Check the return error of set[e][ug]id. While this can never fail in the
current version of FreeBSD, this isn't guarenteed by the API. Custom security modules, or future implementations of the setuid and setgid may fail. Submitted by: Erik Cederstrand Approved by: cperciva MFC after: 3 days
This commit is contained in:
parent
c969ca9408
commit
50e04779c4
@ -371,7 +371,10 @@ main(int argc, char *argv[])
|
||||
}
|
||||
chdir("/");
|
||||
setgroups(1, &nobody->pw_gid);
|
||||
setuid(nobody->pw_uid);
|
||||
if (setuid(nobody->pw_uid) != 0) {
|
||||
tftp_log(LOG_ERR, "setuid failed");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
len = sizeof(me_sock);
|
||||
|
@ -288,13 +288,16 @@ do_all(int action)
|
||||
|
||||
rval = 0;
|
||||
egid = getegid();
|
||||
setegid(getgid());
|
||||
if (setegid(getgid()) != 0)
|
||||
err(1, "setegid failed");
|
||||
if ((f = fopen(ccdconf, "r")) == NULL) {
|
||||
setegid(egid);
|
||||
if (setegid(egid) != 0)
|
||||
err(1, "setegid failed");
|
||||
warn("fopen: %s", ccdconf);
|
||||
return (1);
|
||||
}
|
||||
setegid(egid);
|
||||
if (setegid(egid) != 0)
|
||||
err(1, "setegid failed");
|
||||
|
||||
while (fgets(line, sizeof(line), f) != NULL) {
|
||||
argc = 0;
|
||||
|
@ -164,7 +164,11 @@ setinput(char *source, int ispipecommand)
|
||||
}
|
||||
pipein++;
|
||||
}
|
||||
setuid(getuid()); /* no longer need or want root privileges */
|
||||
/* no longer need or want root privileges */
|
||||
if (setuid(getuid()) != 0) {
|
||||
fprintf(stderr, "setuid failed\n");
|
||||
done(1);
|
||||
}
|
||||
magtape = strdup(source);
|
||||
if (magtape == NULL) {
|
||||
fprintf(stderr, "Cannot allocate space for magtape buffer\n");
|
||||
|
@ -129,7 +129,9 @@ main(int argc, char **argv)
|
||||
}
|
||||
timeout.tv_sec = sectimeout * 60;
|
||||
|
||||
setuid(getuid()); /* discard privs */
|
||||
/* discard privs */
|
||||
if (setuid(getuid()) != 0)
|
||||
errx(1, "setuid failed");
|
||||
|
||||
if (tcgetattr(0, &tty)) /* get information for header */
|
||||
exit(1);
|
||||
|
@ -175,7 +175,8 @@ main(int argc, char *argv[])
|
||||
setlocale(LC_ALL, "");
|
||||
|
||||
time(&t);
|
||||
setuid(uid = getuid());
|
||||
if (setuid(uid = getuid()) != 0)
|
||||
err(1, "setuid failed");
|
||||
ruptible = (signal(SIGINT, SIG_IGN) == SIG_DFL);
|
||||
if (ruptible)
|
||||
signal(SIGINT, SIG_DFL);
|
||||
|
@ -240,7 +240,8 @@ makemsg(char *fname)
|
||||
setegid(getgid());
|
||||
if (freopen(fname, "r", stdin) == NULL)
|
||||
err(1, "can't read %s", fname);
|
||||
setegid(egid);
|
||||
if (setegid(egid) != 0)
|
||||
err(1, "setegid failed");
|
||||
}
|
||||
cnt = 0;
|
||||
while (fgetws(lbuf, sizeof(lbuf)/sizeof(wchar_t), stdin)) {
|
||||
|
@ -453,8 +453,10 @@ editit(char *tmpf)
|
||||
const char *ed;
|
||||
|
||||
sigsetmask(omask);
|
||||
setgid(getgid());
|
||||
setuid(getuid());
|
||||
if (setgid(getgid()) != 0)
|
||||
err(1, "setgid failed");
|
||||
if (setuid(getuid()) != 0)
|
||||
err(1, "setuid failed");
|
||||
if ((ed = getenv("EDITOR")) == (char *)0)
|
||||
ed = _PATH_VI;
|
||||
execlp(ed, ed, tmpf, (char *)0);
|
||||
|
@ -90,7 +90,9 @@ main(int argc, char **argv)
|
||||
struct kvmvars kvmvars;
|
||||
char *system, *kmemf;
|
||||
|
||||
seteuid(getuid());
|
||||
if (seteuid(getuid()) != 0) {
|
||||
err(1, "seteuid failed\n");
|
||||
}
|
||||
kmemf = NULL;
|
||||
system = NULL;
|
||||
while ((ch = getopt(argc, argv, "M:N:Bbhpr")) != -1) {
|
||||
|
Loading…
Reference in New Issue
Block a user