On 2009-01-07, patrick keshishian <pkesh...@gmail.com> wrote: >> >> > http://git.ozlabs.org/?p=ppp.git;a=commit;h=a00baab063b349591289cbde22ab40cf80b8f0af >> >> We changed to use setresuid() rather than setuid(), but this didn't change >> behaviour here. I guess many people will run pppd as root so they won't >> notice the problem (afaict, it only happens if you start as a non-root >> member of the group "network"). > > > As discussed (off-line) this was changed in -r1.45 by d...@. > Since no one else is chiming in, I'm asking if someone will > looking into updating this, or was there a valid reason why > it was decided to prevent scripts to run with root privilege > in our local copy of pppd?
you misinterpreted this, >> We changed to use setresuid() rather than setuid(), but this didn't change ^^^^^^^^^^^^^^^^^^^^^^ >> behaviour here. ^^^^^^^^^^^^^^ upstream's old code: drop privileges >> - (void) chdir ("/"); /* no current directory. */ >> - setuid(geteuid()); upstream's new code: setuid(root) (even though it's already running as root..?) >> + (void) chdir ("/"); /* no current directory. */ >> + setuid(0); /* set real UID = root */ the setuid() -> setresuid() change made in OpenBSD did not affect this. the old version in OpenBSD and upstream both dropped privileges for these scripts.