From 836a99923bfdd79967762d0362f41ef4d5a258f4 Mon Sep 17 00:00:00 2001 From: jilles Date: Mon, 25 Apr 2011 10:14:29 +0000 Subject: sh: Check setuid()/setgid() return values. If the -p option is turned off, privileges from a setuid or setgid binary are dropped. Make sure to check if this succeeds. If it fails, this is an error which will cause the shell to abort except in interactive mode or if 'command' was used to make 'set' or an outer 'eval' or '.' non-special. Note that taking advantage of this feature and writing setuid shell scripts seems unwise. MFC after: 1 week --- bin/sh/options.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'bin') diff --git a/bin/sh/options.c b/bin/sh/options.c index d44e345..a99fe81 100644 --- a/bin/sh/options.c +++ b/bin/sh/options.c @@ -280,8 +280,10 @@ setoption(int flag, int val) int i; if (flag == 'p' && !val && privileged) { - (void) setuid(getuid()); - (void) setgid(getgid()); + if (setgid(getgid()) == -1) + error("setgid"); + if (setuid(getuid()) == -1) + error("setuid"); } for (i = 0; i < NOPTS; i++) if (optlist[i].letter == flag) { -- cgit v1.1