re: CVS commit: src/usr.bin/rsh
David A. Holland writes: Module Name: src Committed By: dholland Date: Thu Oct 30 06:13:50 UTC 2014 Modified Files: src/usr.bin/rsh: rsh.c Log Message: Drop setuid before execing rlogin. Failure to do so should be harmless, but is sloppy. as jnemeth reminded me, this code does not run set-id, so this change seems useless. .mrg.
Re: CVS commit: src/usr.bin/rsh
On Oct 30, 6:13am, David A. Holland wrote: } } Module Name: src } Committed By: dholland } Date: Thu Oct 30 06:13:50 UTC 2014 } } Modified Files: } src/usr.bin/rsh: rsh.c } } Log Message: } Drop setuid before execing rlogin. Failure to do so should be } harmless, but is sloppy. Uh... -r-xr-xr-x 1 root wheel 16303 Sep 18 17:35 /usr/bin/rsh* BTW: NetBSD server 6.1_STABLE NetBSD 6.1_STABLE (JNGATE) #1: Sat Oct 4 06:30:12 PDT 2014 root@:/sys/arch/amd64/compile/JNGATE amd64 }-- End of excerpt from David A. Holland
Re: CVS commit: src/usr.bin/rsh
On Wed, Oct 29, 2014 at 11:54:41PM -0700, John Nemeth wrote: On Oct 30, 6:13am, David A. Holland wrote: } } Module Name: src } Committed By: dholland } Date: Thu Oct 30 06:13:50 UTC 2014 } } Modified Files: }src/usr.bin/rsh: rsh.c } } Log Message: } Drop setuid before execing rlogin. Failure to do so should be } harmless, but is sloppy. Uh... -r-xr-xr-x 1 root wheel 16303 Sep 18 17:35 /usr/bin/rsh* -r-sr-xr-x 1 root wheel 16169 Sep 11 04:45 /bin/rcmd It doesn't *work* if not setuid. -- David A. Holland dholl...@netbsd.org
Re: CVS commit: src/usr.bin/rsh
On Thu, Oct 30, 2014 at 04:40:57PM +, David Holland wrote: } } Module Name:src } Committed By: dholland } Date: Thu Oct 30 06:13:50 UTC 2014 } } Modified Files: } src/usr.bin/rsh: rsh.c } } Log Message: } Drop setuid before execing rlogin. Failure to do so should be } harmless, but is sloppy. Uh... -r-xr-xr-x 1 root wheel 16303 Sep 18 17:35 /usr/bin/rsh* -r-sr-xr-x 1 root wheel 16169 Sep 11 04:45 /bin/rcmd It doesn't *work* if not setuid. Although I suppose that code is outside IN_RCMD. So maybe it's useless; but on the other hand, what are the odds of someone taking the code and installing it the traditional way? Plus I'm sure the Coverity report that triggered this discussion in the first place thought the code was running setuid. -- David A. Holland dholl...@netbsd.org
CVS commit: src/usr.bin/rsh
Module Name:src Committed By: dholland Date: Thu Oct 30 06:13:50 UTC 2014 Modified Files: src/usr.bin/rsh: rsh.c Log Message: Drop setuid before execing rlogin. Failure to do so should be harmless, but is sloppy. To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.37 src/usr.bin/rsh/rsh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/rsh/rsh.c diff -u src/usr.bin/rsh/rsh.c:1.36 src/usr.bin/rsh/rsh.c:1.37 --- src/usr.bin/rsh/rsh.c:1.36 Sun Jun 8 02:44:15 2014 +++ src/usr.bin/rsh/rsh.c Thu Oct 30 06:13:50 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: rsh.c,v 1.36 2014/06/08 02:44:15 enami Exp $ */ +/* $NetBSD: rsh.c,v 1.37 2014/10/30 06:13:50 dholland Exp $ */ /*- * Copyright (c) 1983, 1990, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1983, 19 #if 0 static char sccsid[] = @(#)rsh.c 8.4 (Berkeley) 4/29/95; #else -__RCSID($NetBSD: rsh.c,v 1.36 2014/06/08 02:44:15 enami Exp $); +__RCSID($NetBSD: rsh.c,v 1.37 2014/10/30 06:13:50 dholland Exp $); #endif #endif /* not lint */ @@ -203,6 +203,7 @@ main(int argc, char **argv) #else if (asrsh) *argv = __UNCONST(rlogin); + setuid(uid); execv(_PATH_RLOGIN, argv); err(1, can't exec %s, _PATH_RLOGIN); #endif
