From: tholo Date: Sun, 22 Dec 1996 03:25:52 +0000 (+0000) Subject: Deal with _POSIX_SAVED_IDS when relinquishing privileges X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=f6e653e909fc0c4f4c33d4e7a0d362d9e6c547b4;p=openbsd Deal with _POSIX_SAVED_IDS when relinquishing privileges --- diff --git a/usr.bin/fstat/fstat.c b/usr.bin/fstat/fstat.c index af5f38c4df4..9f93fcb7bfd 100644 --- a/usr.bin/fstat/fstat.c +++ b/usr.bin/fstat/fstat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fstat.c,v 1.6 1996/08/17 09:10:47 deraadt Exp $ */ +/* $OpenBSD: fstat.c,v 1.7 1996/12/22 03:25:52 tholo Exp $ */ /*- * Copyright (c) 1988, 1993 @@ -41,7 +41,7 @@ static char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)fstat.c 8.1 (Berkeley) 6/6/93";*/ -static char *rcsid = "$OpenBSD: fstat.c,v 1.6 1996/08/17 09:10:47 deraadt Exp $"; +static char *rcsid = "$OpenBSD: fstat.c,v 1.7 1996/12/22 03:25:52 tholo Exp $"; #endif /* not lint */ #include @@ -232,8 +232,10 @@ main(argc, argv) * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ - if (nlistf != NULL || memf != NULL) + if (nlistf != NULL || memf != NULL) { + setegid(getgid()); setgid(getgid()); + } if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == NULL) { fprintf(stderr, "fstat: %s\n", buf); diff --git a/usr.bin/ipcs/ipcs.c b/usr.bin/ipcs/ipcs.c index 8dcba5ece14..b2344daefec 100644 --- a/usr.bin/ipcs/ipcs.c +++ b/usr.bin/ipcs/ipcs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipcs.c,v 1.5 1996/08/11 00:24:32 deraadt Exp $ */ +/* $OpenBSD: ipcs.c,v 1.6 1996/12/22 03:25:54 tholo Exp $ */ /* $NetBSD: ipcs.c,v 1.10.6.1 1996/06/07 01:53:47 thorpej Exp $ */ /* @@ -192,8 +192,10 @@ main(argc, argv) * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ - if (namelist != NULL || core != NULL) + if (namelist != NULL || core != NULL) { + setegid(getgid()); setgid(getgid()); + } if ((kd = kvm_open(namelist, core, NULL, O_RDONLY, "ipcs")) == NULL) exit(1); diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index cdf5b9b22e0..392abb79f77 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login.c,v 1.14 1996/12/04 04:04:41 millert Exp $ */ +/* $OpenBSD: login.c,v 1.15 1996/12/22 03:25:55 tholo Exp $ */ /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */ /*- @@ -44,7 +44,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94"; #endif -static char rcsid[] = "$OpenBSD: login.c,v 1.14 1996/12/04 04:04:41 millert Exp $"; +static char rcsid[] = "$OpenBSD: login.c,v 1.15 1996/12/22 03:25:55 tholo Exp $"; #endif /* not lint */ /* @@ -411,6 +411,7 @@ main(argc, argv) if (krbtkfile_env) dofork(); #endif + (void)setegid(pwd->pw_gid); (void)setgid(pwd->pw_gid); initgroups(username, pwd->pw_gid); @@ -496,8 +497,10 @@ main(argc, argv) /* Discard permissions last so can't get killed and drop core. */ if (rootlogin) (void) setuid(0); - else + else { + (void) seteuid(pwd->pw_uid); (void) setuid(pwd->pw_uid); + } execlp(pwd->pw_shell, tbuf, 0); err(1, "%s", pwd->pw_shell); diff --git a/usr.bin/msgs/msgs.c b/usr.bin/msgs/msgs.c index 47f16c90e12..c84cfec5f34 100644 --- a/usr.bin/msgs/msgs.c +++ b/usr.bin/msgs/msgs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: msgs.c,v 1.5 1996/10/28 00:45:58 millert Exp $ */ +/* $OpenBSD: msgs.c,v 1.6 1996/12/22 03:25:56 tholo Exp $ */ /* $NetBSD: msgs.c,v 1.7 1995/09/28 06:57:40 tls Exp $ */ /*- @@ -44,7 +44,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)msgs.c 8.2 (Berkeley) 4/28/95"; #else -static char rcsid[] = "$OpenBSD: msgs.c,v 1.5 1996/10/28 00:45:58 millert Exp $"; +static char rcsid[] = "$OpenBSD: msgs.c,v 1.6 1996/12/22 03:25:56 tholo Exp $"; #endif #endif /* not lint */ @@ -171,7 +171,8 @@ int argc; char *argv[]; #endif time(&t); - setuid(uid = getuid()); + seteuid(uid = getuid()); + setuid(uid); ruptible = (signal(SIGINT, SIG_IGN) == SIG_DFL); if (ruptible) signal(SIGINT, SIG_DFL); diff --git a/usr.bin/netstat/main.c b/usr.bin/netstat/main.c index 5407435c04e..10a31faaa2f 100644 --- a/usr.bin/netstat/main.c +++ b/usr.bin/netstat/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.4 1996/08/16 09:29:33 mickey Exp $ */ +/* $OpenBSD: main.c,v 1.5 1996/12/22 03:25:58 tholo Exp $ */ /* $NetBSD: main.c,v 1.9 1996/05/07 02:55:02 thorpej Exp $ */ /* @@ -44,7 +44,7 @@ char copyright[] = #if 0 static char sccsid[] = "from: @(#)main.c 8.4 (Berkeley) 3/1/94"; #else -static char *rcsid = "$OpenBSD: main.c,v 1.4 1996/08/16 09:29:33 mickey Exp $"; +static char *rcsid = "$OpenBSD: main.c,v 1.5 1996/12/22 03:25:58 tholo Exp $"; #endif #endif /* not lint */ @@ -331,8 +331,10 @@ main(argc, argv) * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ - if (nlistf != NULL || memf != NULL) + if (nlistf != NULL || memf != NULL) { + setegid(getgid()); setgid(getgid()); + } if ((kvmd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == NULL) { diff --git a/usr.bin/nfsstat/nfsstat.c b/usr.bin/nfsstat/nfsstat.c index 6e35c4a5a33..d84b73da9bc 100644 --- a/usr.bin/nfsstat/nfsstat.c +++ b/usr.bin/nfsstat/nfsstat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfsstat.c,v 1.4 1996/12/15 18:52:19 kstailey Exp $ */ +/* $OpenBSD: nfsstat.c,v 1.5 1996/12/22 03:25:59 tholo Exp $ */ /* $NetBSD: nfsstat.c,v 1.7 1996/03/03 17:21:30 thorpej Exp $ */ /* @@ -48,7 +48,7 @@ static char copyright[] = static char sccsid[] = "from: @(#)nfsstat.c 8.1 (Berkeley) 6/6/93"; static char *rcsid = "$NetBSD: nfsstat.c,v 1.7 1996/03/03 17:21:30 thorpej Exp $"; #else -static char *rcsid = "$OpenBSD: nfsstat.c,v 1.4 1996/12/15 18:52:19 kstailey Exp $"; +static char *rcsid = "$OpenBSD: nfsstat.c,v 1.5 1996/12/22 03:25:59 tholo Exp $"; #endif #endif /* not lint */ @@ -138,8 +138,10 @@ main(argc, argv) * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ - if (nlistf != NULL || memf != NULL) + if (nlistf != NULL || memf != NULL) { + setegid(getgid()); setgid(getgid()); + } if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf)) == 0) { fprintf(stderr, "nfsstat: kvm_openfiles: %s\n", errbuf); diff --git a/usr.bin/oldrdist/server.c b/usr.bin/oldrdist/server.c index 9a97cead1f4..b8531eb9924 100644 --- a/usr.bin/oldrdist/server.c +++ b/usr.bin/oldrdist/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.6 1996/08/22 20:33:24 millert Exp $ */ +/* $OpenBSD: server.c,v 1.7 1996/12/22 03:26:00 tholo Exp $ */ /* * Copyright (c) 1983, 1993 @@ -35,7 +35,7 @@ #ifndef lint /* from: static char sccsid[] = "@(#)server.c 8.1 (Berkeley) 6/9/93"; */ -static char *rcsid = "$OpenBSD: server.c,v 1.6 1996/08/22 20:33:24 millert Exp $"; +static char *rcsid = "$OpenBSD: server.c,v 1.7 1996/12/22 03:26:00 