bin/172290: bin/at: Check return value of setuid() and friends
Erik Cederstrand
erik at cederstrand.dk
Tue Oct 2 22:30:12 UTC 2012
>Number: 172290
>Category: bin
>Synopsis: bin/at: Check return value of setuid() and friends
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Oct 02 22:30:11 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Erik Cederstrand
>Release: CURRENT
>Organization:
>Environment:
>Description:
Similar to PR bin/172289, at(1) doesn't check the return value of setuid() and similar functions. If setuid() fails, which it can do for a number of reasons, root privileges are not dropped.
>How-To-Repeat:
>Fix:
Check return value of setuid and related functions and fail if necessary
Patch attached with submission follows:
Index: privs.h
===================================================================
--- privs.h (revision 240960)
+++ privs.h (working copy)
@@ -74,8 +74,8 @@
effective_uid = geteuid(); \
real_gid = getgid(); \
effective_gid = getegid(); \
- seteuid(real_uid); \
- setegid(real_gid); \
+ if (seteuid(real_uid) != 0) err(1, "seteuid failed"); \
+ if (setegid(real_gid) != 0) err(1, "setegid failed"); \
}
#define RELINQUISH_PRIVS_ROOT(a, b) { \
@@ -83,26 +83,26 @@
effective_uid = geteuid(); \
real_gid = (b); \
effective_gid = getegid(); \
- setegid(real_gid); \
- seteuid(real_uid); \
+ if (setegid(real_gid) != 0) err(1, "setegid failed"); \
+ if (seteuid(real_uid) != 0) err(1, "seteuid failed"); \
}
#define PRIV_START { \
- seteuid(effective_uid); \
- setegid(effective_gid); \
+ if (seteuid(effective_uid) != 0) err(1, "seteuid failed"); \
+ if (setegid(effective_gid) != 0) err(1, "setegid failed"); \
}
#define PRIV_END { \
- setegid(real_gid); \
- seteuid(real_uid); \
+ if (setegid(real_gid) != 0) err(1, "setegid failed"); \
+ if (seteuid(real_uid) != 0) err(1, "seteuid failed"); \
}
#define REDUCE_PRIV(a, b) { \
PRIV_START \
effective_uid = (a); \
effective_gid = (b); \
- setreuid((uid_t)-1, effective_uid); \
- setregid((gid_t)-1, effective_gid); \
+ if (setreuid((uid_t)-1, effective_uid) != 0) err(1, "setreuid failed"); \
+ if (setregid((gid_t)-1, effective_gid) != 0) err(1, "setregid failed"); \
PRIV_END \
}
#endif
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list