svn commit: r211393 - head/lib/libutil
Dag-Erling Smørgrav
des at des.no
Mon Aug 16 11:48:06 UTC 2010
Dag-Erling Smørgrav <des at des.no> writes:
> Note that this commit semi-intentionally introduces another bug: in some
> cases, the user's limits will not be applied at all. This is by far the
> lesser of two evils, and is easy (albeit time-consuming) to fix.
Specifically, each of the files listed below needs to be audited. Those
that already call setusercontext() with the LOGIN_SETUSER flag set are
fine. Those that don't need to do so either instead of or shortly after
calling setuid().
contrib/lukemftpd/src/ftpd.c: setusercontext(NULL, getpwuid(0), 0,
contrib/lukemftpd/src/ftpd.c- LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK|LOGIN_SETMAC);
contrib/lukemftpd/src/ftpd.c-#endif
--
contrib/lukemftpd/src/ftpd.c: setusercontext(lc, pw, 0,
contrib/lukemftpd/src/ftpd.c- LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY|
contrib/lukemftpd/src/ftpd.c- LOGIN_SETRESOURCES|LOGIN_SETUMASK|LOGIN_SETMAC);
--
contrib/sendmail/src/deliver.c: setusercontext(NULL, pwd, pwd->pw_uid,
contrib/sendmail/src/deliver.c- sucflags) == -1 &&
contrib/sendmail/src/deliver.c- suidwarn)
--
contrib/sendmail/src/deliver.c: syserr("openmailer: setusercontext() failed");
contrib/sendmail/src/deliver.c- exit(EX_TEMPFAIL);
contrib/sendmail/src/deliver.c- }
--
crypto/openssh/openbsd-compat/port-irix.c:irix_setusercontext(struct passwd *pw)
crypto/openssh/openbsd-compat/port-irix.c-{
crypto/openssh/openbsd-compat/port-irix.c-#ifdef WITH_IRIX_PROJECT
--
crypto/openssh/session.c: (void) setusercontext(lc, pw, pw->pw_uid,
crypto/openssh/session.c- LOGIN_SETENV|LOGIN_SETPATH);
crypto/openssh/session.c- copy_environment(environ, &env, &envsize);
--
crypto/openssh/session.c:do_setusercontext(struct passwd *pw)
crypto/openssh/session.c-{
crypto/openssh/session.c- char *chroot_path, *tmp;
--
crypto/openssh/session.c: if (setusercontext(lc, pw, pw->pw_uid,
crypto/openssh/session.c- (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
crypto/openssh/session.c- perror("unable to set user context");
--
crypto/openssh/session.c: irix_setusercontext(pw);
crypto/openssh/session.c-# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
crypto/openssh/session.c-# ifdef _AIX
--
crypto/openssh/session.c: if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
crypto/openssh/session.c- perror("unable to set user context (setuser)");
crypto/openssh/session.c- exit(1);
--
crypto/openssh/session.c: do_setusercontext(pw);
crypto/openssh/session.c- child_close_fds();
crypto/openssh/session.c- do_pwchange(s);
--
crypto/openssh/session.c: do_setusercontext(pw);
crypto/openssh/session.c- /*
crypto/openssh/session.c: * PAM session modules in do_setusercontext may have
crypto/openssh/session.c- * generated messages, so if this in an interactive
crypto/openssh/session.c- * login then display them too.
--
crypto/openssh/sshd.c: do_setusercontext(privsep_pw);
crypto/openssh/sshd.c-#else
crypto/openssh/sshd.c- gidset[0] = privsep_pw->pw_gid;
--
crypto/openssh/sshd.c: do_setusercontext(authctxt->pw);
crypto/openssh/sshd.c-
crypto/openssh/sshd.c- skip:
--
libexec/atrun/atrun.c: if (setusercontext(NULL, pentry, uid, LOGIN_SETALL &
libexec/atrun/atrun.c- ~(LOGIN_SETPRIORITY | LOGIN_SETPATH | LOGIN_SETENV)) != 0)
libexec/atrun/atrun.c: exit(EXIT_FAILURE); /* setusercontext() logged the error */
libexec/atrun/atrun.c-#else /* LOGIN_CAP */
libexec/atrun/atrun.c- if (initgroups(pentry->pw_name,pentry->pw_gid))
--
libexec/atrun/atrun.c: if (setusercontext(NULL, pentry, uid, LOGIN_SETALL) != 0)
libexec/atrun/atrun.c: exit(EXIT_FAILURE); /* setusercontext() logged the error */
libexec/atrun/atrun.c-#else /* LOGIN_CAP */
libexec/atrun/atrun.c- if (initgroups(pentry->pw_name,pentry->pw_gid))
--
libexec/ftpd/ftpd.c: setusercontext(NULL, getpwuid(0), 0,
libexec/ftpd/ftpd.c- LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK|
libexec/ftpd/ftpd.c- LOGIN_SETMAC);
--
libexec/ftpd/ftpd.c: setusercontext(lc, pw, 0,
libexec/ftpd/ftpd.c- LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY|
libexec/ftpd/ftpd.c- LOGIN_SETRESOURCES|LOGIN_SETUMASK|LOGIN_SETMAC);
--
libexec/rshd/rshd.c: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROUP) != 0) {
libexec/rshd/rshd.c: syslog(LOG_ERR, "setusercontext: %m");
libexec/rshd/rshd.c- exit(1);
libexec/rshd/rshd.c- }
--
libexec/rshd/rshd.c: if (setusercontext(lc, pwd, pwd->pw_uid,
libexec/rshd/rshd.c- LOGIN_SETALL & ~LOGIN_SETGROUP) < 0) {
libexec/rshd/rshd.c: syslog(LOG_ERR, "setusercontext(): %m");
libexec/rshd/rshd.c- exit(1);
libexec/rshd/rshd.c- }
--
release/picobsd/tinyware/login/pico-login.c: * We need to do this before setusercontext() because that may
release/picobsd/tinyware/login/pico-login.c- * set or reset some environment variables.
