Check the return error of set[ug]id. While this can never fail in the

current version of FreeBSD, this isn't guarenteed by the API. Custom security modules, or future implementations of the setuid and setgid may fail. PR: bin/172289 PR: bin/172290 PR: bin/172291 Submittud by: Erik Cederstrand <erik@cederstrand.dk> Discussed by: freebsd-security Approved by: cperciva MFC after: 1 week
author: eadler <eadler@FreeBSD.org> 2012-10-22 03:31:22 +0000
committer: eadler <eadler@FreeBSD.org> 2012-10-22 03:31:22 +0000
commit: 4bc19b04c5658de751c40ddf1399ab0dd1d895e7 (patch)
tree: 3aa86a2f61ac3b57647e44878110dc60da9069e7 /usr.sbin/lpr/lpc
parent: f4d42efdb90dc9f022d3764a5d1ddcfe4a846713 (diff)
download: FreeBSD-src-4bc19b04c5658de751c40ddf1399ab0dd1d895e7.zip
FreeBSD-src-4bc19b04c5658de751c40ddf1399ab0dd1d895e7.tar.gz
3 files changed, 36 insertions, 34 deletions
diff --git a/usr.sbin/lpr/lpc/cmds.c b/usr.sbin/lpr/lpc/cmds.c
index 44516d8..f960f7c 100644
--- a/usr.sbin/lpr/lpc/cmds.c
+++ b/usr.sbin/lpr/lpc/cmds.c
@@ -54,6 +54,7 @@ __FBSDID("$FreeBSD$");
 
 #include <signal.h>
 #include <fcntl.h>
+#include <err.h>
 #include <errno.h>
 #include <dirent.h>
 #include <unistd.h>
@@ -288,10 +289,10 @@ kill_qtask(const char *lf)
 	pid_t pid;
 	int errsav, killres, lockres, res;
 
-	seteuid(euid);
+	PRIV_START
 	fp = fopen(lf, "r");
 	errsav = errno;
-	seteuid(uid);
+	PRIV_END
 	res = KQT_NODAEMON;
 	if (fp == NULL) {
 		/*
@@ -329,10 +330,10 @@ kill_qtask(const char *lf)
 		goto killdone;
 	}
 
-	seteuid(uid);
+	PRIV_END
 	killres = kill(pid, SIGTERM);
 	errsav = errno;
-	seteuid(uid);
+	PRIV_END
 	if (killres == 0) {
 		res = KQT_KILLOK;
 		printf("\tdaemon (pid %d) killed\n", pid);
@@ -376,9 +377,9 @@ upstat(struct printer *pp, const char *msg, int notifyuser)
 
 	status_file_name(pp, statfile, sizeof statfile);
 	umask(0);
-	seteuid(euid);
+	PRIV_START
 	fd = open(statfile, O_WRONLY|O_CREAT|O_EXLOCK, STAT_FILE_MODE);
-	seteuid(uid);
+	PRIV_END
 	if (fd < 0) {
 		printf("\tcannot create status file: %s\n", strerror(errno));
 		return;
@@ -683,9 +684,9 @@ clean_q(struct printer *pp)
 	linerem = sizeof(line) - (lp - line);
 
 	cln_foundcore = 0;
-	seteuid(euid);
+	PRIV_START
 	nitems = scandir(pp->spool_dir, &queue, doselect, sortq);
-	seteuid(uid);
+	PRIV_END
 	if (nitems < 0) {
 		if (!didhead) {
 			printf("%s:\n", pp->printer);
@@ -795,9 +796,9 @@ unlinkf(char *name)
 	 * that case, we need to check the last-mod time of the symlink, and
 	 * not the file that the symlink is pointed at.
 	 */
-	seteuid(euid);
+	PRIV_START
 	res = lstat(name, &stbuf);
-	seteuid(uid);
+	PRIV_END
 	if (res < 0) {
 		printf("\terror return from stat(%s):\n", name);
 		printf("\t      %s\n", strerror(errno));
@@ -819,9 +820,9 @@ unlinkf(char *name)
 	 * symlink before unlink-ing the file itself
 	 */
 	if (S_ISLNK(stbuf.st_mode)) {
-		seteuid(euid);
+		PRIV_START
 		res = readlink(name, linkbuf, sizeof(linkbuf));
-		seteuid(uid);
+		PRIV_END
 		if (res < 0) {
 			printf("\terror return from readlink(%s):\n", name);
 			printf("\t      %s\n", strerror(errno));
@@ -841,9 +842,9 @@ unlinkf(char *name)
 			printf("\t    (which is a symlink to %s)\n", linkbuf);
 		}
 	} else {
-		seteuid(euid);
+		PRIV_START
 		res = unlink(name);
-		seteuid(uid);
+		PRIV_END
 		if (res < 0)
 			printf("\tcannot remove %s (!)\n", name);
 		else
@@ -983,9 +984,9 @@ restart_q(struct printer *pp)
 	/* make sure the queue is set to print jobs */
 	setres = set_qstate(SQS_STARTP, lf);
 
-	seteuid(euid);
+	PRIV_START
 	startok = startdaemon(pp);
-	seteuid(uid);
+	PRIV_END
 	if (!startok)
 		printf("\tcouldn't restart daemon\n");
 	else
@@ -1049,14 +1050,14 @@ start_q(struct printer *pp)
 
 	setres = set_qstate(SQS_STARTP, lf);
 