tholo Exp $"; #endif /* not lint */ #include @@ -1352,7 +1352,9 @@ dospecial(cmd) (void) close(fd[0]); (void) close(fd[1]); #if defined(DIRECT_RCMD) + setegid(groupid); setgid(groupid); + seteuid(userid); setuid(userid); #endif /* DIRECT_RCMD */ execl(_PATH_BSHELL, "sh", "-c", cmd, 0); diff --git a/usr.bin/rlogin/rlogin.c b/usr.bin/rlogin/rlogin.c index f782110a046..fa9bcac429d 100644 --- a/usr.bin/rlogin/rlogin.c +++ b/usr.bin/rlogin/rlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rlogin.c,v 1.9 1996/11/11 05:59:47 mickey Exp $ */ +/* $OpenBSD: rlogin.c,v 1.10 1996/12/22 03:26:01 tholo Exp $ */ /* $NetBSD: rlogin.c,v 1.8 1995/10/05 09:07:22 mycroft Exp $ */ /* @@ -44,7 +44,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)rlogin.c 8.1 (Berkeley) 6/6/93"; #else -static char rcsid[] = "$OpenBSD: rlogin.c,v 1.9 1996/11/11 05:59:47 mickey Exp $"; +static char rcsid[] = "$OpenBSD: rlogin.c,v 1.10 1996/12/22 03:26:01 tholo Exp $"; #endif #endif /* not lint */ @@ -349,6 +349,7 @@ try_connect: if (setsockopt(rem, IPPROTO_IP, IP_TOS, (char *)&one, sizeof(int)) < 0) perror("rlogin: setsockopt TOS (ignored)"); + (void)seteuid(uid); (void)setuid(uid); doit(omask); /*NOTREACHED*/ diff --git a/usr.bin/rsh/rsh.c b/usr.bin/rsh/rsh.c index 544a754bb0d..517a400afa5 100644 --- a/usr.bin/rsh/rsh.c +++ b/usr.bin/rsh/rsh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsh.c,v 1.9 1996/09/02 21:28:04 millert Exp $ */ +/* $OpenBSD: rsh.c,v 1.10 1996/12/22 03:26:02 tholo Exp $ */ /*- * Copyright (c) 1983, 1990 The Regents of the University of California. @@ -41,7 +41,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)rsh.c 5.24 (Berkeley) 7/1/91";*/ -static char rcsid[] = "$OpenBSD: rsh.c,v 1.9 1996/09/02 21:28:04 millert Exp $"; +static char rcsid[] = "$OpenBSD: rsh.c,v 1.10 1996/12/22 03:26:02 tholo Exp $"; #endif /* not lint */ #include @@ -168,6 +168,7 @@ main(argc, argv) if (!argv[optind]) { if (asrsh) *argv = "rlogin"; + seteuid(getuid()); setuid(getuid()); execv(_PATH_RLOGIN, argv); (void)fprintf(stderr, "rsh: can't exec %s.\n", _PATH_RLOGIN); @@ -274,6 +275,7 @@ try_connect: strerror(errno)); } + (void)seteuid(uid); (void)setuid(uid); omask = sigblock(sigmask(SIGINT)|sigmask(SIGQUIT)|sigmask(SIGTERM)); if (signal(SIGINT, SIG_IGN) != SIG_IGN) diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index 563a1642f66..11396e3d8bc 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -1,4 +1,4 @@ -/* $OpenBSD: su.c,v 1.16 1996/10/27 16:49:17 millert Exp $ */ +/* $OpenBSD: su.c,v 1.17 1996/12/22 03:26:03 tholo Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. @@ -41,7 +41,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/ -static char rcsid[] = "$OpenBSD: su.c,v 1.16 1996/10/27 16:49:17 millert Exp $"; +static char rcsid[] = "$OpenBSD: su.c,v 1.17 1996/12/22 03:26:03 tholo Exp $"; #endif /* not lint */ #include @@ -220,10 +220,14 @@ badlogin: iscsh = strcmp(avshell, "csh") ? NO : YES; /* set permissions */ + if (setegid(pwd->pw_gid) < 0) + err(1, "setegid"); if (setgid(pwd->pw_gid) < 0) err(1, "setgid"); if (initgroups(user, pwd->pw_gid)) err(1, "initgroups failed"); + if (seteuid(pwd->pw_uid) < 0) + err(1, "seteuid"); if (setuid(pwd->pw_uid) < 0) err(1, "setuid"); diff --git a/usr.bin/sup/src/run.c b/usr.bin/sup/src/run.c