release/picobsd/tinyware/login/pico-login.c- */
--
release/picobsd/tinyware/login/pico-login.c: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROUP) != 0) {
release/picobsd/tinyware/login/pico-login.c: syslog(LOG_ERR, "setusercontext() failed - exiting");
release/picobsd/tinyware/login/pico-login.c- exit(1);
release/picobsd/tinyware/login/pico-login.c- }
--
release/picobsd/tinyware/login/pico-login.c: if (setusercontext(lc, pwd, pwd->pw_uid,
release/picobsd/tinyware/login/pico-login.c- LOGIN_SETALL & ~(LOGIN_SETLOGIN|LOGIN_SETGROUP)) != 0) {
release/picobsd/tinyware/login/pico-login.c: syslog(LOG_ERR, "setusercontext() failed - exiting");
release/picobsd/tinyware/login/pico-login.c- exit(1);
release/picobsd/tinyware/login/pico-login.c- }
--
sbin/init/init.c: setusercontext(lc, (struct passwd*)NULL, 0,
sbin/init/init.c- LOGIN_SETPRIORITY | LOGIN_SETRESOURCES);
sbin/init/init.c- login_close(lc);
--
usr.bin/login/login.c: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROUP) != 0) {
usr.bin/login/login.c: syslog(LOG_ERR, "setusercontext() failed - exiting");
usr.bin/login/login.c- bail(NO_SLEEP_EXIT, 1);
usr.bin/login/login.c- }
--
usr.bin/login/login.c: if (setusercontext(lc, pwd, pwd->pw_uid,
usr.bin/login/login.c- LOGIN_SETALL & ~(LOGIN_SETLOGIN|LOGIN_SETGROUP)) != 0) {
usr.bin/login/login.c: syslog(LOG_ERR, "setusercontext() failed - exiting");
usr.bin/login/login.c- exit(1);
usr.bin/login/login.c- }
--
usr.bin/newgrp/newgrp.c: setusercontext(lc, pwd, pwd->pw_uid,
usr.bin/newgrp/newgrp.c- LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV);
usr.bin/newgrp/newgrp.c- login_close(lc);
--
usr.bin/su/su.c: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROUP) < 0)
usr.bin/su/su.c: err(1, "setusercontext");
usr.bin/su/su.c-
usr.bin/su/su.c- retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
--
usr.bin/su/su.c: if (setusercontext(lc, pwd, pwd->pw_uid, setwhat) < 0)
usr.bin/su/su.c: err(1, "setusercontext");
usr.bin/su/su.c-
usr.bin/su/su.c- if (!asme) {
--
usr.bin/su/su.c: setusercontext(lc, pwd, pwd->pw_uid,
usr.bin/su/su.c- LOGIN_SETPATH | LOGIN_SETUMASK |
usr.bin/su/su.c- LOGIN_SETENV);
--
usr.sbin/cron/cron/do_command.c: setusercontext(lc, pwd, e->uid,
usr.sbin/cron/cron/do_command.c- LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETENV)) == 0)
usr.sbin/cron/cron/do_command.c- (void) endpwent();
--
usr.sbin/cron/cron/popen.c: setusercontext(lc, pwd, e->uid,
usr.sbin/cron/cron/popen.c- LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETENV)) == 0)
usr.sbin/cron/cron/popen.c- (void) endpwent();
--
usr.sbin/daemon/daemon.c: if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0)
usr.sbin/daemon/daemon.c- errx(1, "failed to set user environment");
usr.sbin/daemon/daemon.c-}
--
usr.sbin/inetd/inetd.c: if (setusercontext(lc, pwd, pwd->pw_uid,
usr.sbin/inetd/inetd.c- LOGIN_SETALL & ~LOGIN_SETMAC)
usr.sbin/inetd/inetd.c- != 0) {
--
usr.sbin/inetd/inetd.c: "%s: can't setusercontext(..%s..): %m",
usr.sbin/inetd/inetd.c- sep->se_service, sep->se_user);
usr.sbin/inetd/inetd.c- _exit(EX_OSERR);
--
usr.sbin/jail/jail.c: if (setusercontext(lcap, pwd, pwd->pw_uid,
usr.sbin/jail/jail.c- LOGIN_SETALL & ~LOGIN_SETGROUP & ~LOGIN_SETLOGIN) != 0)
usr.sbin/jail/jail.c: err(1, "setusercontext");
usr.sbin/jail/jail.c- login_close(lcap);
usr.sbin/jail/jail.c- }
--
usr.sbin/jexec/jexec.c: if (setusercontext(lcap, pwd, pwd->pw_uid,
usr.sbin/jexec/jexec.c- LOGIN_SETALL & ~LOGIN_SETGROUP & ~LOGIN_SETLOGIN) != 0)
usr.sbin/jexec/jexec.c: err(1, "setusercontext");
usr.sbin/jexec/jexec.c- login_close(lcap);
usr.sbin/jexec/jexec.c- }
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the svn-src-all
mailing list