mirror of
https://github.com/openbsd/src.git
synced 2024-12-22 16:42:56 -08:00
setres[ug]id; ok deraadt@
This commit is contained in:
parent
930f5d47b1
commit
52da46bb78
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: http_main.c,v 1.38 2005/02/09 12:13:09 henning Exp $ */
|
||||
/* $OpenBSD: http_main.c,v 1.39 2005/05/03 05:44:35 djm Exp $ */
|
||||
|
||||
/* ====================================================================
|
||||
* The Apache Software License, Version 1.1
|
||||
@ -2947,8 +2947,8 @@ static void standalone_main(int argc, char **argv)
|
||||
is_chrooted = 1;
|
||||
setproctitle("parent [chroot %s]", ap_server_root);
|
||||
|
||||
if (setegid(ap_group_id) || setgid(ap_group_id) ||
|
||||
seteuid(ap_user_id) || setuid(ap_user_id)) {
|
||||
if (setresgid(ap_group_id, ap_group_id, ap_group_id) != 0 ||
|
||||
setresuid(ap_user_id, ap_user_id, ap_user_id) != 0) {
|
||||
ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
|
||||
"can't drop priviliges!");
|
||||
exit(1);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ntp.c,v 1.57 2005/04/18 14:12:50 henning Exp $ */
|
||||
/* $OpenBSD: ntp.c,v 1.58 2005/05/03 05:44:35 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
|
||||
@ -118,8 +118,8 @@ ntp_main(int pipe_prnt[2], struct ntpd_conf *nconf)
|
||||
setup_listeners(se, conf, &listener_cnt);
|
||||
|
||||
if (setgroups(1, &pw->pw_gid) ||
|
||||
setegid(pw->pw_gid) || setgid(pw->pw_gid) ||
|
||||
seteuid(pw->pw_uid) || setuid(pw->pw_uid))
|
||||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
|
||||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
|
||||
fatal("can't drop privileges");
|
||||
|
||||
endpwent();
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: pop_root.c,v 1.4 2005/01/18 19:13:27 otto Exp $ */
|
||||
/* $OpenBSD: pop_root.c,v 1.5 2005/05/03 05:44:35 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Main daemon code: invokes the actual POP handling routines. Most calls
|
||||
@ -57,11 +57,12 @@ static int set_user(struct passwd *pw)
|
||||
if (!pw->pw_uid) return 1;
|
||||
|
||||
groups[0] = groups[1] = pw->pw_gid;
|
||||
if (setgroups(1, groups)) return log_error("setgroups");
|
||||
if (setegid(pw->pw_gid)) return log_error("setegid");
|
||||
if (setgid(pw->pw_gid)) return log_error("setgid");
|
||||
if (seteuid(pw->pw_uid)) return log_error("seteuid");
|
||||
if (setuid(pw->pw_uid)) return log_error("setuid");
|
||||
if (setgroups(1, groups))
|
||||
return log_error("setgroups");
|
||||
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid))
|
||||
return log_error("setresgid");
|
||||
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
|
||||
return log_error("setresuid");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: pppoe.c,v 1.15 2004/09/20 17:51:07 miod Exp $ */
|
||||
/* $OpenBSD: pppoe.c,v 1.16 2005/05/03 05:44:35 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Network Security Technologies, Inc. http://www.netsec.net
|
||||
@ -521,18 +521,10 @@ drop_privs(struct passwd *pw, int server_mode)
|
||||
|
||||
if (setgroups(ng, groups))
|
||||
err(EX_OSERR, "setgroups");
|
||||
|
||||
if (setegid(pw->pw_gid))
|
||||
err(EX_OSERR, "setegid");
|
||||
|
||||
if (setgid(pw->pw_gid))
|
||||
err(EX_OSERR, "setgid");
|
||||
|
||||
if (seteuid(pw->pw_uid))
|
||||
err(EX_OSERR, "seteuid");
|
||||
|
||||
if (setuid(pw->pw_uid))
|
||||
err(EX_OSERR, "setuid");
|
||||
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid))
|
||||
err(EX_OSERR, "setresgid");
|
||||
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
|
||||
err(EX_OSERR, "setresuid");
|
||||
|
||||
endpwent();
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sasyncd.c,v 1.4 2005/04/03 12:24:59 ho Exp $ */
|
||||
/* $OpenBSD: sasyncd.c,v 1.5 2005/05/03 05:44:35 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2005 Håkan Olsson. All rights reserved.
|
||||
@ -59,8 +59,9 @@ privdrop(void)
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (setgroups(1, &pw->pw_gid) || setegid(pw->pw_gid) ||
|
||||
setgid(pw->pw_gid) || seteuid(pw->pw_uid) || setuid(pw->pw_uid)) {
|
||||
if (setgroups(1, &pw->pw_gid) ||
|
||||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
|
||||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
|
||||
log_err("%s: failed to drop privileges", __progname);
|
||||
exit(1);
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: privsep.c,v 1.23 2004/09/14 23:41:29 deraadt Exp $ */
|
||||
/* $OpenBSD: privsep.c,v 1.24 2005/05/03 05:44:35 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Anil Madhavapeddy <anil@recoil.org>
|
||||
@ -123,25 +123,18 @@ priv_init(char *conf, int numeric, int lockfd, int nullfd, char *argv[])
|
||||
err(1, "fork() failed");
|
||||
|
||||
if (!child_pid) {
|
||||
gid_t gidset[1];
|
||||
|
||||
/* Child - drop privileges and return */
|
||||
if (chroot(pw->pw_dir) != 0)
|
||||
err(1, "unable to chroot");
|
||||
if (chdir("/") != 0)
|
||||
err(1, "unable to chdir");
|
||||
|
||||
gidset[0] = pw->pw_gid;
|
||||
if (setgroups(1, gidset) == -1)
|
||||
if (setgroups(1, &pw->pw_gid) == -1)
|
||||
err(1, "setgroups() failed");
|
||||
if (setegid(pw->pw_gid) == -1)
|
||||
err(1, "setegid() failed");
|
||||
if (setgid(pw->pw_gid) == -1)
|
||||
err(1, "setgid() failed");
|
||||
if (seteuid(pw->pw_uid) == -1)
|
||||
err(1, "seteuid() failed");
|
||||
if (setuid(pw->pw_uid) == -1)
|
||||
err(1, "setuid() failed");
|
||||
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1)
|
||||
err(1, "setresgid() failed");
|
||||
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
|
||||
err(1, "setresuid() failed");
|
||||
close(socks[0]);
|
||||
priv_fd = socks[1];
|
||||
return 0;
|
||||
|
Loading…
Reference in New Issue
Block a user