Author: eadler
Date: Sat Oct 27 01:20:48 2012
New Revision: 242164
URL: http://svn.freebsd.org/changeset/base/242164
Log:
MFC r241848:
Check the return error of set[e][ug]id. While this can never fail in the
current version of FreeBSD, this isn't guarenteed by the API.
Custom security modules, or future implementations of the setuid and
setgid may fail.
Approved by: cperciva (implicit)
Modified:
stable/8/libexec/tftpd/tftpd.c
stable/8/sbin/ccdconfig/ccdconfig.c
stable/8/sbin/restore/tape.c
stable/8/usr.bin/lock/lock.c
stable/8/usr.bin/msgs/msgs.c
stable/8/usr.bin/wall/wall.c
stable/8/usr.sbin/edquota/edquota.c
stable/8/usr.sbin/kgmon/kgmon.c
Directory Properties:
stable/8/libexec/tftpd/ (props changed)
stable/8/sbin/ccdconfig/ (props changed)
stable/8/sbin/restore/ (props changed)
stable/8/usr.bin/lock/ (props changed)
stable/8/usr.bin/msgs/ (props changed)
stable/8/usr.bin/wall/ (props changed)
stable/8/usr.sbin/edquota/ (props changed)
stable/8/usr.sbin/kgmon/ (props changed)
Modified: stable/8/libexec/tftpd/tftpd.c
==============================================================================
--- stable/8/libexec/tftpd/tftpd.c Fri Oct 26 22:32:26 2012
(r242163)
+++ stable/8/libexec/tftpd/tftpd.c Sat Oct 27 01:20:48 2012
(r242164)
@@ -371,7 +371,10 @@ main(int argc, char *argv[])
}
chdir("/");
setgroups(1, &nobody->pw_gid);
- setuid(nobody->pw_uid);
+ if (setuid(nobody->pw_uid) != 0) {
+ tftp_log(LOG_ERR, "setuid failed");
+ exit(1);
+ }
}
len = sizeof(me_sock);
Modified: stable/8/sbin/ccdconfig/ccdconfig.c
==============================================================================
--- stable/8/sbin/ccdconfig/ccdconfig.c Fri Oct 26 22:32:26 2012
(r242163)
+++ stable/8/sbin/ccdconfig/ccdconfig.c Sat Oct 27 01:20:48 2012
(r242164)
@@ -289,13 +289,16 @@ do_all(int action)
rval = 0;
egid = getegid();
- setegid(getgid());
+ if (setegid(getgid()) != 0)
+ err(1, "setegid failed");
if ((f = fopen(ccdconf, "r")) == NULL) {
- setegid(egid);
+ if (setegid(egid) != 0)
+ err(1, "setegid failed");
warn("fopen: %s", ccdconf);
return (1);
}
- setegid(egid);
+ if (setegid(egid) != 0)
+ err(1, "setegid failed");
while (fgets(line, sizeof(line), f) != NULL) {
argc = 0;
Modified: stable/8/sbin/restore/tape.c
==============================================================================
--- stable/8/sbin/restore/tape.c Fri Oct 26 22:32:26 2012
(r242163)
+++ stable/8/sbin/restore/tape.c Sat Oct 27 01:20:48 2012
(r242164)
@@ -164,7 +164,11 @@ setinput(char *source, int ispipecommand
}
pipein++;
}
- setuid(getuid()); /* no longer need or want root privileges */
+ /* no longer need or want root privileges */
+ if (setuid(getuid()) != 0) {
+ fprintf(stderr, "setuid failed\n");
+ done(1);
+ }
magtape = strdup(source);
if (magtape == NULL) {
fprintf(stderr, "Cannot allocate space for magtape buffer\n");
Modified: stable/8/usr.bin/lock/lock.c
==============================================================================
--- stable/8/usr.bin/lock/lock.c Fri Oct 26 22:32:26 2012
(r242163)
+++ stable/8/usr.bin/lock/lock.c Sat Oct 27 01:20:48 2012
(r242164)
@@ -132,7 +132,9 @@ main(int argc, char **argv)
}
timeout.tv_sec = sectimeout * 60;
- setuid(getuid()); /* discard privs */
+ /* discard privs */
+ if (setuid(getuid()) != 0)
+ errx(1, "setuid failed");
if (tcgetattr(0, &tty)) /* get information for header */
exit(1);
Modified: stable/8/usr.bin/msgs/msgs.c
==============================================================================
--- stable/8/usr.bin/msgs/msgs.c Fri Oct 26 22:32:26 2012
(r242163)
+++ stable/8/usr.bin/msgs/msgs.c Sat Oct 27 01:20:48 2012
(r242164)
@@ -179,7 +179,8 @@ main(int argc, char *argv[])
setlocale(LC_ALL, "");
time(&t);
- setuid(uid = getuid());
+ if (setuid(uid = getuid()) != 0)
+ err(1, "setuid failed");
ruptible = (signal(SIGINT, SIG_IGN) == SIG_DFL);
if (ruptible)
signal(SIGINT, SIG_DFL);
Modified: stable/8/usr.bin/wall/wall.c
==============================================================================
--- stable/8/usr.bin/wall/wall.c Fri Oct 26 22:32:26 2012
(r242163)
+++ stable/8/usr.bin/wall/wall.c Sat Oct 27 01:20:48 2012
(r242164)
@@ -249,7 +249,8 @@ makemsg(char *fname)
setegid(getgid());
if (freopen(fname, "r", stdin) == NULL)
err(1, "can't read %s", fname);
- setegid(egid);
+ if (setegid(egid) != 0)
+ err(1, "setegid failed");
}
cnt = 0;
while (fgets(lbuf, sizeof(lbuf), stdin)) {
Modified: stable/8/usr.sbin/edquota/edquota.c
==============================================================================
--- stable/8/usr.sbin/edquota/edquota.c Fri Oct 26 22:32:26 2012
(r242163)
+++ stable/8/usr.sbin/edquota/edquota.c Sat Oct 27 01:20:48 2012
(r242164)
@@ -515,8 +515,10 @@ editit(char *tmpf)
const char *ed;
sigsetmask(omask);
- setgid(getgid());
- setuid(getuid());
+ if (setgid(getgid()) != 0)
+ err(1, "setgid failed");
+ if (setuid(getuid()) != 0)
+ err(1, "setuid failed");
if ((ed = getenv("EDITOR")) == (char *)0)
ed = _PATH_VI;
execlp(ed, ed, tmpf, (char *)0);
Modified: stable/8/usr.sbin/kgmon/kgmon.c
==============================================================================
--- stable/8/usr.sbin/kgmon/kgmon.c Fri Oct 26 22:32:26 2012
(r242163)
+++ stable/8/usr.sbin/kgmon/kgmon.c Sat Oct 27 01:20:48 2012
(r242164)
@@ -90,7 +90,9 @@ main(int argc, char **argv)
struct kvmvars kvmvars;
char *system, *kmemf;
- seteuid(getuid());
+ if (seteuid(getuid()) != 0) {
+ err(1, "seteuid failed\n");
+ }
kmemf = NULL;
system = NULL;
while ((ch = getopt(argc, argv, "M:N:Bbhpr")) != -1) {
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
