From c34231cb2bc4111e46693ccc65c3a1051916586e Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Sun, 22 Dec 1996 03:28:56 +0000
Subject: [PATCH] Deal with _POSIX_SAVED_IDS when relinquishing privileges

---
 usr.sbin/iostat/iostat.c         | 6 ++++--
 usr.sbin/pppd/main.c             | 7 +++++--
 usr.sbin/pstat/pstat.c           | 8 +++++---
 usr.sbin/slstats/slstats.c       | 8 +++++---
 usr.sbin/timed/timedc/timedc.c   | 5 ++++-
 usr.sbin/traceroute/traceroute.c | 3 +++
 usr.sbin/trpt/trpt.c             | 6 ++++--
 usr.sbin/trsp/trsp.c             | 7 +++++--
 8 files changed, 35 insertions(+), 15 deletions(-)

diff --git a/usr.sbin/iostat/iostat.c b/usr.sbin/iostat/iostat.c
index a591e568729..f038f6e113a 100644
--- a/usr.sbin/iostat/iostat.c
+++ b/usr.sbin/iostat/iostat.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: iostat.c,v 1.5 1996/11/02 00:35:50 millert Exp $	*/
+/*	$OpenBSD: iostat.c,v 1.6 1996/12/22 03:28:56 deraadt Exp $	*/
 /*	$NetBSD: iostat.c,v 1.10 1996/10/25 18:21:58 scottr Exp $	*/
 
 /*
@@ -176,8 +176,10 @@ main(argc, argv)
 	 * Discard setgid privileges if not the running kernel so that bad
 	 * guys can't print interesting stuff from kernel memory.
 	 */
-	if (nlistf != NULL || memf != NULL)
+	if (nlistf != NULL || memf != NULL) {
+		setegid(getgid());
 		setgid(getgid());
+	}
 
 	dkinit(0);
 	dkreadstats();
diff --git a/usr.sbin/pppd/main.c b/usr.sbin/pppd/main.c
index 5ff49361733..374bad88bf7 100644
--- a/usr.sbin/pppd/main.c
+++ b/usr.sbin/pppd/main.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.11 1996/08/20 04:48:27 deraadt Exp $	*/
+/*	$OpenBSD: main.c,v 1.12 1996/12/22 03:29:01 deraadt Exp $	*/
 
 /*
  * main.c - Point-to-Point Protocol main module
@@ -20,7 +20,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$OpenBSD: main.c,v 1.11 1996/08/20 04:48:27 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: main.c,v 1.12 1996/12/22 03:29:01 deraadt Exp $";
 #endif
 
 #include <stdio.h>
@@ -1010,7 +1010,10 @@ device_script(program, in, out)
                 close(errfd);
             }
         }
+	/* revoke privs */
+	seteuid(getuid());
 	setuid(getuid());
+	setegid(getgid());
 	setgid(getgid());
 	execl("/bin/sh", "sh", "-c", program, (char *)0);
 	syslog(LOG_ERR, "could not exec /bin/sh: %m");
diff --git a/usr.sbin/pstat/pstat.c b/usr.sbin/pstat/pstat.c
index e1910895f99..8dd039749da 100644
--- a/usr.sbin/pstat/pstat.c
+++ b/usr.sbin/pstat/pstat.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pstat.c,v 1.6 1996/11/24 23:42:11 millert Exp $	*/
+/*	$OpenBSD: pstat.c,v 1.7 1996/12/22 03:29:03 deraadt Exp $	*/
 /*	$NetBSD: pstat.c,v 1.27 1996/10/23 22:50:06 cgd Exp $	*/
 
 /*-
@@ -44,7 +44,7 @@ static char copyright[] =
 #if 0
 from: static char sccsid[] = "@(#)pstat.c	8.9 (Berkeley) 2/16/94";
 #else
-static char *rcsid = "$OpenBSD: pstat.c,v 1.6 1996/11/24 23:42:11 millert Exp $";
+static char *rcsid = "$OpenBSD: pstat.c,v 1.7 1996/12/22 03:29:03 deraadt Exp $";
 #endif
 #endif /* not lint */
 
@@ -208,8 +208,10 @@ main(argc, argv)
 	 * Discard setgid privileges if not the running kernel so that bad
 	 * guys can't print interesting stuff from kernel memory.
 	 */
-	if (nlistf != NULL || memf != NULL)
+	if (nlistf != NULL || memf != NULL) {
+		(void)setegid(getgid());
 		(void)setgid(getgid());
+	}
 
 	if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == 0)
 		errx(1, "kvm_openfiles: %s", buf);
diff --git a/usr.sbin/slstats/slstats.c b/usr.sbin/slstats/slstats.c
index 31066f64c07..a55640cbda8 100644
--- a/usr.sbin/slstats/slstats.c
+++ b/usr.sbin/slstats/slstats.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: slstats.c,v 1.6 1996/12/10 15:14:33 deraadt Exp $	*/
+/*	$OpenBSD: slstats.c,v 1.7 1996/12/22 03:29:06 deraadt Exp $	*/
 /*	$NetBSD: slstats.c,v 1.6.6.1 1996/06/07 01:42:30 thorpej Exp $	*/
 
