Deal with _POSIX_SAVED_IDS when relinquishing privileges

diff --git a/usr.bin/fstat/fstat.c b/usr.bin/fstat/fstat.c
index af5f38c..9f93fcb 100644 (file)
--- a/usr.bin/fstat/fstat.c
+++ b/usr.bin/fstat/fstat.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: fstat.c,v 1.6 1996/08/17 09:10:47 deraadt Exp $       */
+/*     $OpenBSD: fstat.c,v 1.7 1996/12/22 03:25:52 tholo Exp $ */
 
 /*-
  * Copyright (c) 1988, 1993
@@ -41,7 +41,7 @@ static char copyright[] =
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)fstat.c    8.1 (Berkeley) 6/6/93";*/
-static char *rcsid = "$OpenBSD: fstat.c,v 1.6 1996/08/17 09:10:47 deraadt Exp $";
+static char *rcsid = "$OpenBSD: fstat.c,v 1.7 1996/12/22 03:25:52 tholo Exp $";
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -232,8 +232,10 @@ main(argc, argv)
         * Discard setgid privileges if not the running kernel so that bad
         * guys can't print interesting stuff from kernel memory.
         */
-       if (nlistf != NULL || memf != NULL)
+       if (nlistf != NULL || memf != NULL) {
+               setegid(getgid());
                setgid(getgid());
+       }
 
        if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == NULL) {
                fprintf(stderr, "fstat: %s\n", buf);

diff --git a/usr.bin/ipcs/ipcs.c b/usr.bin/ipcs/ipcs.c
index 8dcba5e..b2344da 100644 (file)
--- a/usr.bin/ipcs/ipcs.c
+++ b/usr.bin/ipcs/ipcs.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ipcs.c,v 1.5 1996/08/11 00:24:32 deraadt Exp $        */
+/*     $OpenBSD: ipcs.c,v 1.6 1996/12/22 03:25:54 tholo Exp $  */
 /*     $NetBSD: ipcs.c,v 1.10.6.1 1996/06/07 01:53:47 thorpej Exp $    */
 
 /*
@@ -192,8 +192,10 @@ main(argc, argv)
         * Discard setgid privileges if not the running kernel so that bad
         * guys can't print interesting stuff from kernel memory.
         */
-       if (namelist != NULL || core != NULL)
+       if (namelist != NULL || core != NULL) {
+               setegid(getgid());
                setgid(getgid());
+       }
        if ((kd = kvm_open(namelist, core, NULL, O_RDONLY, "ipcs")) == NULL)
                exit(1);
 

diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c
index cdf5b9b..392abb7 100644 (file)
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: login.c,v 1.14 1996/12/04 04:04:41 millert Exp $      */
+/*     $OpenBSD: login.c,v 1.15 1996/12/22 03:25:55 tholo Exp $        */
 /*     $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $   */
 
 /*-
@@ -44,7 +44,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)login.c    8.4 (Berkeley) 4/2/94";
 #endif
-static char rcsid[] = "$OpenBSD: login.c,v 1.14 1996/12/04 04:04:41 millert Exp $";
+static char rcsid[] = "$OpenBSD: login.c,v 1.15 1996/12/22 03:25:55 tholo Exp $";
 #endif /* not lint */
 
 /*
@@ -411,6 +411,7 @@ main(argc, argv)
        if (krbtkfile_env)
            dofork();
 #endif
+       (void)setegid(pwd->pw_gid);
        (void)setgid(pwd->pw_gid);
 
        initgroups(username, pwd->pw_gid);
@@ -496,8 +497,10 @@ main(argc, argv)
        /* Discard permissions last so can't get killed and drop core. */
        if (rootlogin)
                (void) setuid(0);
-       else
+       else {
+               (void) seteuid(pwd->pw_uid);
                (void) setuid(pwd->pw_uid);
+       }
 
        execlp(pwd->pw_shell, tbuf, 0);
        err(1, "%s", pwd->pw_shell);

diff --git a/usr.bin/msgs/msgs.c b/usr.bin/msgs/msgs.c
index 47f16c9..c84cfec 100644 (file)
--- a/usr.bin/msgs/msgs.c
+++ b/usr.bin/msgs/msgs.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: msgs.c,v 1.5 1996/10/28 00:45:58 millert Exp $        */
+/*     $OpenBSD: msgs.c,v 1.6 1996/12/22 03:25:56 tholo Exp $  */
 /*     $NetBSD: msgs.c,v 1.7 1995/09/28 06:57:40 tls Exp $     */
 