-	seteuid(euid);
+	PRIV_START
 	startok = startdaemon(pp);
-	seteuid(uid);
+	PRIV_END
 	if (!startok)
 		printf("\tcouldn't start daemon\n");
 	else
 		printf("\tdaemon started\n");
-	seteuid(uid);
+	PRIV_END
 }
 
 /*
@@ -1178,12 +1179,12 @@ topq(int argc, char *argv[])
 	}
 	printf("%s:\n", pp->printer);
 
-	seteuid(euid);
+	PRIV_START
 	if (chdir(pp->spool_dir) < 0) {
 		printf("\tcannot chdir to %s\n", pp->spool_dir);
 		goto out;
 	}
-	seteuid(uid);
+	PRIV_END
 	nitems = getq(pp, &queue);
 	if (nitems == 0)
 		return;
@@ -1207,12 +1208,12 @@ topq(int argc, char *argv[])
 	 * Turn on the public execute bit of the lock file to
 	 * get lpd to rebuild the queue after the current job.
 	 */
-	seteuid(euid);
+	PRIV_START
 	if (changed && stat(pp->lock_file, &stbuf) >= 0)
 		(void) chmod(pp->lock_file, stbuf.st_mode | LFM_RESET_QUE);
 
 out:
-	seteuid(uid);
+	PRIV_END
 } 
 
 /*
@@ -1227,9 +1228,9 @@ touch(struct jobqueue *jq)
 
 	tvp[0].tv_sec = tvp[1].tv_sec = --mtime;
 	tvp[0].tv_usec = tvp[1].tv_usec = 0;
-	seteuid(euid);
+	PRIV_START
 	ret = utimes(jq->job_cfname, tvp);
-	seteuid(uid);
+	PRIV_END
 	return (ret);
 }
 
@@ -1286,9 +1287,9 @@ doarg(char *job)
 	 * Process item consisting of owner's name (example: henry).
 	 */
 	for (qq = queue + nitems; --qq >= queue; ) {
-		seteuid(euid);
+		PRIV_START
 		fp = fopen((*qq)->job_cfname, "r");
-		seteuid(uid);
+		PRIV_END
 		if (fp == NULL)
 			continue;
 		while (getline(fp) > 0)
@@ -1319,9 +1320,9 @@ up_q(struct printer *pp)
 
 	setres = set_qstate(SQS_ENABLEQ+SQS_STARTP, lf);
 
-	seteuid(euid);
+	PRIV_START
 	startok = startdaemon(pp);
-	seteuid(uid);
+	PRIV_END
 	if (!startok)
 		printf("\tcouldn't start daemon\n");
 	else
diff --git a/usr.sbin/lpr/lpc/lpc.c b/usr.sbin/lpr/lpc/lpc.c
index f9fb920..cc58bd9 100644
--- a/usr.sbin/lpr/lpc/lpc.c
+++ b/usr.sbin/lpr/lpc/lpc.c
@@ -93,7 +93,7 @@ main(int argc, char *argv[])
 
 	euid = geteuid();
 	uid = getuid();
-	seteuid(uid);
+	PRIV_END
 	progname = argv[0];
 	openlog("lpd", 0, LOG_LPR);
 
@@ -405,9 +405,9 @@ setup_myprinter(char *pwanted, struct printer *pp, int sump_opts)
 		printf("%s:\n", pp->printer);
 
 	if (sump_opts & SUMP_CHDIR_SD) {
-		seteuid(euid);
+		PRIV_START
 		cdres = chdir(pp->spool_dir);
-		seteuid(uid);
+		PRIV_END
 		if (cdres < 0) {
 			printf("\tcannot chdir to %s\n", pp->spool_dir);
 			free_printer(pp);
diff --git a/usr.sbin/lpr/lpc/movejobs.c b/usr.sbin/lpr/lpc/movejobs.c
index 60c9b38..c349601 100644
--- a/usr.sbin/lpr/lpc/movejobs.c
+++ b/usr.sbin/lpr/lpc/movejobs.c
@@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$");
 
 #include <ctype.h>
 #include <dirent.h>	/* just for MAXNAMLEN, for job_cfname in lp.h! */
+#include <err.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -147,9 +148,9 @@ touch_jqe(void *myinfo, struct jobqueue *jq, struct jobspec *jspec)
 	touch_info = myinfo;
 	tvp[0].tv_sec = tvp[1].tv_sec = ++touch_info->newtime;
 	tvp[0].tv_usec = tvp[1].tv_usec = 0;
-	seteuid(euid);
+	PRIV_START
 	ret = utimes(jq->job_cfname, tvp);
-	seteuid(uid);
+	PRIV_END
 
 	if (ret == 0) {
 		if (jspec->matcheduser)
author	eadler <eadler@FreeBSD.org>	2012-10-22 03:31:22 +0000
committer	eadler <eadler@FreeBSD.org>	2012-10-22 03:31:22 +0000
commit	4bc19b04c5658de751c40ddf1399ab0dd1d895e7 (patch)
tree	3aa86a2f61ac3b57647e44878110dc60da9069e7 /usr.sbin/lpr/lpc
parent	f4d42efdb90dc9f022d3764a5d1ddcfe4a846713 (diff)
download	FreeBSD-src-4bc19b04c5658de751c40ddf1399ab0dd1d895e7.zip FreeBSD-src-4bc19b04c5658de751c40ddf1399ab0dd1d895e7.tar.gz