bin/172290: bin/at: Check return value of setuid() and friends

Tue, 02 Oct 2012 15:30:27 -0700 

>Number:         172290
>Category:       bin
>Synopsis:       bin/at: Check return value of setuid() and friends
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 02 22:30:11 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Erik Cederstrand
>Release:        CURRENT
>Organization:
>Environment:
>Description:
Similar to PR bin/172289, at(1) doesn't check the return value of setuid() and 
similar functions. If setuid() fails, which it can do for a number of reasons, 
root privileges are not dropped.
>How-To-Repeat:

>Fix:
Check return value of setuid and related functions and fail if necessary

Patch attached with submission follows:

Index: privs.h
===================================================================
--- privs.h     (revision 240960)
+++ privs.h     (working copy)
@@ -74,8 +74,8 @@
        effective_uid = geteuid(); \
        real_gid = getgid(); \
        effective_gid = getegid(); \
-       seteuid(real_uid); \
-       setegid(real_gid); \
+       if (seteuid(real_uid) != 0) err(1, "seteuid failed"); \
+       if (setegid(real_gid) != 0) err(1, "setegid failed"); \
 }
 
 #define RELINQUISH_PRIVS_ROOT(a, b) { \
@@ -83,26 +83,26 @@
        effective_uid = geteuid(); \
        real_gid = (b); \
        effective_gid = getegid(); \
-       setegid(real_gid); \
-       seteuid(real_uid); \
+       if (setegid(real_gid) != 0) err(1, "setegid failed"); \
+       if (seteuid(real_uid) != 0) err(1, "seteuid failed"); \
 }
 
 #define PRIV_START { \
-       seteuid(effective_uid); \
-       setegid(effective_gid); \
+       if (seteuid(effective_uid) != 0) err(1, "seteuid failed"); \
+       if (setegid(effective_gid) != 0) err(1, "setegid failed"); \
 }
 
 #define PRIV_END { \
-       setegid(real_gid); \
-       seteuid(real_uid); \
+       if (setegid(real_gid) != 0) err(1, "setegid failed"); \
+       if (seteuid(real_uid) != 0) err(1, "seteuid failed"); \
 }
 
 #define REDUCE_PRIV(a, b) { \
        PRIV_START \
        effective_uid = (a); \
        effective_gid = (b); \
-       setreuid((uid_t)-1, effective_uid); \
-       setregid((gid_t)-1, effective_gid); \
+       if (setreuid((uid_t)-1, effective_uid) != 0) err(1, "setreuid failed"); 
\
+       if (setregid((gid_t)-1, effective_gid) != 0) err(1, "setregid failed"); 
\
        PRIV_END \
 }
 #endif


>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"

Reply via email to