CVS commit: src/usr.bin/rsh
Module Name:src Committed By: dholland Date: Thu Oct 30 06:13:50 UTC 2014 Modified Files: src/usr.bin/rsh: rsh.c Log Message: Drop setuid before execing rlogin. Failure to do so should be harmless, but is sloppy. To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.37 src/usr.bin/rsh/rsh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.bin/rsh
Module Name:src Committed By: enami Date: Sun Jun 8 01:44:52 UTC 2014 Modified Files: src/usr.bin/rsh: rsh.c Log Message: Remove kerberos support code completely. It no longer compiles anyway. OK'ed by christos on tech-userlevel. To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/usr.bin/rsh/rsh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/rsh/rsh.c diff -u src/usr.bin/rsh/rsh.c:1.33 src/usr.bin/rsh/rsh.c:1.34 --- src/usr.bin/rsh/rsh.c:1.33 Mon Aug 29 14:22:46 2011 +++ src/usr.bin/rsh/rsh.c Sun Jun 8 01:44:52 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: rsh.c,v 1.33 2011/08/29 14:22:46 joerg Exp $ */ +/* $NetBSD: rsh.c,v 1.34 2014/06/08 01:44:52 enami Exp $ */ /*- * Copyright (c) 1983, 1990, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1983, 19 #if 0 static char sccsid[] = @(#)rsh.c 8.4 (Berkeley) 4/29/95; #else -__RCSID($NetBSD: rsh.c,v 1.33 2011/08/29 14:22:46 joerg Exp $); +__RCSID($NetBSD: rsh.c,v 1.34 2014/06/08 01:44:52 enami Exp $); #endif #endif /* not lint */ @@ -282,13 +282,8 @@ main(int argc, char **argv) else pid = -1; -#if defined(KERBEROS) defined(CRYPT) - if (!doencrypt) -#endif - { - (void)ioctl(remerr, FIONBIO, one); - (void)ioctl(rem, FIONBIO, one); - } + (void)ioctl(remerr, FIONBIO, one); + (void)ioctl(rem, FIONBIO, one); talk(nflag, oset, pid, rem); @@ -310,12 +305,7 @@ checkfd(struct pollfd *fdp, int outfd) return 0; errno = 0; -#if defined(KERBEROS) defined(CRYPT) - if (doencrypt) - nr = des_read(fdp-fd, buf, sizeof buf); - else -#endif - nr = read(fdp-fd, buf, sizeof buf); + nr = read(fdp-fd, buf, sizeof buf); if (nr = 0) { if (errno != EAGAIN) @@ -380,12 +370,7 @@ rewrite: if (poll(fdp, 1, INFTIM) == -1 if ((fdp-revents POLLOUT) == 0) goto rewrite; -#if defined(KERBEROS) defined(CRYPT) - if (doencrypt) -nw = des_write(rem, bp, nr); - else -#endif -nw = write(rem, bp, nr); + nw = write(rem, bp, nr); if (nw 0) { if (errno == EAGAIN)
CVS commit: src/usr.bin/rsh
