Deal with _POSIX_SAVED_IDS when relinquishing privileges

diff --git a/libexec/atrun/atrun.c b/libexec/atrun/atrun.c
index 6bd6cd4..7d1b499 100644 (file)
--- a/libexec/atrun/atrun.c
+++ b/libexec/atrun/atrun.c
@@ -54,7 +54,7 @@
 /* File scope variables */
 
 static char *namep;
-static char rcsid[] = "$Id: atrun.c,v 1.1.1.1 1995/10/18 08:43:14 deraadt Exp $";
+static char rcsid[] = "$Id: atrun.c,v 1.2 1996/12/22 03:41:10 tholo Exp $";
 
 /* Local functions */
 static void
@@ -195,9 +195,13 @@ run_file(filename, uid)
                if (initgroups(pentry->pw_name, pentry->pw_gid) < 0)
                        perr("Cannot init group list");
 
+               if (setegid(pentry->pw_gid) < 0)
+                       perr("Cannot change primary group");
                if (setgid(pentry->pw_gid) < 0)
                        perr("Cannot change primary group");
 
+               if (seteuid(uid) < 0)
+                       perr("Cannot set user id");
                if (setuid(uid) < 0)
                        perr("Cannot set user id");
 

diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c
index 55f86cc..65f14fb 100644 (file)
--- a/libexec/comsat/comsat.c
+++ b/libexec/comsat/comsat.c
@@ -39,7 +39,7 @@ static char copyright[] =
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)comsat.c   8.1 (Berkeley) 6/4/93";*/
-static char rcsid[] = "$Id: comsat.c,v 1.3 1996/08/27 11:43:52 deraadt Exp $";
+static char rcsid[] = "$Id: comsat.c,v 1.4 1996/12/22 03:41:12 tholo Exp $";
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -245,8 +245,10 @@ jkfprintf(tp, name, offset)
        char line[BUFSIZ];
 
        /* Set effective uid to user in case mail drop is on nfs */
-       if ((p = getpwnam(name)) != NULL)
+       if ((p = getpwnam(name)) != NULL) {
+               (void) seteuid(p->pw_uid);
                (void) setuid(p->pw_uid);
+       }
 
        if ((fi = fopen(name, "r")) == NULL)
                return;

diff --git a/libexec/identd/identd.c b/libexec/identd/identd.c
index 20e0d39..fee2e46 100644 (file)
--- a/libexec/identd/identd.c
+++ b/libexec/identd/identd.c
@@ -1,5 +1,5 @@
 /*
-**     $Id: identd.c,v 1.2 1996/07/25 09:50:02 deraadt Exp $
+**     $Id: identd.c,v 1.3 1996/12/22 03:41:14 tholo Exp $
 **
 ** identd.c                       A TCP/IP link identification protocol server
 **
@@ -450,13 +450,19 @@ int main(argc,argv)
       ERROR("main: listen");
   }
   
-  if (set_gid)
+  if (set_gid) {
+    if (setegid(set_gid) == -1)
+      ERROR("main: setgid");
     if (setgid(set_gid) == -1)
       ERROR("main: setgid");
+  }
   
-  if (set_uid)
+  if (set_uid) {
+    if (seteuid(set_uid) == -1)
+      ERROR("main: setuid");
     if (setuid(set_uid) == -1)
       ERROR("main: setuid");
+  }
 
   /*
   ** Do some special handling if the "-b" or "-w" flags are used

diff --git a/libexec/rexecd/rexecd.c b/libexec/rexecd/rexecd.c
index ee81b0a..8a01384 100644 (file)
--- a/libexec/rexecd/rexecd.c
+++ b/libexec/rexecd/rexecd.c
@@ -39,7 +39,7 @@ char copyright[] =
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)rexecd.c   5.12 (Berkeley) 2/25/91";*/
-static char rcsid[] = "$Id: rexecd.c,v 1.4 1996/07/28 06:33:16 deraadt Exp $";
+static char rcsid[] = "$Id: rexecd.c,v 1.5 1996/12/22 03:41:16 tholo Exp $";
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -229,8 +229,10 @@ doit(f, fromp)
        if (f > 2)
                (void) close(f);
        setlogin(pwd->pw_name);
+       (void) setegid((gid_t)pwd->pw_gid);
        (void) setgid((gid_t)pwd->pw_gid);
        initgroups(pwd->pw_name, pwd->pw_gid);
+       (void) seteuid((uid_t)pwd->pw_uid);
        (void) setuid((uid_t)pwd->pw_uid);
        (void)strcat(path, _PATH_DEFPATH);
        environ = envinit;

diff --git a/libexec/rpc.rwalld/rwalld.c b/libexec/rpc.rwalld/rwalld.c
index 069662d..e0e6589 100644 (file)
--- a/libexec/rpc.rwalld/rwalld.c
+++ b/libexec/rpc.rwalld/rwalld.c
@@ -28,7 +28,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: rwalld.c,v 1.1.1.1 1995/10/18 08:43:21 deraadt Exp $";
+static char rcsid[] = "$Id: rwalld.c,v 1.2 1996/12/22 03:41:18 tholo Exp $";
 #endif /* not lint */
 
