[vchkpw] Vuserinfo is trying to setuid() before checking if domain exists

Tue, 22 Jan 2008 05:11:43 -0800 

Hello,

I might found a little bug while using vuserinfo.

When you are trying to get the information on a non-existing domain, it will
try to setuid(0):

UID & GID:
[EMAIL PROTECTED]:~# getent passwd vpopmail
vpopmail:x:1011:1007::/home/vpopmail:/sbin/nologin
[EMAIL PROTECTED]:~# getent group vchkpw
vchkpw:x:1007:

Non existing domain:
[EMAIL PROTECTED]:~# strace vuserinfo [EMAIL PROTECTED] 2>&1 | grep -e setuid 
-e setgid
setgid32(0)                             = 0
setuid32(0)                             = 0

Existing domain:
[EMAIL PROTECTED]:~# strace vuserinfo [EMAIL PROTECTED] 2>&1 | grep -e setuid -e
setgid
setgid32(1007)                          = 0
setuid32(1011)                          = 0

I made a patch that will output an error message as I replace the 2
occurences of:

      /* setuid to the user first */
 vget_assign(Domain,NULL,0,&pw_uid,&pw_gid);

in vuserinfo.c by the following code:

        /* setuid to the user first */
        if (vget_assign(Domain,NULL,0,&pw_uid,&pw_gid) == NULL) {
          printf("no such domain %s\n", Domain);
          vexit(1);
        }

The patch was made for 5.4.24 and seems to work fine with 5.4.25

Before:
[EMAIL PROTECTED]:/usr/local/src/vpopmail-5.4.24$ vuserinfo [EMAIL PROTECTED]
Error: unable to setuid

After:
[EMAIL PROTECTED]:/usr/local/src/vpopmail-5.4.24$ ./vuserinfo [EMAIL PROTECTED]
no such domain d.com


Have a nice day!


!DSPAM:4795eb23310541894312331!

--- ./vuserinfo.c.orig	2008-01-22 13:33:21.000000000 +0100
+++ ./vuserinfo.c	2008-01-22 13:35:21.000000000 +0100
@@ -82,7 +82,10 @@
         }
 
 	/* setuid to the user first */
-	vget_assign(Domain,NULL,0,&pw_uid,&pw_gid);
+	if (vget_assign(Domain,NULL,0,&pw_uid,&pw_gid) == NULL) {
+	  printf("no such domain %s\n", Domain);
+	  vexit(1);
+	}
 	if ( setgid(pw_gid) == -1 || setuid(pw_uid) == -1 ) {
             printf("Error: unable to setuid\n");
             vexit(1);
@@ -103,7 +106,10 @@
         /* we want to see the entire domain */
 	first = 1;
 	/* setuid to the user first */
-	vget_assign(Domain,NULL,0,&pw_uid,&pw_gid);
+	if (vget_assign(Domain,NULL,0,&pw_uid,&pw_gid) == NULL) {
+	  printf("no such domain %s\n", Domain);
+	  vexit(1);
+	}
 	if ( setgid(pw_gid) == -1 || setuid(pw_uid) == -1 ) {
             	printf("Error: unable to setuid\n");
             	vexit(1);

Reply via email to