diff options
author | imp <imp@FreeBSD.org> | 1997-07-23 00:49:46 +0000 |
---|---|---|
committer | imp <imp@FreeBSD.org> | 1997-07-23 00:49:46 +0000 |
commit | f080009db57e6a7b246a2ab15d8a73e4563931b4 (patch) | |
tree | 3f6c130b47ee18671302ddcfcae8cef66be97455 /usr.sbin/lpr/lprm | |
parent | 5d2b7fa5ede6cefc6d4c6f7df3987bea7b9149b8 (diff) | |
download | FreeBSD-src-f080009db57e6a7b246a2ab15d8a73e4563931b4.zip FreeBSD-src-f080009db57e6a7b246a2ab15d8a73e4563931b4.tar.gz |
Use setuid/seteuid around dangerous operations. Also a few buffer
overflow patches that were "near" to where these operations are taking
place. The buffer overflows are from OpenBSD. The setuid/seteuid patches
are from NetBSD by way of OpenBSD (they changed them a little), at least from
my read of the tree.
This is the first of a series of OpenBSD lpr/et al merges. It (and them)
should be merged back into 2.2 and/or 2.1 (if requested) branches when they
have been shaken out in -current.
Obtained from: OpenBSD
Diffstat (limited to 'usr.sbin/lpr/lprm')
-rw-r--r-- | usr.sbin/lpr/lprm/lprm.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/usr.sbin/lpr/lprm/lprm.c b/usr.sbin/lpr/lprm/lprm.c index 20c4ee7..df3a6cb 100644 --- a/usr.sbin/lpr/lprm/lprm.c +++ b/usr.sbin/lpr/lprm/lprm.c @@ -74,6 +74,7 @@ int requ[MAXREQUESTS]; /* job number of spool entries */ int requests; /* # of spool requests */ char *user[MAXUSERS]; /* users to process */ int users; /* # of users in user array */ +uid_t uid, euid; /* real and effective user id's */ static char luser[16]; /* buffer for person */ @@ -87,6 +88,9 @@ main(argc, argv) register char *arg; struct passwd *p; + uid = getuid(); + euid = geteuid(); + seteuid(uid); /* be safe */ name = argv[0]; gethostname(host, sizeof(host)); openlog("lpd", 0, LOG_LPR); |