diff options
author | ru <ru@FreeBSD.org> | 2001-09-04 16:15:51 +0000 |
---|---|---|
committer | ru <ru@FreeBSD.org> | 2001-09-04 16:15:51 +0000 |
commit | 3527c363d57e1688de0e11e9b409130ba99d6c4a (patch) | |
tree | 5b951c59f980d8ae3d357a450261430a7153bb9b /usr.bin/at/panic.c | |
parent | f83248d955e55cba999d478b18b0216f1540e7a0 (diff) | |
download | FreeBSD-src-3527c363d57e1688de0e11e9b409130ba99d6c4a.zip FreeBSD-src-3527c363d57e1688de0e11e9b409130ba99d6c4a.tar.gz |
SECURITY.
Fixed macros for temporarily relinquishing and restoring setuid/setgid
privileges so that they never change the real user and group IDs of
the calling process.
The setre[ug]id() calls are still used in the REDUCE_PERM macro (with
the r[ug]id arguments of -1) so that the call changes the saved user
and group IDs of the process to that specified.
Also, the panic() and perr() functions had insufficient privileges to
delete the problematic file under /var/at.
Diffstat (limited to 'usr.bin/at/panic.c')
-rw-r--r-- | usr.bin/at/panic.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/usr.bin/at/panic.c b/usr.bin/at/panic.c index 9cabc1d..cf6d041 100644 --- a/usr.bin/at/panic.c +++ b/usr.bin/at/panic.c @@ -39,6 +39,7 @@ static const char rcsid[] = /* Local headers */ #include "panic.h" +#include "privs.h" #include "at.h" /* External variables */ @@ -50,8 +51,11 @@ panic(char *a) { /* Something fatal has happened, print error message and exit. */ - if (fcreated) + if (fcreated) { + PRIV_START unlink(atfile); + PRIV_END + } errx(EXIT_FAILURE, "%s", a); } @@ -63,8 +67,11 @@ perr(char *a) */ int serrno = errno; - if (fcreated) + if (fcreated) { + PRIV_START unlink(atfile); + PRIV_END + } errno = serrno; err(EXIT_FAILURE, "%s", a); |