 /*
@@ -25,7 +25,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$OpenBSD: slstats.c,v 1.6 1996/12/10 15:14:33 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: slstats.c,v 1.7 1996/12/22 03:29:06 deraadt Exp $";
 #endif
 
 #define INET
@@ -133,8 +133,10 @@ main(argc, argv)
 	 * Discard setgid privileges if not the running kernel so that bad
 	 * guys can't print interesting stuff from kernel memory.
 	 */
-	if (kmemf != NULL || kernel != NULL)
+	if (kmemf != NULL || kernel != NULL) {
+		setegid(getgid());
 		setgid(getgid());
+	}
 
 	memset(errbuf, 0, sizeof(errbuf));
 	if ((kd = kvm_openfiles(kernel, kmemf, NULL, O_RDONLY, errbuf)) == NULL)
diff --git a/usr.sbin/timed/timedc/timedc.c b/usr.sbin/timed/timedc/timedc.c
index 5faf6c2a66f..9c5d0d573a1 100644
--- a/usr.sbin/timed/timedc/timedc.c
+++ b/usr.sbin/timed/timedc/timedc.c
@@ -42,7 +42,7 @@ static char sccsid[] = "@(#)timedc.c	5.1 (Berkeley) 5/11/93";
 #endif /* not lint */
 
 #ifdef sgi
-#ident "$Revision: 1.1.1.1 $"
+#ident "$Revision: 1.2 $"
 #endif
 
 #include "timedc.h"
@@ -77,6 +77,9 @@ main(int argc, char *argv[])
 		fprintf(stderr, "Could not get privileged resources\n");
 		exit(1);
 	}
+	/* revoke privs */
+
+	(void) seteuid(getuid());
 	(void) setuid(getuid());
 
 	if (--argc > 0) {
diff --git a/usr.sbin/traceroute/traceroute.c b/usr.sbin/traceroute/traceroute.c
index ecf84ceb187..b52183a7cc7 100644
--- a/usr.sbin/traceroute/traceroute.c
+++ b/usr.sbin/traceroute/traceroute.c
@@ -312,6 +312,9 @@ main(argc, argv)
 		err(5, "icmp socket");
 	if ((sndsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
 		err(5, "raw socket");
+
+	/* revoke privs */
+	seteuid(getuid());
 	setuid(getuid());
 
 	lsrr = 0;
diff --git a/usr.sbin/trpt/trpt.c b/usr.sbin/trpt/trpt.c
index 7f5769884cf..3bab7298bd0 100644
--- a/usr.sbin/trpt/trpt.c
+++ b/usr.sbin/trpt/trpt.c
@@ -39,7 +39,7 @@ char copyright[] =
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)trpt.c	5.14 (Berkeley) 7/1/91";*/
-static char rcsid[] = "$Id: trpt.c,v 1.3 1996/06/03 18:06:18 deraadt Exp $";
+static char rcsid[] = "$Id: trpt.c,v 1.4 1996/12/22 03:29:10 deraadt Exp $";
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -167,8 +167,10 @@ main(argc, argv)
 	 * Discard setgid priviledges if not the running kernel so that bad
 	 * guys can't print interesting stuff from kernel memory.
 	 */
-	if (!strcmp(core, _PATH_KMEM) || !strcmp(system, _PATH_UNIX))
+	if (!strcmp(core, _PATH_KMEM) || !strcmp(system, _PATH_UNIX)) {
+		setegid(getgid());
 		setgid(getgid());
+	}
 
 	if (nlist(system, nl) < 0 || !nl[0].n_value) {
 		fprintf(stderr, "trpt: %s: no namelist\n", system);
diff --git a/usr.sbin/trsp/trsp.c b/usr.sbin/trsp/trsp.c
index 566a4ad31c1..ff161d40add 100644
--- a/usr.sbin/trsp/trsp.c
+++ b/usr.sbin/trsp/trsp.c
@@ -39,7 +39,7 @@ char copyright[] =
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)trsp.c	6.8 (Berkeley) 3/2/91";*/
-static char rcsid[] = "$Id: trsp.c,v 1.3 1996/06/03 18:06:23 deraadt Exp $";
+static char rcsid[] = "$Id: trsp.c,v 1.4 1996/12/22 03:29:12 deraadt Exp $";
 #endif /* not lint */
 
 #include <sys/cdefs.h>
@@ -149,8 +149,11 @@ again:
 	 * Discard setgid privileges if not the running kernel so that bad
 	 * guys can't print interesting stuff from kernel memory.
 	 */
-	if (!strcmp(system, _PATH_UNIX) || !strcmp(core, _PATH_KMEM))
+	if (!strcmp(system, _PATH_UNIX) || !strcmp(core, _PATH_KMEM)) {
+		setegid(getgid());
 		setgid(getgid());
+	}
+
 	(void) nlist(system, nl);
 	if (nl[0].n_value == 0) {
 		fprintf(stderr, "trsp: %s: no namelist\n", system);
-- 
2.20.1