diff options
author | jilles <jilles@FreeBSD.org> | 2011-04-25 10:14:29 +0000 |
---|---|---|
committer | jilles <jilles@FreeBSD.org> | 2011-04-25 10:14:29 +0000 |
commit | 836a99923bfdd79967762d0362f41ef4d5a258f4 (patch) | |
tree | 81a85488f0c2d87e9bff37e0f673d191c5350988 /bin/sh | |
parent | 54847e6220f3c2d8ee228890b20ced5023a7fcf6 (diff) | |
download | FreeBSD-src-836a99923bfdd79967762d0362f41ef4d5a258f4.zip FreeBSD-src-836a99923bfdd79967762d0362f41ef4d5a258f4.tar.gz |
sh: Check setuid()/setgid() return values.
If the -p option is turned off, privileges from a setuid or setgid binary
are dropped. Make sure to check if this succeeds. If it fails, this is an
error which will cause the shell to abort except in interactive mode or if
'command' was used to make 'set' or an outer 'eval' or '.' non-special.
Note that taking advantage of this feature and writing setuid shell scripts
seems unwise.
MFC after: 1 week
Diffstat (limited to 'bin/sh')
-rw-r--r-- | bin/sh/options.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/bin/sh/options.c b/bin/sh/options.c index d44e345..a99fe81 100644 --- a/bin/sh/options.c +++ b/bin/sh/options.c @@ -280,8 +280,10 @@ setoption(int flag, int val) int i; if (flag == 'p' && !val && privileged) { - (void) setuid(getuid()); - (void) setgid(getgid()); + if (setgid(getgid()) == -1) + error("setgid"); + if (setuid(getuid()) == -1) + error("setuid"); } for (i = 0; i < NOPTS; i++) if (optlist[i].letter == flag) { |