index ec11f15a613..995ebf5f158 100644 --- a/usr.bin/sup/src/run.c +++ b/usr.bin/sup/src/run.c @@ -1,4 +1,4 @@ -/* $OpenBSD: run.c,v 1.2 1996/06/26 05:39:45 deraadt Exp $ */ +/* $OpenBSD: run.c,v 1.3 1996/12/22 03:26:04 tholo Exp $ */ /* * Copyright (c) 1991 Carnegie Mellon University @@ -50,6 +50,9 @@ ********************************************************************** * HISTORY * $Log: run.c,v $ + * Revision 1.3 1996/12/22 03:26:04 tholo + * Deal with _POSIX_SAVED_IDS when relinquishing privileges + * * Revision 1.2 1996/06/26 05:39:45 deraadt * rcsid * @@ -170,7 +173,9 @@ int usepath; return(-1); /* no more process's, so exit with error */ if (pid == 0) { /* child process */ + setegid (getgid()); setgid (getgid()); + seteuid (getuid()); setuid (getuid()); (*execrtn) (name,argv); fprintf (stderr,"run: can't exec %s\n",name); diff --git a/usr.bin/sup/src/supfilesrv.c b/usr.bin/sup/src/supfilesrv.c index 60ad85401a2..c052fffa03b 100644 --- a/usr.bin/sup/src/supfilesrv.c +++ b/usr.bin/sup/src/supfilesrv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: supfilesrv.c,v 1.4 1996/07/31 11:11:31 niklas Exp $ */ +/* $OpenBSD: supfilesrv.c,v 1.5 1996/12/22 03:26:05 tholo Exp $ */ /* * Copyright (c) 1992 Carnegie Mellon University @@ -44,6 +44,9 @@ * across the network to save BandWidth * * $Log: supfilesrv.c,v $ + * Revision 1.5 1996/12/22 03:26:05 tholo + * Deal with _POSIX_SAVED_IDS when relinquishing privileges + * * Revision 1.4 1996/07/31 11:11:31 niklas * Better use time_t instead of long when dealing with times * @@ -1647,15 +1650,23 @@ int fileuid,filegid; #if CMUCS if (setgroups (grps[0], &grps[1]) < 0) logerr ("setgroups: %%m"); + if (setegid ((gid_t)grp->gr_gid) < 0) + logerr ("setegid: %%m"); if (setgid ((gid_t)grp->gr_gid) < 0) logerr ("setgid: %%m"); + if (seteuid ((uid_t)pwd->pw_uid) < 0) + logerr ("seteuid: %%m"); if (setuid ((uid_t)pwd->pw_uid) < 0) logerr ("setuid: %%m"); #else /* CMUCS */ if (initgroups (pwd->pw_name,pwd->pw_gid) < 0) return("Error setting group list"); + if (setegid (pwd->pw_gid) < 0) + logerr ("setegid: %%m"); if (setgid (pwd->pw_gid) < 0) logerr ("setgid: %%m"); + if (seteuid (pwd->pw_uid) < 0) + logerr ("seteuid: %%m"); if (setuid (pwd->pw_uid) < 0) logerr ("setuid: %%m"); #endif /* CMUCS */ diff --git a/usr.bin/systat/main.c b/usr.bin/systat/main.c index cfe05ccdcd9..d35d48690b0 100644 --- a/usr.bin/systat/main.c +++ b/usr.bin/systat/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.7 1996/08/08 10:41:01 niklas Exp $ */ +/* $OpenBSD: main.c,v 1.8 1996/12/22 03:26:07 tholo Exp $ */ /* $NetBSD: main.c,v 1.8 1996/05/10 23:16:36 thorpej Exp $ */ /*- @@ -44,7 +44,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)main.c 8.1 (Berkeley) 6/6/93"; #endif -static char rcsid[] = "$OpenBSD: main.c,v 1.7 1996/08/08 10:41:01 niklas Exp $"; +static char rcsid[] = "$OpenBSD: main.c,v 1.8 1996/12/22 03:26:07 tholo Exp $"; #endif /* not lint */ #include @@ -119,8 +119,10 @@ main(argc, argv) * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ - if (nlistf != NULL || memf != NULL) + if (nlistf != NULL || memf != NULL) { + setegid(getgid()); setgid(getgid()); + } while (argc > 0) { if (isdigit(argv[0][0])) { diff --git a/usr.bin/telnet/commands.c b/usr.bin/telnet/commands.c index cd2ae9266f2..a7de6983550 