diff options
| author | mpp <mpp@FreeBSD.org> | 1997-02-09 07:45:03 +0000 |
|---|---|---|
| committer | mpp <mpp@FreeBSD.org> | 1997-02-09 07:45:03 +0000 |
| commit | 60aa846017d4c72f8e25fbe322c4b77520802199 (patch) | |
| tree | 8b1279230d967d3a3b30272a776d111e5154c4cb /usr.bin/calendar | |
| parent | f1090aa26113e20b2830528e76f7b80924fd9921 (diff) | |
| download | FreeBSD-src-60aa846017d4c72f8e25fbe322c4b77520802199.zip FreeBSD-src-60aa846017d4c72f8e25fbe322c4b77520802199.tar.gz | |
Really fix calendar to drop all permissions when
run with "calendar -a". Also don't ignore the return
values from the setuid/setgid calls.
Thanks to bde for making me this about this.
Diffstat (limited to 'usr.bin/calendar')
| -rw-r--r-- | usr.bin/calendar/io.c | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/usr.bin/calendar/io.c b/usr.bin/calendar/io.c index 68b8895..ee04e93 100644 --- a/usr.bin/calendar/io.c +++ b/usr.bin/calendar/io.c @@ -223,6 +223,7 @@ char path[MAXPATHLEN + 1]; FILE * opencal() { + uid_t uid; int fd, pdes[2]; struct stat sbuf; @@ -256,8 +257,19 @@ opencal() (void)close(pdes[1]); } (void)close(pdes[0]); - (void)setuid(geteuid()); - (void)setgid(getegid()); + uid = geteuid(); + if (setuid(getuid()) < 0) { + fprintf(stderr, "calendar: first setuid failed\n"); + _exit(1); + }; + if (setgid(getegid()) < 0) { + fprintf(stderr, "calendar: setegid failed\n"); + _exit(1); + } + if (setuid(uid) < 0) { + fprintf(stderr, "caelndar: setuid failed\n"); + _exit(1); + } execl(_PATH_CPP, "cpp", "-P", "-I.", _PATH_INCLUDE, NULL); (void)fprintf(stderr, "calendar: execl: %s: %s.\n", _PATH_CPP, strerror(errno)); @@ -283,6 +295,7 @@ void closecal(fp) FILE *fp; { + uid_t uid; struct stat sbuf; int nread, pdes[2], status; char buf[1024]; @@ -307,8 +320,19 @@ closecal(fp) (void)close(pdes[0]); } (void)close(pdes[1]); - (void)setuid(geteuid()); - (void)setegid(getegid()); + uid = geteuid(); + if (setuid(getuid()) < 0) { + fprintf(stderr, "calendar: setuid failed\n"); + _exit(1); + }; + if (setgid(getegid()) < 0) { + fprintf(stderr, "calendar: setegid failed\n"); + _exit(1); + } + if (setuid(uid) < 0) { + fprintf(stderr, "caelndar: setuid failed\n"); + _exit(1); + } execl(_PATH_SENDMAIL, "sendmail", "-i", "-t", "-F", "\"Reminder Service\"", "-f", "root", NULL); (void)fprintf(stderr, |