 /*-
@@ -44,7 +44,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)msgs.c     8.2 (Berkeley) 4/28/95";
 #else
-static char rcsid[] = "$OpenBSD: msgs.c,v 1.5 1996/10/28 00:45:58 millert Exp $";
+static char rcsid[] = "$OpenBSD: msgs.c,v 1.6 1996/12/22 03:25:56 tholo Exp $";
 #endif
 #endif /* not lint */
 
@@ -171,7 +171,8 @@ int argc; char *argv[];
 #endif
 
        time(&t);
-       setuid(uid = getuid());
+       seteuid(uid = getuid());
+       setuid(uid);
        ruptible = (signal(SIGINT, SIG_IGN) == SIG_DFL);
        if (ruptible)
                signal(SIGINT, SIG_DFL);

diff --git a/usr.bin/netstat/main.c b/usr.bin/netstat/main.c
index 5407435..10a31fa 100644 (file)
--- a/usr.bin/netstat/main.c
+++ b/usr.bin/netstat/main.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: main.c,v 1.4 1996/08/16 09:29:33 mickey Exp $ */
+/*     $OpenBSD: main.c,v 1.5 1996/12/22 03:25:58 tholo Exp $  */
 /*     $NetBSD: main.c,v 1.9 1996/05/07 02:55:02 thorpej Exp $ */
 
 /*
@@ -44,7 +44,7 @@ char copyright[] =
 #if 0
 static char sccsid[] = "from: @(#)main.c       8.4 (Berkeley) 3/1/94";
 #else
-static char *rcsid = "$OpenBSD: main.c,v 1.4 1996/08/16 09:29:33 mickey Exp $";
+static char *rcsid = "$OpenBSD: main.c,v 1.5 1996/12/22 03:25:58 tholo Exp $";
 #endif
 #endif /* not lint */
 
@@ -331,8 +331,10 @@ main(argc, argv)
         * Discard setgid privileges if not the running kernel so that bad
         * guys can't print interesting stuff from kernel memory.
         */
-       if (nlistf != NULL || memf != NULL)
+       if (nlistf != NULL || memf != NULL) {
+               setegid(getgid());
                setgid(getgid());
+       }
 
        if ((kvmd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY,
            buf)) == NULL) {

diff --git a/usr.bin/nfsstat/nfsstat.c b/usr.bin/nfsstat/nfsstat.c
index 6e35c4a..d84b73d 100644 (file)
--- a/usr.bin/nfsstat/nfsstat.c
+++ b/usr.bin/nfsstat/nfsstat.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: nfsstat.c,v 1.4 1996/12/15 18:52:19 kstailey Exp $    */
+/*     $OpenBSD: nfsstat.c,v 1.5 1996/12/22 03:25:59 tholo Exp $       */
 /*     $NetBSD: nfsstat.c,v 1.7 1996/03/03 17:21:30 thorpej Exp $      */
 
 /*
@@ -48,7 +48,7 @@ static char copyright[] =
 static char sccsid[] = "from: @(#)nfsstat.c    8.1 (Berkeley) 6/6/93";
 static char *rcsid = "$NetBSD: nfsstat.c,v 1.7 1996/03/03 17:21:30 thorpej Exp $";
 #else
-static char *rcsid = "$OpenBSD: nfsstat.c,v 1.4 1996/12/15 18:52:19 kstailey Exp $";
+static char *rcsid = "$OpenBSD: nfsstat.c,v 1.5 1996/12/22 03:25:59 tholo Exp $";
 #endif
 #endif /* not lint */
 