100644 --- a/usr.bin/telnet/commands.c +++ b/usr.bin/telnet/commands.c @@ -1,4 +1,4 @@ -/* $OpenBSD: commands.c,v 1.8 1996/12/06 15:21:53 robin Exp $ */ +/* $OpenBSD: commands.c,v 1.9 1996/12/22 03:26:08 tholo Exp $ */ /* $NetBSD: commands.c,v 1.14 1996/03/24 22:03:48 jtk Exp $ */ /* @@ -39,7 +39,7 @@ static char sccsid[] = "@(#)commands.c 8.4 (Berkeley) 5/30/95"; static char rcsid[] = "$NetBSD: commands.c,v 1.14 1996/03/24 22:03:48 jtk Exp $"; #else -static char rcsid[] = "$OpenBSD: commands.c,v 1.8 1996/12/06 15:21:53 robin Exp $"; +static char rcsid[] = "$OpenBSD: commands.c,v 1.9 1996/12/22 03:26:08 tholo Exp $"; #endif #endif /* not lint */ @@ -2144,6 +2144,7 @@ tn(argc, argv) if (connected) { printf("?Already connected to %s\n", hostname); + seteuid(getuid()); setuid(getuid()); return 0; } @@ -2193,6 +2194,7 @@ tn(argc, argv) } usage: printf("usage: %s [-l user] [-a] host-name [port]\n", cmd); + seteuid(getuid()); setuid(getuid()); return 0; } @@ -2208,10 +2210,12 @@ tn(argc, argv) temp = sourceroute(hostp, &srp, &srlen); if (temp == 0) { herror(srp); + seteuid(getuid()); setuid(getuid()); return 0; } else if (temp == -1) { printf("Bad source route option: %s\n", hostp); + seteuid(getuid()); setuid(getuid()); return 0; } else { @@ -2245,6 +2249,7 @@ tn(argc, argv) hostname = _hostname; } else { herror(hostp); + seteuid(getuid()); setuid(getuid()); return 0; } @@ -2265,6 +2270,7 @@ tn(argc, argv) sin.sin_port = sp->s_port; else { printf("%s: bad port number\n", portp); + seteuid(getuid()); setuid(getuid()); return 0; } @@ -2279,6 +2285,7 @@ tn(argc, argv) sp = getservbyname("telnet", "tcp"); if (sp == 0) { fprintf(stderr, "telnet: tcp/telnet: unknown service\n"); + seteuid(getuid()); setuid(getuid()); return 0; } @@ -2289,6 +2296,7 @@ tn(argc, argv) printf("Trying %s...\n", inet_ntoa(sin.sin_addr)); do { net = socket(AF_INET, SOCK_STREAM, 0); + seteuid(getuid()); setuid(getuid()); if (net < 0) { perror("telnet: socket"); diff --git a/usr.bin/vmstat/vmstat.c b/usr.bin/vmstat/vmstat.c index c90f47a17a7..fa310cd57e2 100644 --- a/usr.bin/vmstat/vmstat.c +++ b/usr.bin/vmstat/vmstat.c @@ -1,5 +1,5 @@ /* $NetBSD: vmstat.c,v 1.29.4.1 1996/06/05 00:21:05 cgd Exp $ */ -/* $OpenBSD: vmstat.c,v 1.14 1996/12/04 10:04:44 deraadt Exp $ */ +/* $OpenBSD: vmstat.c,v 1.15 1996/12/22 03:26:09 tholo Exp $ */ /* * Copyright (c) 1980, 1986, 1991, 1993 @@ -235,8 +235,10 @@ main(argc, argv) * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ - if (nlistf != NULL || memf != NULL) + if (nlistf != NULL || memf != NULL) { + setegid(getgid()); setgid(getgid()); + } kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf); if (kd == 0) { diff --git a/usr.bin/w/w.c b/usr.bin/w/w.c index 01b7c5a1b10..57cc2d69390 100644 --- a/usr.bin/w/w.c +++ b/usr.bin/w/w.c @@ -1,4 +1,4 @@ -/* $OpenBSD: w.c,v 1.10 1996/08/22 09:37:19 deraadt Exp $ */ +/* $OpenBSD: w.c,v 1.11 1996/12/22 03:26:10 tholo Exp $ */ /*- * Copyright (c) 1980, 1991, 1993, 1994 @@ -173,8 +173,10 @@ main(argc, argv) * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ - if (nlistf != NULL || memf != NULL) + if (nlistf != NULL || memf != NULL) { + setegid(getgid()); setgid(getgid()); + } if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf)) == NULL) errx(1, "%s", errbuf);