@ -312,6 +312,9 @@ main(argc, argv)
                err(5, "icmp socket");
        if ((sndsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
                err(5, "raw socket");
+
+       /* revoke privs */
+       seteuid(getuid());
        setuid(getuid());
 
        lsrr = 0;

diff --git a/usr.sbin/trpt/trpt.c b/usr.sbin/trpt/trpt.c
index 7f57698..3bab729 100644 (file)
--- a/usr.sbin/trpt/trpt.c
+++ b/usr.sbin/trpt/trpt.c
@@ -39,7 +39,7 @@ char copyright[] =
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)trpt.c     5.14 (Berkeley) 7/1/91";*/
-static char rcsid[] = "$Id: trpt.c,v 1.3 1996/06/03 18:06:18 deraadt Exp $";
+static char rcsid[] = "$Id: trpt.c,v 1.4 1996/12/22 03:29:10 deraadt Exp $";
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -167,8 +167,10 @@ main(argc, argv)
         * Discard setgid priviledges if not the running kernel so that bad
         * guys can't print interesting stuff from kernel memory.
         */
-       if (!strcmp(core, _PATH_KMEM) || !strcmp(system, _PATH_UNIX))
+       if (!strcmp(core, _PATH_KMEM) || !strcmp(system, _PATH_UNIX)) {
+               setegid(getgid());
                setgid(getgid());
+       }
 
        if (nlist(system, nl) < 0 || !nl[0].n_value) {
                fprintf(stderr, "trpt: %s: no namelist\n", system);

diff --git a/usr.sbin/trsp/trsp.c b/usr.sbin/trsp/trsp.c
index 566a4ad..ff161d4 100644 (file)
--- a/usr.sbin/trsp/trsp.c
+++ b/usr.sbin/trsp/trsp.c
@@ -39,7 +39,7 @@ char copyright[] =
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)trsp.c     6.8 (Berkeley) 3/2/91";*/
-static char rcsid[] = "$Id: trsp.c,v 1.3 1996/06/03 18:06:23 deraadt Exp $";
+static char rcsid[] = "$Id: trsp.c,v 1.4 1996/12/22 03:29:12 deraadt Exp $";
 #endif /* not lint */
 
 #include <sys/cdefs.h>
@@ -149,8 +149,11 @@ again:
         * Discard setgid privileges if not the running kernel so that bad
         * guys can't print interesting stuff from kernel memory.
         */
-       if (!strcmp(system, _PATH_UNIX) || !strcmp(core, _PATH_KMEM))
+       if (!strcmp(system, _PATH_UNIX) || !strcmp(core, _PATH_KMEM)) {
+               setegid(getgid());
                setgid(getgid());
+       }
+
        (void) nlist(system, nl);
        if (nl[0].n_value == 0) {
                fprintf(stderr, "trsp: %s: no namelist\n", system);