Module Name:src Committed By: enami Date: Sun Jun 8 02:02:41 UTC 2014 Modified Files: src/usr.bin/rsh: rsh.c Log Message: Whitespace nits. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/usr.bin/rsh/rsh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/rsh/rsh.c diff -u src/usr.bin/rsh/rsh.c:1.34 src/usr.bin/rsh/rsh.c:1.35 --- src/usr.bin/rsh/rsh.c:1.34 Sun Jun 8 01:44:52 2014 +++ src/usr.bin/rsh/rsh.c Sun Jun 8 02:02:41 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: rsh.c,v 1.34 2014/06/08 01:44:52 enami Exp $ */ +/* $NetBSD: rsh.c,v 1.35 2014/06/08 02:02:41 enami Exp $ */ /*- * Copyright (c) 1983, 1990, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1983, 19 #if 0 static char sccsid[] = @(#)rsh.c 8.4 (Berkeley) 4/29/95; #else -__RCSID($NetBSD: rsh.c,v 1.34 2014/06/08 01:44:52 enami Exp $); +__RCSID($NetBSD: rsh.c,v 1.35 2014/06/08 02:02:41 enami Exp $); #endif #endif /* not lint */ @@ -300,7 +300,7 @@ checkfd(struct pollfd *fdp, int outfd) if (fdp-revents (POLLNVAL|POLLERR|POLLHUP)) return -1; - + if ((fdp-revents POLLIN) == 0) return 0; @@ -416,7 +416,7 @@ sendsig(int sig) char signo; signo = sig; - (void)write(remerr, signo, 1); + (void)write(remerr, signo, 1); }
CVS commit: src/usr.bin/rsh
Module Name:src Committed By: enami Date: Sun Jun 8 02:44:15 UTC 2014 Modified Files: src/usr.bin/rsh: rsh.c Log Message: Fix signal delivery to remote process; As described in rcmd(3), a signal is delivered to the remote process via the secondary channel. So, the backend driver, rcmd(1), is responsible to watch the file descriptor 2 and transfer the data to the remote process, rather than receiving signal by itself. Previously, signal generated by tty was sent since rcmd was incorrectly generated the data, but, for example, signal sent to rsh command by kill command was ignored. To generate a diff of this commit: cvs rdiff -u -r1.35 -r1.36 src/usr.bin/rsh/rsh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/rsh/rsh.c diff -u src/usr.bin/rsh/rsh.c:1.35 src/usr.bin/rsh/rsh.c:1.36 --- src/usr.bin/rsh/rsh.c:1.35 Sun Jun 8 02:02:41 2014 +++ src/usr.bin/rsh/rsh.c Sun Jun 8 02:44:15 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: rsh.c,v 1.35 2014/06/08 02:02:41 enami Exp $ */ +/* $NetBSD: rsh.c,v 1.36 2014/06/08 02:44:15 enami Exp $ */ /*- * Copyright (c) 1983, 1990, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1983, 19 #if 0 static char sccsid[] = @(#)rsh.c 8.4 (Berkeley) 4/29/95; #else -__RCSID($NetBSD: rsh.c,v 1.35 2014/06/08 02:02:41 enami Exp $); +__RCSID($NetBSD: rsh.c,v 1.36 2014/06/08 02:44:15 enami Exp $); #endif #endif /* not lint */ @@ -76,7 +76,9 @@ int remerr; static int sigs[] = { SIGINT, SIGTERM, SIGQUIT }; static char *copyargs(char **); +#ifndef IN_RCMD static void sendsig(int); +#endif static int checkfd(struct pollfd *, int); static void talk(int, sigset_t *, pid_t, int); __dead static void usage(void); @@ -265,6 +267,7 @@ main(int argc, char **argv) (void)sigprocmask(SIG_BLOCK, nset, oset); +#ifndef IN_RCMD for (i = 0; i sizeof(sigs) / sizeof(sigs[0]); i++) { struct sigaction sa; @@ -273,6 +276,7 @@ main(int argc, char **argv) (void)sigaction(sigs[i], sa, NULL); } } +#endif if (!nflag) { pid = fork(); @@ -329,7 +333,7 @@ static void talk(int nflag, sigset_t *oset, __pid_t pid, int rem) { int nr, nw, nfds; - struct pollfd fds[2], *fdp = fds[0]; + struct pollfd fds[3], *fdp = fds[0]; char *bp, buf[BUFSIZ]; if (!nflag pid == 0) { @@ -385,31 +389,48 @@ done: exit(0); } - (void)sigprocmask(SIG_SETMASK, oset, NULL); - fds[0].events = fds[1].events = POLLIN|POLLNVAL|POLLERR|POLLHUP; - fds[0].fd = remerr; - fds[1].fd = rem; +#ifdef IN_RCMD fdp = fds[0]; + nfds = 3; + fds[0].events = POLLIN|POLLNVAL|POLLERR|POLLHUP; + fds[0].fd = 2; +#else + (void)sigprocmask(SIG_SETMASK, oset, NULL); + fdp = fds[1]; nfds = 2; + fds[0].events = 0; +#endif + fds[1].events = fds[2].events = POLLIN|POLLNVAL|POLLERR|POLLHUP; + fds[1].fd = remerr; + fds[2].fd = rem; do { if (poll(fdp, nfds, INFTIM) == -1) { if (errno != EINTR) err(1, poll); continue; } - if (fds[0].events != 0 checkfd(fds[0], 2) == -1) { + if ((fds[1].events != 0 checkfd(fds[1], 2) == -1) +#ifdef IN_RCMD + || (fds[0].events != 0 checkfd(fds[0], remerr) == -1) +#endif + ) { + nfds--; + fds[1].events = 0; +#ifdef IN_RCMD nfds--; fds[0].events = 0; - fdp = fds[1]; +#endif + fdp = fds[2]; } - if (fds[1].events != 0 checkfd(fds[1], 1) == -1) { + if (fds[2].events != 0 checkfd(fds[2], 1) == -1) { nfds--; - fds[1].events = 0; + fds[2].events = 0; } } while (nfds); } +#ifndef IN_RCMD static void sendsig(int sig) { @@ -418,6 +439,7 @@ sendsig(int sig) signo = sig; (void)write(remerr, signo, 1); } +#endif static char *
CVS commit: src/usr.bin/rsh
Module Name:src Committed By: enami Date: Sun Jun 8 01:44:52 UTC 2014 Modified Files: src/usr.bin/rsh: rsh.c Log Message: Remove kerberos support code completely. It no longer compiles anyway. OK'ed by christos on tech-userlevel. To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/usr.bin/rsh/rsh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.bin/rsh
Module Name:src Committed By: enami Date: Sun Jun 8 02:02:41 UTC 2014 Modified Files: src/usr.bin/rsh: rsh.c Log Message: Whitespace nits. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/usr.bin/rsh/rsh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.bin/rsh
Module Name:src Committed By: enami Date: Sun Jun 8 02:44:15 UTC 2014 Modified Files: src/usr.bin/rsh: rsh.c Log Message: Fix signal delivery to remote process; As described in rcmd(3), a signal is delivered to the remote process via the secondary channel. So, the backend driver, rcmd(1), is responsible to watch the file descriptor 2 and transfer the data to the remote process, rather than receiving signal by itself. Previously, signal generated by tty was sent since rcmd was incorrectly generated the data, but, for example, signal sent to rsh command by kill command was ignored. To generate a diff of this commit: cvs rdiff -u -r1.35 -r1.36 src/usr.bin/rsh/rsh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.bin/rsh
Module Name:src Committed By: joerg Date: Mon Aug 29 14:22:47 UTC 2011 Modified Files: src/usr.bin/rsh: rsh.c Log Message: static + __dead To generate a diff of this commit: cvs rdiff -u -r1.32 -r1.33 src/usr.bin/rsh/rsh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/rsh/rsh.c diff -u src/usr.bin/rsh/rsh.c:1.32 src/usr.bin/rsh/rsh.c:1.33 --- src/usr.bin/rsh/rsh.c:1.32 Sat Oct 2 09:24:16 2010 +++ src/usr.bin/rsh/rsh.c Mon Aug 29 14:22:46 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: rsh.c,v 