@@ -138,8 +138,10 @@ main(argc, argv)
         * Discard setgid privileges if not the running kernel so that bad
         * guys can't print interesting stuff from kernel memory.
         */
-       if (nlistf != NULL || memf != NULL)
+       if (nlistf != NULL || memf != NULL) {
+               setegid(getgid());
                setgid(getgid());
+       }
 
        if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf)) == 0) {
                fprintf(stderr, "nfsstat: kvm_openfiles: %s\n", errbuf);

diff --git a/usr.bin/oldrdist/server.c b/usr.bin/oldrdist/server.c
index 9a97cea..b8531eb 100644 (file)
--- a/usr.bin/oldrdist/server.c
+++ b/usr.bin/oldrdist/server.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: server.c,v 1.6 1996/08/22 20:33:24 millert Exp $      */
+/*     $OpenBSD: server.c,v 1.7 1996/12/22 03:26:00 tholo Exp $        */
 
 /*
  * Copyright (c) 1983, 1993
@@ -35,7 +35,7 @@
 
 #ifndef lint
 /* from: static char sccsid[] = "@(#)server.c  8.1 (Berkeley) 6/9/93"; */
-static char *rcsid = "$OpenBSD: server.c,v 1.6 1996/08/22 20:33:24 millert Exp $";
+static char *rcsid = "$OpenBSD: server.c,v 1.7 1996/12/22 03:26:00 tholo Exp $";
 #endif /* not lint */
 
 #include <sys/wait.h>
@@ -1352,7 +1352,9 @@ dospecial(cmd)
                (void) close(fd[0]);
                (void) close(fd[1]);
 #if    defined(DIRECT_RCMD)
+               setegid(groupid);
                setgid(groupid);
+               seteuid(userid);
                setuid(userid);
 #endif /* DIRECT_RCMD */
                execl(_PATH_BSHELL, "sh", "-c", cmd, 0);

diff --git a/usr.bin/rlogin/rlogin.c b/usr.bin/rlogin/rlogin.c
index f782110..fa9bcac 100644 (file)
--- a/usr.bin/rlogin/rlogin.c
+++ b/usr.bin/rlogin/rlogin.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: rlogin.c,v 1.9 1996/11/11 05:59:47 mickey Exp $       */
+/*     $OpenBSD: rlogin.c,v 1.10 1996/12/22 03:26:01 tholo Exp $       */
 /*     $NetBSD: rlogin.c,v 1.8 1995/10/05 09:07:22 mycroft Exp $       */
 
 /*
@@ -44,7 +44,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)rlogin.c   8.1 (Berkeley) 6/6/93";
 #else
-static char rcsid[] = "$OpenBSD: rlogin.c,v 1.9 1996/11/11 05:59:47 mickey Exp $";
+static char rcsid[] = "$OpenBSD: rlogin.c,v 1.10 1996/12/22 03:26:01 tholo Exp $";
 #endif
 #endif /* not lint */
 
@@ -349,6 +349,7 @@ try_connect:
        if (setsockopt(rem, IPPROTO_IP, IP_TOS, (char *)&one, sizeof(int)) < 0)
                perror("rlogin: setsockopt TOS (ignored)");
 
+       (void)seteuid(uid);
        (void)setuid(uid);
        doit(omask);
        /*NOTREACHED*/

diff --git a/usr.bin/rsh/rsh.c b/usr.bin/rsh/rsh.c
index 544a754..517a400 100644 (file)
--- a/usr.bin/rsh/rsh.c
+++ b/usr.bin/rsh/rsh.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: rsh.c,v 1.9 1996/09/02 21:28:04 millert Exp $ */
+/*     $OpenBSD: rsh.c,v 1.10 1996/12/22 03:26:02 tholo Exp $  */
 
 /*-
  * Copyright (c) 1983, 1990 The Regents of the University of California.
@@ -41,7 +41,7 @@ char copyright[] =
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)rsh.c      5.24 (Berkeley) 7/1/91";*/
-static char rcsid[] = "$OpenBSD: rsh.c,v 1.9 1996/09/02 21:28:04 millert Exp $";
+static char rcsid[] = "$OpenBSD: rsh.c,v 1.10 1996/12/22 03:26:02 tholo Exp $";
 #endif /* not lint */
 