 #include <unistd.h>
@@ -73,10 +73,14 @@ main(argc, argv)
 
        if (geteuid() == 0) {
                struct passwd *pep = getpwnam("nobody");
-               if (pep)
+               if (pep) {
+                       seteuid(pep->pw_uid);
                        setuid(pep->pw_uid);
-               else
+               }
+               else {
+                       seteuid(getuid());
                        setuid(getuid());
+               }
        }
 
        /*

diff --git a/libexec/rshd/rshd.c b/libexec/rshd/rshd.c
index 6b5ca19..07ada91 100644 (file)
--- a/libexec/rshd/rshd.c
+++ b/libexec/rshd/rshd.c
@@ -39,7 +39,7 @@ static char copyright[] =
 
 #ifndef lint
 /* from: static char sccsid[] = "@(#)rshd.c    8.2 (Berkeley) 4/6/94"; */
-static char *rcsid = "$Id: rshd.c,v 1.8 1996/11/01 11:30:33 niklas Exp $";
+static char *rcsid = "$Id: rshd.c,v 1.9 1996/12/22 03:41:20 tholo Exp $";
 #endif /* not lint */
 
 /*
@@ -660,8 +660,10 @@ fail:
        if (setlogin(pwd->pw_name) < 0)
                syslog(LOG_ERR, "setlogin() failed: %m");
 #endif
+       (void) setegid((gid_t)pwd->pw_gid);
        (void) setgid((gid_t)pwd->pw_gid);
        initgroups(pwd->pw_name, pwd->pw_gid);
+       (void) seteuid((uid_t)pwd->pw_uid);
        (void) setuid((uid_t)pwd->pw_uid);
        environ = envinit;
        strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);

diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c
index c95fd65..d848a7e 100644 (file)
--- a/libexec/tftpd/tftpd.c
+++ b/libexec/tftpd/tftpd.c
@@ -39,7 +39,7 @@ char copyright[] =
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)tftpd.c    5.13 (Berkeley) 2/26/91";*/
-static char rcsid[] = "$Id: tftpd.c,v 1.4 1996/12/03 00:25:52 deraadt Exp $";
+static char rcsid[] = "$Id: tftpd.c,v 1.5 1996/12/22 03:41:22 tholo Exp $";
 #endif /* not lint */
 
 /*
@@ -145,7 +145,9 @@ main(argc, argv)
                exit(1);
        }
 
+       (void) setegid(pw->pw_gid);
        (void) setgid(pw->pw_gid);
+       (void) seteuid(pw->pw_uid);
        (void) setuid(pw->pw_uid);
 
        if (ioctl(fd, FIONBIO, &on) < 0) {

diff --git a/libexec/uucpd/uucpd.c b/libexec/uucpd/uucpd.c
index 69f6884..f515bed 100644 (file)
--- a/libexec/uucpd/uucpd.c
+++ b/libexec/uucpd/uucpd.c
@@ -42,7 +42,7 @@ char copyright[] =
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)uucpd.c    5.10 (Berkeley) 2/26/91";*/
-static char rcsid[] = "$Id: uucpd.c,v 1.6 1996/12/03 01:29:54 deraadt Exp $";
+static char rcsid[] = "$Id: uucpd.c,v 1.7 1996/12/22 03:41:24 tholo Exp $";
 #endif /* not lint */
 
 /*
@@ -202,8 +202,10 @@ struct sockaddr_in *sinp;
        (void) snprintf(Loginname, sizeof(Loginname), "LOGNAME=%s", user);
        dologin(pw, sinp);
        setlogin(user);
+       setegid(pw->pw_gid);
        setgid(pw->pw_gid);
        initgroups(pw->pw_name, pw->pw_gid);
+       seteuid(pw->pw_uid);
        setuid(pw->pw_uid);
        chdir(pw->pw_dir);
        execl(_PATH_UUCICO, "uucico", (char *)0);

diff --git a/usr.bin/at/privs.h b/usr.bin/at/privs.h
index b679021..100b639 100644 (file)
--- a/usr.bin/at/privs.h
+++ b/usr.bin/at/privs.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: privs.h,v 1.2 1996/06/26 05:31:31 deraadt Exp $       */
+/*     $OpenBSD: privs.h,v 1.3 1996/12/22 03:39:24 tholo Exp $ */
 /*     $NetBSD: privs.h,v 1.3 1995/03/25 18:13:41 glass Exp $  */
 
 /*
@@ -87,8 +87,8 @@ uid_t real_uid, effective_uid;
 }
 
 #define REDUCE_PRIV(a) { \
-       seteuid(effective_uid); \
        real_uid = effective_uid = (a); \
+       seteuid(effective_uid); \
        setuid(real_uid); \
 }
 #endif