1.32 2010/10/02 09:24:16 gson Exp $ */ +/* $NetBSD: rsh.c,v 1.33 2011/08/29 14:22:46 joerg Exp $ */ /*- * Copyright (c) 1983, 1990, 1993, 1994 @@ -39,7 +39,7 @@ #if 0 static char sccsid[] = @(#)rsh.c 8.4 (Berkeley) 4/29/95; #else -__RCSID($NetBSD: rsh.c,v 1.32 2010/10/02 09:24:16 gson Exp $); +__RCSID($NetBSD: rsh.c,v 1.33 2011/08/29 14:22:46 joerg Exp $); #endif #endif /* not lint */ @@ -75,12 +75,11 @@ static int sigs[] = { SIGINT, SIGTERM, SIGQUIT }; -char *copyargs(char **); -void sendsig(int); -int checkfd(struct pollfd *, int); -void talk(int, sigset_t *, pid_t, int); -void usage(void); -int main(int, char **); +static char *copyargs(char **); +static void sendsig(int); +static int checkfd(struct pollfd *, int); +static void talk(int, sigset_t *, pid_t, int); +__dead static void usage(void); #ifdef IN_RCMD int orcmd(char **, int, const char *, const char *, const char *, int *); @@ -298,7 +297,7 @@ exit(0); } -int +static int checkfd(struct pollfd *fdp, int outfd) { int nr, nw; @@ -336,7 +335,7 @@ } } -void +static void talk(int nflag, sigset_t *oset, __pid_t pid, int rem) { int nr, nw, nfds; @@ -426,7 +425,7 @@ while (nfds); } -void +static void sendsig(int sig) { char signo; @@ -436,7 +435,7 @@ } -char * +static char * copyargs(char **argv) { int cc; @@ -458,7 +457,7 @@ return (args); } -void +static void usage(void) {
CVS commit: src/usr.bin/rsh
Module Name:src Committed By: joerg Date: Mon Aug 29 14:22:47 UTC 2011 Modified Files: src/usr.bin/rsh: rsh.c Log Message: static + __dead To generate a diff of this commit: cvs rdiff -u -r1.32 -r1.33 src/usr.bin/rsh/rsh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.bin/rsh
Module Name:src Committed By: gson Date: Sat Oct 2 09:24:16 UTC 2010 Modified Files: src/usr.bin/rsh: rsh.c Log Message: putenv() no longer accepts a const string To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.32 src/usr.bin/rsh/rsh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/rsh/rsh.c diff -u src/usr.bin/rsh/rsh.c:1.31 src/usr.bin/rsh/rsh.c:1.32 --- src/usr.bin/rsh/rsh.c:1.31 Sun Jan 18 00:42:35 2009 +++ src/usr.bin/rsh/rsh.c Sat Oct 2 09:24:16 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: rsh.c,v 1.31 2009/01/18 00:42:35 lukem Exp $ */ +/* $NetBSD: rsh.c,v 1.32 2010/10/02 09:24:16 gson Exp $ */ /*- * Copyright (c) 1983, 1990, 1993, 1994 @@ -39,7 +39,7 @@ #if 0 static char sccsid[] = @(#)rsh.c 8.4 (Berkeley) 4/29/95; #else -__RCSID($NetBSD: rsh.c,v 1.31 2009/01/18 00:42:35 lukem Exp $); +__RCSID($NetBSD: rsh.c,v 1.32 2010/10/02 09:24:16 gson Exp $); #endif #endif /* not lint */ @@ -135,7 +135,7 @@ if ((loop = getenv(RCMD_LOOP)) strcmp(loop, YES) == 0) warnx(rcmd appears to be looping!); - putenv(RCMD_LOOP=YES); + setenv(RCMD_LOOP, YES, 1); # define OPTIONS 468KLdel:np:u:w
CVS commit: src/usr.bin/rsh
Module Name:src Committed By: gson Date: Sat Oct 2 09:24:16 UTC 2010 Modified Files: src/usr.bin/rsh: rsh.c Log Message: putenv() no longer accepts a const string To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.32 src/usr.bin/rsh/rsh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.