1
0
mirror of https://github.com/openbsd/src.git synced 2024-12-22 16:42:56 -08:00

setres[ug]id; ok deraadt@

This commit is contained in:
djm 2005-05-03 05:44:35 +00:00
parent 930f5d47b1
commit 52da46bb78
6 changed files with 28 additions and 41 deletions

View File

@ -1,4 +1,4 @@
/* $OpenBSD: http_main.c,v 1.38 2005/02/09 12:13:09 henning Exp $ */
/* $OpenBSD: http_main.c,v 1.39 2005/05/03 05:44:35 djm Exp $ */
/* ====================================================================
* The Apache Software License, Version 1.1
@ -2947,8 +2947,8 @@ static void standalone_main(int argc, char **argv)
is_chrooted = 1;
setproctitle("parent [chroot %s]", ap_server_root);
if (setegid(ap_group_id) || setgid(ap_group_id) ||
seteuid(ap_user_id) || setuid(ap_user_id)) {
if (setresgid(ap_group_id, ap_group_id, ap_group_id) != 0 ||
setresuid(ap_user_id, ap_user_id, ap_user_id) != 0) {
ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
"can't drop priviliges!");
exit(1);

View File

@ -1,4 +1,4 @@
/* $OpenBSD: ntp.c,v 1.57 2005/04/18 14:12:50 henning Exp $ */
/* $OpenBSD: ntp.c,v 1.58 2005/05/03 05:44:35 djm Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -118,8 +118,8 @@ ntp_main(int pipe_prnt[2], struct ntpd_conf *nconf)
setup_listeners(se, conf, &listener_cnt);
if (setgroups(1, &pw->pw_gid) ||
setegid(pw->pw_gid) || setgid(pw->pw_gid) ||
seteuid(pw->pw_uid) || setuid(pw->pw_uid))
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
fatal("can't drop privileges");
endpwent();

View File

@ -1,4 +1,4 @@
/* $OpenBSD: pop_root.c,v 1.4 2005/01/18 19:13:27 otto Exp $ */
/* $OpenBSD: pop_root.c,v 1.5 2005/05/03 05:44:35 djm Exp $ */
/*
* Main daemon code: invokes the actual POP handling routines. Most calls
@ -57,11 +57,12 @@ static int set_user(struct passwd *pw)
if (!pw->pw_uid) return 1;
groups[0] = groups[1] = pw->pw_gid;
if (setgroups(1, groups)) return log_error("setgroups");
if (setegid(pw->pw_gid)) return log_error("setegid");
if (setgid(pw->pw_gid)) return log_error("setgid");
if (seteuid(pw->pw_uid)) return log_error("seteuid");
if (setuid(pw->pw_uid)) return log_error("setuid");
if (setgroups(1, groups))
return log_error("setgroups");
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid))
return log_error("setresgid");
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
return log_error("setresuid");
return 0;
}

View File

@ -1,4 +1,4 @@
/* $OpenBSD: pppoe.c,v 1.15 2004/09/20 17:51:07 miod Exp $ */
/* $OpenBSD: pppoe.c,v 1.16 2005/05/03 05:44:35 djm Exp $ */
/*
* Copyright (c) 2000 Network Security Technologies, Inc. http://www.netsec.net
@ -521,18 +521,10 @@ drop_privs(struct passwd *pw, int server_mode)
if (setgroups(ng, groups))
err(EX_OSERR, "setgroups");
if (setegid(pw->pw_gid))
err(EX_OSERR, "setegid");
if (setgid(pw->pw_gid))
err(EX_OSERR, "setgid");
if (seteuid(pw->pw_uid))
err(EX_OSERR, "seteuid");
if (setuid(pw->pw_uid))
err(EX_OSERR, "setuid");
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid))
err(EX_OSERR, "setresgid");
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
err(EX_OSERR, "setresuid");
endpwent();
}

View File

@ -1,4 +1,4 @@
/* $OpenBSD: sasyncd.c,v 1.4 2005/04/03 12:24:59 ho Exp $ */
/* $OpenBSD: sasyncd.c,v 1.5 2005/05/03 05:44:35 djm Exp $ */
/*
* Copyright (c) 2005 Håkan Olsson. All rights reserved.
@ -59,8 +59,9 @@ privdrop(void)
exit(1);
}
if (setgroups(1, &pw->pw_gid) || setegid(pw->pw_gid) ||
setgid(pw->pw_gid) || seteuid(pw->pw_uid) || setuid(pw->pw_uid)) {
if (setgroups(1, &pw->pw_gid) ||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
log_err("%s: failed to drop privileges", __progname);
exit(1);
}

View File

@ -1,4 +1,4 @@
/* $OpenBSD: privsep.c,v 1.23 2004/09/14 23:41:29 deraadt Exp $ */
/* $OpenBSD: privsep.c,v 1.24 2005/05/03 05:44:35 djm Exp $ */
/*
* Copyright (c) 2003 Anil Madhavapeddy <anil@recoil.org>
@ -123,25 +123,18 @@ priv_init(char *conf, int numeric, int lockfd, int nullfd, char *argv[])
err(1, "fork() failed");
if (!child_pid) {
gid_t gidset[1];
/* Child - drop privileges and return */
if (chroot(pw->pw_dir) != 0)
err(1, "unable to chroot");
if (chdir("/") != 0)
err(1, "unable to chdir");
gidset[0] = pw->pw_gid;
if (setgroups(1, gidset) == -1)
if (setgroups(1, &pw->pw_gid) == -1)
err(1, "setgroups() failed");
if (setegid(pw->pw_gid) == -1)
err(1, "setegid() failed");
if (setgid(pw->pw_gid) == -1)
err(1, "setgid() failed");
if (seteuid(pw->pw_uid) == -1)
err(1, "seteuid() failed");
if (setuid(pw->pw_uid) == -1)
err(1, "setuid() failed");
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1)
err(1, "setresgid() failed");
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
err(1, "setresuid() failed");
close(socks[0]);
priv_fd = socks[1];
return 0;