git: 91629228e3df - main - comsat: move uid/gid setting earlier
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 02 Dec 2024 19:57:26 UTC
The branch main has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=91629228e3df14997df12ffc6e7be6b9964e5463
commit 91629228e3df14997df12ffc6e7be6b9964e5463
Author: Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2024-12-01 20:43:10 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2024-12-02 19:57:13 +0000
comsat: move uid/gid setting earlier
It's good to reduce privilege as early as possible.
Suggested by: jlduran
Reviewed by: jlduran
Obtained from: NetBSD
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47869
---
libexec/comsat/comsat.c | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c
index e2aea1b709b6..d5d1eedeb5f3 100644
--- a/libexec/comsat/comsat.c
+++ b/libexec/comsat/comsat.c
@@ -59,7 +59,7 @@ static int debug = 0;
static char hostname[MAXHOSTNAMELEN];
-static void jkfprintf(FILE *, char[], char[], off_t);
+static void jkfprintf(FILE *, char[], off_t);
static void mailfor(char *);
static void notify(struct utmpx *, char[], off_t, int);
static void reapchildren(int);
@@ -147,6 +147,7 @@ notify(struct utmpx *utp, char file[], off_t offset, int folder)
FILE *tp;
struct stat stb;
struct termios tio;
+ struct passwd *p;
char tty[20];
const char *s = utp->ut_line;
@@ -180,6 +181,14 @@ notify(struct utmpx *utp, char file[], off_t offset, int folder)
}
(void)tcgetattr(fileno(tp), &tio);
cr = ((tio.c_oflag & (OPOST|ONLCR)) == (OPOST|ONLCR)) ? "\n" : "\n\r";
+
+ /* Set uid/gid/groups to user's in case mail drop is on nfs */
+ if ((p = getpwnam(utp->ut_user)) == NULL ||
+ initgroups(p->pw_name, p->pw_gid) == -1 ||
+ setgid(p->pw_gid) == -1 ||
+ setuid(p->pw_uid) == -1)
+ return;
+
switch (stb.st_mode & (S_IXUSR | S_IXGRP)) {
case S_IXUSR:
case (S_IXUSR | S_IXGRP):
@@ -188,7 +197,7 @@ notify(struct utmpx *utp, char file[], off_t offset, int folder)
cr, utp->ut_user, (int)sizeof(hostname), hostname,
folder ? cr : "", folder ? "to " : "", folder ? file : "",
cr, cr);
- jkfprintf(tp, utp->ut_user, file, offset);
+ jkfprintf(tp, file, offset);
break;
case S_IXGRP:
(void)fprintf(tp, "\007");
@@ -204,21 +213,13 @@ notify(struct utmpx *utp, char file[], off_t offset, int folder)
}
static void
-jkfprintf(FILE *tp, char user[], char file[], off_t offset)
+jkfprintf(FILE *tp, char file[], off_t offset)
{
unsigned char *cp, ch;
FILE *fi;
int linecnt, charcnt, inheader;
- struct passwd *p;
unsigned char line[BUFSIZ];
- /* Set uid/gid/groups to user's in case mail drop is on nfs */
- if ((p = getpwnam(user)) == NULL ||
- initgroups(p->pw_name, p->pw_gid) == -1 ||
- setgid(p->pw_gid) == -1 ||
- setuid(p->pw_uid) == -1)
- return;
-
if ((fi = fopen(file, "r")) == NULL)
return;