 #include <sys/types.h>
@@ -168,6 +168,7 @@ main(argc, argv)
        if (!argv[optind]) {
                if (asrsh)
                        *argv = "rlogin";
+               seteuid(getuid());
                setuid(getuid());
                execv(_PATH_RLOGIN, argv);
                (void)fprintf(stderr, "rsh: can't exec %s.\n", _PATH_RLOGIN);
@@ -274,6 +275,7 @@ try_connect:
                            strerror(errno));
        }
 
+       (void)seteuid(uid);
        (void)setuid(uid);
        omask = sigblock(sigmask(SIGINT)|sigmask(SIGQUIT)|sigmask(SIGTERM));
        if (signal(SIGINT, SIG_IGN) != SIG_IGN)

diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c
index 563a164..11396e3 100644 (file)
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: su.c,v 1.16 1996/10/27 16:49:17 millert Exp $ */
+/*     $OpenBSD: su.c,v 1.17 1996/12/22 03:26:03 tholo Exp $   */
 
 /*
  * Copyright (c) 1988 The Regents of the University of California.
@@ -41,7 +41,7 @@ char copyright[] =
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)su.c       5.26 (Berkeley) 7/6/91";*/
-static char rcsid[] = "$OpenBSD: su.c,v 1.16 1996/10/27 16:49:17 millert Exp $";
+static char rcsid[] = "$OpenBSD: su.c,v 1.17 1996/12/22 03:26:03 tholo Exp $";
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -220,10 +220,14 @@ badlogin:
                iscsh = strcmp(avshell, "csh") ? NO : YES;
 
        /* set permissions */
+       if (setegid(pwd->pw_gid) < 0)
+               err(1, "setegid");
        if (setgid(pwd->pw_gid) < 0)
                err(1, "setgid");
        if (initgroups(user, pwd->pw_gid))
                err(1, "initgroups failed");
+       if (seteuid(pwd->pw_uid) < 0)
+               err(1, "seteuid");
        if (setuid(pwd->pw_uid) < 0)
                err(1, "setuid");
 

diff --git a/usr.bin/sup/src/run.c b/usr.bin/sup/src/run.c
index ec11f15..995ebf5 100644 (file)
--- a/usr.bin/sup/src/run.c
+++ b/usr.bin/sup/src/run.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: run.c,v 1.2 1996/06/26 05:39:45 deraadt Exp $ */
+/*     $OpenBSD: run.c,v 1.3 1996/12/22 03:26:04 tholo Exp $   */
 
 /*
  * Copyright (c) 1991 Carnegie Mellon University
@@ -50,6 +50,9 @@
  **********************************************************************
  * HISTORY
  * $Log: run.c,v $
+ * Revision 1.3  1996/12/22 03:26:04  tholo
+ * Deal with _POSIX_SAVED_IDS when relinquishing privileges
+ *
  * Revision 1.2  1996/06/26 05:39:45  deraadt
  * rcsid
  *
@@ -170,7 +173,9 @@ int usepath;
                return(-1);     /* no more process's, so exit with error */
 
        if (pid == 0) {                 /* child process */
+               setegid (getgid());
                setgid (getgid());
+               seteuid (getuid());
                setuid (getuid());
                (*execrtn) (name,argv);
                fprintf (stderr,"run: can't exec %s\n",name);

diff --git a/usr.bin/sup/src/supfilesrv.c b/usr.bin/sup/src/supfilesrv.c
index 60ad854..c052fff 100644 (file)
--- a/usr.bin/sup/src/supfilesrv.c
+++ b/usr.bin/sup/src/supfilesrv.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: supfilesrv.c,v 1.4 1996/07/31 11:11:31 niklas Exp $   */
+/*     $OpenBSD: supfilesrv.c,v 1.5 1996/12/22 03:26:05 tholo Exp $    */
 
