Commit Graph

13 Commits

Author SHA1 Message Date
Pietro Cerutti
b9e6237dab - Switch order of setting real uid and gid. If we set uid first, then we
don't have enough privileges to set gid.

  This looks like a long standing bug, just recently revealed by r241852.

Approved by:	cognet
2013-04-12 14:19:44 +00:00
Eitan Adler
1d1d4a4727 Check the return error of set[ug]id. While this can never fail in the
current version of FreeBSD, this isn't guarenteed by the API.  Custom
security modules, or future implementations of the setuid and setgid
may fail.

PR:		bin/172289
PR:		bin/172290
PR:		bin/172291
Submittud by:	Erik Cederstrand <erik@cederstrand.dk>
Discussed by:	freebsd-security
Approved by:	cperciva
MFC after:	1 week
2012-10-22 03:31:22 +00:00
Ed Schouten
bf70becee6 More -Wmissing-variable-declarations fixes.
In addition to adding `static' where possible:

- bin/date: Move `retval' into extern.h to make it visible to date.c.
- bin/ed: Move globally used variables into ed.h.
- sbin/camcontrol: Move `verbose' into camcontrol.h and fix shadow warnings.
- usr.bin/calendar: Remove unneeded variables.
- usr.bin/chat: Make `line' local instead of global.
- usr.bin/elfdump: Comment out unneeded function.
- usr.bin/rlogin: Use _Noreturn instead of __dead2.
- usr.bin/tset: Pull `Ospeed' into extern.h.
- usr.sbin/mfiutil: Put global variables in mfiutil.h.
- usr.sbin/pkg: Remove unused `os_corres'.
- usr.sbin/quotaon, usr.sbin/repquota: Remove unused `qfname'.
2012-10-19 14:49:42 +00:00
Ed Schouten
a35353de88 Partially revert r227233.
The privs.h header is not only used by at(1), it's also used by
atrun(8). Just let the code the way it used to be (for now).

Reported by:	kwm, tinderbox
Hat to:		me
2011-11-06 20:30:21 +00:00
Ed Schouten
f64efe8b60 Add missing static keywords to at(1).
While there, tidy up the privs.h part, where at.c has to #define to
declare some globals. Also group static and non-static global variables
in at.c.
2011-11-06 17:32:29 +00:00
Ruslan Ermilov
9dd887f1a6 SECURITY.
Fixed macros for temporarily relinquishing and restoring setuid/setgid
privileges so that they never change the real user and group IDs of
the calling process.

The setre[ug]id() calls are still used in the REDUCE_PERM macro (with
the r[ug]id arguments of -1) so that the call changes the saved user
and group IDs of the process to that specified.

Also, the panic() and perr() functions had insufficient privileges to
delete the problematic file under /var/at.
2001-09-04 16:15:51 +00:00
Philippe Charnier
81c8c7a454 Correct use of .Nm, .Em, .Ev
Add rcsid. Use errx instead of fprintf + exit.
Various spelling fixes.
1999-12-05 19:57:14 +00:00
Andrey A. Chernov
ddcf802236 Upgrade to 2.9 1995-08-21 12:34:18 +00:00
Rodney W. Grimes
7799f52a32 Remove trailing whitespace. 1995-05-30 06:41:30 +00:00
Andrey A. Chernov
b5c3f5e746 Remove setre* hacks, we have working thing now 1995-04-27 19:27:42 +00:00
Andrey A. Chernov
9cb939b4b4 Fight over non-working setruid 1995-04-15 22:08:10 +00:00
Andrey A. Chernov
b89321a57d Upgrade. 1995-04-12 02:42:39 +00:00
Nate Williams
d78e98d22e Added at/atrm/atq/batch from Linux as hacked by Chris Demetriou. 1994-01-05 01:09:14 +00:00