sh: Check setuid()/setgid() return values.
If the -p option is turned off, privileges from a setuid or setgid binary are dropped. Make sure to check if this succeeds. If it fails, this is an error which will cause the shell to abort except in interactive mode or if 'command' was used to make 'set' or an outer 'eval' or '.' non-special. Note that taking advantage of this feature and writing setuid shell scripts seems unwise. MFC after: 1 week
This commit is contained in:
parent
b7b23db5e2
commit
92a1de471c
@ -280,8 +280,10 @@ setoption(int flag, int val)
|
||||
int i;
|
||||
|
||||
if (flag == 'p' && !val && privileged) {
|
||||
(void) setuid(getuid());
|
||||
(void) setgid(getgid());
|
||||
if (setgid(getgid()) == -1)
|
||||
error("setgid");
|
||||
if (setuid(getuid()) == -1)
|
||||
error("setuid");
|
||||
}
|
||||
for (i = 0; i < NOPTS; i++)
|
||||
if (optlist[i].letter == flag) {
|
||||
|
Loading…
Reference in New Issue
Block a user