From 82ef064e9ce66baabab1fb04f788fbb8a942fb01 Mon Sep 17 00:00:00 2001 From: deraadt Date: Sun, 22 Dec 1996 03:00:47 +0000 Subject: [PATCH] Deal with _POSIX_SAVED_IDS when relinquishing privileges --- sbin/ccdconfig/ccdconfig.c | 6 ++++-- sbin/dmesg/dmesg.c | 8 +++++--- sbin/ping/ping.c | 5 +++-- sbin/route/route.c | 5 +++-- 4 files changed, 15 insertions(+), 9 deletions(-) diff --git a/sbin/ccdconfig/ccdconfig.c b/sbin/ccdconfig/ccdconfig.c index a1d4eca88fa..3e2964b615f 100644 --- a/sbin/ccdconfig/ccdconfig.c +++ b/sbin/ccdconfig/ccdconfig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ccdconfig.c,v 1.5 1996/05/30 09:11:20 deraadt Exp $ */ +/* $OpenBSD: ccdconfig.c,v 1.6 1996/12/22 03:00:47 deraadt Exp $ */ /* $NetBSD: ccdconfig.c,v 1.6 1996/05/16 07:11:18 thorpej Exp $ */ /*- @@ -168,8 +168,10 @@ main(argc, argv) * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ - if (core != NULL || kernel != NULL) + if (core != NULL || kernel != NULL) { + setegid(getgid()); setgid(getgid()); + } switch (action) { case CCD_CONFIG: diff --git a/sbin/dmesg/dmesg.c b/sbin/dmesg/dmesg.c index ad9e1385b67..1782a131b08 100644 --- a/sbin/dmesg/dmesg.c +++ b/sbin/dmesg/dmesg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dmesg.c,v 1.2 1996/06/23 14:30:08 deraadt Exp $ */ +/* $OpenBSD: dmesg.c,v 1.3 1996/12/22 03:00:49 deraadt Exp $ */ /* $NetBSD: dmesg.c,v 1.8 1995/03/18 14:54:49 cgd Exp $ */ /*- @@ -44,7 +44,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)dmesg.c 8.1 (Berkeley) 6/5/93"; #else -static char rcsid[] = "$OpenBSD: dmesg.c,v 1.2 1996/06/23 14:30:08 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: dmesg.c,v 1.3 1996/12/22 03:00:49 deraadt Exp $"; #endif #endif /* not lint */ @@ -105,8 +105,10 @@ main(argc, argv) * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ - if (memf != NULL || nlistf != NULL) + if (memf != NULL || nlistf != NULL) { + setegid(getgid()); setgid(getgid()); + } /* Read in kernel message buffer, do sanity checks. */ if ((kd = kvm_open(nlistf, memf, NULL, O_RDONLY, "dmesg")) == NULL) diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c index ea78678fc8d..c60f7b9c4f2 100644 --- a/sbin/ping/ping.c +++ b/sbin/ping/ping.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ping.c,v 1.11 1996/12/14 15:35:26 deraadt Exp $ */ +/* $OpenBSD: ping.c,v 1.12 1996/12/22 03:00:52 deraadt Exp $ */ /* $NetBSD: ping.c,v 1.20 1995/08/11 22:37:58 cgd Exp $ */ /* @@ -47,7 +47,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)ping.c 8.1 (Berkeley) 6/5/93"; #else -static char rcsid[] = "$OpenBSD: ping.c,v 1.11 1996/12/14 15:35:26 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: ping.c,v 1.12 1996/12/22 03:00:52 deraadt Exp $"; #endif #endif /* not lint */ @@ -199,6 +199,7 @@ main(argc, argv) err(1, "socket"); /* revoke privs */ + seteuid(getuid()); setuid(getuid()); preload = 0; diff --git a/sbin/route/route.c b/sbin/route/route.c index 918e80b962b..bf64254c18a 100644 --- a/sbin/route/route.c +++ b/sbin/route/route.c @@ -1,4 +1,4 @@ -/* $OpenBSD: route.c,v 1.15 1996/12/14 18:41:37 deraadt Exp $ */ +/* $OpenBSD: route.c,v 1.16 1996/12/22 03:00:53 deraadt Exp $ */ /* $NetBSD: route.c,v 1.16 1996/04/15 18:27:05 cgd Exp $ */ /* @@ -44,7 +44,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)route.c 8.3 (Berkeley) 3/19/94"; #else -static char rcsid[] = "$OpenBSD: route.c,v 1.15 1996/12/14 18:41:37 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: route.c,v 1.16 1996/12/22 03:00:53 deraadt Exp $"; #endif #endif /* not lint */ @@ -174,6 +174,7 @@ main(argc, argv) s = open("/dev/null", O_WRONLY, 0); else s = socket(PF_ROUTE, SOCK_RAW, 0); + seteuid(uid); setuid(uid); if (s < 0) quit("socket"); -- 2.20.1