 /*
  * Copyright (c) 1992 Carnegie Mellon University
@@ -44,6 +44,9 @@
  *     across the network to save BandWidth
  *
  * $Log: supfilesrv.c,v $
+ * Revision 1.5  1996/12/22 03:26:05  tholo
+ * Deal with _POSIX_SAVED_IDS when relinquishing privileges
+ *
  * Revision 1.4  1996/07/31 11:11:31  niklas
  * Better use time_t instead of long when dealing with times
  *
@@ -1647,15 +1650,23 @@ int fileuid,filegid;
 #if    CMUCS
        if (setgroups (grps[0], &grps[1]) < 0)
                logerr ("setgroups: %%m");
+       if (setegid ((gid_t)grp->gr_gid) < 0)
+               logerr ("setegid: %%m");
        if (setgid ((gid_t)grp->gr_gid) < 0)
                logerr ("setgid: %%m");
+       if (seteuid ((uid_t)pwd->pw_uid) < 0)
+               logerr ("seteuid: %%m");
        if (setuid ((uid_t)pwd->pw_uid) < 0)
                logerr ("setuid: %%m");
 #else   /* CMUCS */
        if (initgroups (pwd->pw_name,pwd->pw_gid) < 0)
                return("Error setting group list");
+       if (setegid (pwd->pw_gid) < 0)
+               logerr ("setegid: %%m");
        if (setgid (pwd->pw_gid) < 0)
                logerr ("setgid: %%m");
+       if (seteuid (pwd->pw_uid) < 0)
+               logerr ("seteuid: %%m");
        if (setuid (pwd->pw_uid) < 0)
                logerr ("setuid: %%m");
 #endif /* CMUCS */

diff --git a/usr.bin/systat/main.c b/usr.bin/systat/main.c
index cfe05cc..d35d486 100644 (file)
--- a/usr.bin/systat/main.c
+++ b/usr.bin/systat/main.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: main.c,v 1.7 1996/08/08 10:41:01 niklas Exp $ */
+/*     $OpenBSD: main.c,v 1.8 1996/12/22 03:26:07 tholo Exp $  */
 /*     $NetBSD: main.c,v 1.8 1996/05/10 23:16:36 thorpej Exp $ */
 
 /*-
@@ -44,7 +44,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)main.c     8.1 (Berkeley) 6/6/93";
 #endif
-static char rcsid[] = "$OpenBSD: main.c,v 1.7 1996/08/08 10:41:01 niklas Exp $";
+static char rcsid[] = "$OpenBSD: main.c,v 1.8 1996/12/22 03:26:07 tholo Exp $";
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -119,8 +119,10 @@ main(argc, argv)
          * Discard setgid privileges if not the running kernel so that bad
          * guys can't print interesting stuff from kernel memory.
          */
-        if (nlistf != NULL || memf != NULL)
+        if (nlistf != NULL || memf != NULL) {
+               setegid(getgid());
                 setgid(getgid());
+       }
 
        while (argc > 0) {
                if (isdigit(argv[0][0])) {

diff --git a/usr.bin/telnet/commands.c b/usr.bin/telnet/commands.c
index cd2ae92..a7de698 100644 (file)
--- a/usr.bin/telnet/commands.c
+++ b/usr.bin/telnet/commands.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: commands.c,v 1.8 1996/12/06 15:21:53 robin Exp $      */
+/*     $OpenBSD: commands.c,v 1.9 1996/12/22 03:26:08 tholo Exp $      */
 /*     $NetBSD: commands.c,v 1.14 1996/03/24 22:03:48 jtk Exp $        */
 
 /*
@@ -39,7 +39,7 @@
 static char sccsid[] = "@(#)commands.c 8.4 (Berkeley) 5/30/95";
 static char rcsid[] = "$NetBSD: commands.c,v 1.14 1996/03/24 22:03:48 jtk Exp $";
 #else
-static char rcsid[] = "$OpenBSD: commands.c,v 1.8 1996/12/06 15:21:53 robin Exp $";
+static char rcsid[] = "$OpenBSD: commands.c,v 1.9 1996/12/22 03:26:08 tholo Exp $";
 #endif
 #endif /* not lint */
 
