On 2009-01-07, patrick keshishian <[email protected]> wrote:
>>
>>
> http://git.ozlabs.org/?p=ppp.git;a=commit;h=a00baab063b349591289cbde22ab40cf80b8f0af
>>
>> We changed to use setresuid() rather than setuid(), but this didn't change
>> behaviour here. I guess many people will run pppd as root so they won't
>> notice the problem (afaict, it only happens if you start as a non-root
>> member of the group "network").
>
>
> As discussed (off-line) this was changed in -r1.45 by d...@.
> Since no one else is chiming in, I'm asking if someone will
> looking into updating this, or was there a valid reason why
> it was decided to prevent scripts to run with root privilege
> in our local copy of pppd?
you misinterpreted this,
>> We changed to use setresuid() rather than setuid(), but this didn't change
^^^^^^^^^^^^^^^^^^^^^^
>> behaviour here.
^^^^^^^^^^^^^^
upstream's old code: drop privileges
>> - (void) chdir ("/"); /* no current directory. */
>> - setuid(geteuid());
upstream's new code: setuid(root) (even though it's already running
as root..?)
>> + (void) chdir ("/"); /* no current directory. */
>> + setuid(0); /* set real UID = root */
the setuid() -> setresuid() change made in OpenBSD did not affect this.
the old version in OpenBSD and upstream both dropped privileges for
these scripts.
