diff options
author | imp <imp@FreeBSD.org> | 1997-12-30 05:13:21 +0000 |
---|---|---|
committer | imp <imp@FreeBSD.org> | 1997-12-30 05:13:21 +0000 |
commit | a1d9242a6312c711c8640cd81f8515fd539f14d6 (patch) | |
tree | f24adb5a746d7c81aabee3d34f3c97e0d432be8d /sbin/ccdconfig | |
parent | 5ff3bce59b3abf33a1b903c31be1e95b99feb7c9 (diff) | |
download | FreeBSD-src-a1d9242a6312c711c8640cd81f8515fd539f14d6.zip FreeBSD-src-a1d9242a6312c711c8640cd81f8515fd539f14d6.tar.gz |
Properly drop group privs to open file names specified by the user.
Submitted by: Niall Smart rotel@indigo.ie
Obtained from: OpenBSD (rev 1.7 and 1.8)
Diffstat (limited to 'sbin/ccdconfig')
-rw-r--r-- | sbin/ccdconfig/ccdconfig.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/sbin/ccdconfig/ccdconfig.c b/sbin/ccdconfig/ccdconfig.c index 1045a9b..4d18a9c 100644 --- a/sbin/ccdconfig/ccdconfig.c +++ b/sbin/ccdconfig/ccdconfig.c @@ -1,4 +1,4 @@ -/* $Id: ccdconfig.c,v 1.6 1997/02/22 14:32:10 peter Exp $ */ +/* $Id: ccdconfig.c,v 1.7 1997/06/10 11:04:50 charnier Exp $ */ /* $NetBSD: ccdconfig.c,v 1.2.2.1 1995/11/11 02:43:35 thorpej Exp $ */ @@ -161,6 +161,15 @@ main(argc, argv) if (options > 1) usage(); + /* + * Discard setgid privileges if not the running kernel so that bad + * guys can't print interesting stuff from kernel memory. + */ + if (core != NULL || kernel != NULL || action != CCD_DUMP) { + setegid(getgid()); + setgid(getgid()); + } + switch (action) { case CCD_CONFIG: case CCD_UNCONFIG: @@ -307,11 +316,16 @@ do_all(action) char line[_POSIX2_LINE_MAX]; char *cp, **argv; int argc, rval; + gid_t egid; + egid = getegid(); + setegid(getgid()); if ((f = fopen(ccdconf, "r")) == NULL) { + setegid(egid); warn("fopen: %s", ccdconf); return (1); } + setegid(egid); while (fgets(line, sizeof(line), f) != NULL) { argc = 0; |