diff options
author | ru <ru@FreeBSD.org> | 2001-09-06 11:54:28 +0000 |
---|---|---|
committer | ru <ru@FreeBSD.org> | 2001-09-06 11:54:28 +0000 |
commit | 40d29ec988364a2073a0fe8beb31e808ad5d748a (patch) | |
tree | 63e1fd5f8f3f0e02768bc042ca2cfe9159820d1f | |
parent | e797b5bf93846b2b5f21bd87baba151d2214c82c (diff) | |
download | FreeBSD-src-40d29ec988364a2073a0fe8beb31e808ad5d748a.zip FreeBSD-src-40d29ec988364a2073a0fe8beb31e808ad5d748a.tar.gz |
SECURITY.
Avoid using setre[ug]id() calls.
Removed the setgid stuff we don't need.
-rw-r--r-- | gnu/usr.bin/man/man/Makefile | 2 | ||||
-rw-r--r-- | gnu/usr.bin/man/man/man.c | 49 |
2 files changed, 18 insertions, 33 deletions
diff --git a/gnu/usr.bin/man/man/Makefile b/gnu/usr.bin/man/man/Makefile index 852e43b..050f1d4 100644 --- a/gnu/usr.bin/man/man/Makefile +++ b/gnu/usr.bin/man/man/Makefile @@ -20,7 +20,7 @@ CFLAGS+=-DHAVE_LIBZ=1 .endif CFLAGS+= -I${.CURDIR}/../lib -DSTDC_HEADERS -DPOSIX -DHAS_TROFF -CFLAGS+= -DDO_COMPRESS -DALT_SYSTEMS -DSETREUID -DCATMODE=0644 +CFLAGS+= -DDO_COMPRESS -DALT_SYSTEMS -DSETUID -DCATMODE=0644 CLEANFILES+= man.1 .PATH: ${.CURDIR}/../manpath diff --git a/gnu/usr.bin/man/man/man.c b/gnu/usr.bin/man/man/man.c index 5b35cde..1077f77 100644 --- a/gnu/usr.bin/man/man/man.c +++ b/gnu/usr.bin/man/man/man.c @@ -142,11 +142,9 @@ static char args[] = "M:P:S:adfhkp:w?"; #endif #endif -#ifdef SETREUID +#ifdef SETUID uid_t ruid; uid_t euid; -gid_t rgid; -gid_t egid; #endif int @@ -186,13 +184,10 @@ main (argc, argv) gripe_no_name (tmp); } -#ifdef SETREUID +#ifdef SETUID ruid = getuid(); - rgid = getgid(); euid = geteuid(); - egid = getegid(); - setreuid(-1, ruid); - setregid(-1, rgid); + seteuid(ruid); #endif while (optind < argc) @@ -1248,33 +1243,27 @@ make_cat_file (path, man_file, cat_file, manid) fprintf (stderr, "\ntrying command: %s\n", command); else { -#ifdef SETREUID - if (manid) { - setreuid(-1, ruid); - setregid(-1, rgid); - } +#ifdef SETUID + if (manid) + seteuid(ruid); #endif if ((pp = popen(command, "r")) == NULL) { s = errno; fprintf(stderr, "Failed.\n"); errno = s; perror("popen"); -#ifdef SETREUID - if (manid) { - setreuid(-1, euid); - setregid(-1, egid); - } +#ifdef SETUID + if (manid) + seteuid(euid); #endif unlink(temp); restore_sigs(); fclose(fp); return 0; } -#ifdef SETREUID - if (manid) { - setreuid(-1, euid); - setregid(-1, egid); - } +#ifdef SETUID + if (manid) + seteuid(euid); #endif f = 0; @@ -1412,16 +1401,10 @@ format_and_display (path, man_file, cat_file) else { -#ifdef SETREUID - setreuid(-1, euid); - setregid(-1, egid); +#ifdef SETUID + seteuid(euid); found = make_cat_file (path, man_file, cat_file, 1); -#else - found = make_cat_file (path, man_file, cat_file, 0); -#endif -#ifdef SETREUID - setreuid(-1, ruid); - setregid(-1, rgid); + seteuid(ruid); if (!found) { @@ -1432,6 +1415,8 @@ format_and_display (path, man_file, cat_file) of reading private man pages is avoided. */ found = make_cat_file (path, man_file, cat_file, 0); } +#else + found = make_cat_file (path, man_file, cat_file, 0); #endif #ifdef SECURE_MAN_UID if (!found) |