@@ -2144,6 +2144,7 @@ tn(argc, argv)
 
     if (connected) {
        printf("?Already connected to %s\n", hostname);
+       seteuid(getuid());
        setuid(getuid());
        return 0;
     }
@@ -2193,6 +2194,7 @@ tn(argc, argv)
        }
     usage:
        printf("usage: %s [-l user] [-a] host-name [port]\n", cmd);
+       seteuid(getuid());
        setuid(getuid());
        return 0;
     }
@@ -2208,10 +2210,12 @@ tn(argc, argv)
        temp = sourceroute(hostp, &srp, &srlen);
        if (temp == 0) {
            herror(srp);
+           seteuid(getuid());
            setuid(getuid());
            return 0;
        } else if (temp == -1) {
            printf("Bad source route option: %s\n", hostp);
+           seteuid(getuid());
            setuid(getuid());
            return 0;
        } else {
@@ -2245,6 +2249,7 @@ tn(argc, argv)
                hostname = _hostname;
            } else {
                herror(hostp);
+               seteuid(getuid());
                setuid(getuid());
                return 0;
            }
@@ -2265,6 +2270,7 @@ tn(argc, argv)
                sin.sin_port = sp->s_port;
            else {
                printf("%s: bad port number\n", portp);
+               seteuid(getuid());
                setuid(getuid());
                return 0;
            }
@@ -2279,6 +2285,7 @@ tn(argc, argv)
            sp = getservbyname("telnet", "tcp");
            if (sp == 0) {
                fprintf(stderr, "telnet: tcp/telnet: unknown service\n");
+               seteuid(getuid());
                setuid(getuid());
                return 0;
            }
@@ -2289,6 +2296,7 @@ tn(argc, argv)
     printf("Trying %s...\n", inet_ntoa(sin.sin_addr));
     do {
        net = socket(AF_INET, SOCK_STREAM, 0);
+       seteuid(getuid());
        setuid(getuid());
        if (net < 0) {
            perror("telnet: socket");

diff --git a/usr.bin/vmstat/vmstat.c b/usr.bin/vmstat/vmstat.c
index c90f47a..fa310cd 100644 (file)
--- a/usr.bin/vmstat/vmstat.c
+++ b/usr.bin/vmstat/vmstat.c
@@ -1,5 +1,5 @@
 /*     $NetBSD: vmstat.c,v 1.29.4.1 1996/06/05 00:21:05 cgd Exp $      */
-/*     $OpenBSD: vmstat.c,v 1.14 1996/12/04 10:04:44 deraadt Exp $     */
+/*     $OpenBSD: vmstat.c,v 1.15 1996/12/22 03:26:09 tholo Exp $       */
 
 /*
  * Copyright (c) 1980, 1986, 1991, 1993
@@ -235,8 +235,10 @@ main(argc, argv)
         * Discard setgid privileges if not the running kernel so that bad
         * guys can't print interesting stuff from kernel memory.
         */
-       if (nlistf != NULL || memf != NULL)
+       if (nlistf != NULL || memf != NULL) {
+               setegid(getgid());
                setgid(getgid());
+       }
 
         kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf);
        if (kd == 0) {

diff --git a/usr.bin/w/w.c b/usr.bin/w/w.c
index 01b7c5a..57cc2d6 100644 (file)
--- a/usr.bin/w/w.c
+++ b/usr.bin/w/w.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: w.c,v 1.10 1996/08/22 09:37:19 deraadt Exp $  */
+/*     $OpenBSD: w.c,v 1.11 1996/12/22 03:26:10 tholo Exp $    */
 
 /*-
  * Copyright (c) 1980, 1991, 1993, 1994
@@ -173,8 +173,10 @@ main(argc, argv)
         * Discard setgid privileges if not the running kernel so that bad
         * guys can't print interesting stuff from kernel memory.
         */
-       if (nlistf != NULL || memf != NULL)
+       if (nlistf != NULL || memf != NULL) {
+               setegid(getgid());
                setgid(getgid());
+       }
 
        if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf)) == NULL)
                errx(1, "%s", errbuf);