CVS commit: src
Module Name:src
Committed By: ozaki-r
Date: Wed Jul 1 08:33:31 UTC 2015
Modified Files:
src/distrib/sets/lists/tests: mi
src/tests/net/if: Makefile
Added Files:
src/tests/net/if: t_ifconfig.sh
Log Message:
Add tests of interface creation/destruction
To generate a diff of this commit:
cvs rdiff -u -r1.630 -r1.631 src/distrib/sets/lists/tests/mi
cvs rdiff -u -r1.4 -r1.5 src/tests/net/if/Makefile
cvs rdiff -u -r0 -r1.1 src/tests/net/if/t_ifconfig.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/distrib/sets/lists/tests/mi
diff -u src/distrib/sets/lists/tests/mi:1.630 src/distrib/sets/lists/tests/mi:1.631
--- src/distrib/sets/lists/tests/mi:1.630 Wed Jun 24 01:39:24 2015
+++ src/distrib/sets/lists/tests/mi Wed Jul 1 08:33:31 2015
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.630 2015/06/24 01:39:24 matt Exp $
+# $NetBSD: mi,v 1.631 2015/07/01 08:33:31 ozaki-r Exp $
#
# Note: don't delete entries from here - mark them as obsolete instead.
#
@@ -3138,6 +3138,7 @@
./usr/tests/net/if/ifconf tests-net-tests atf,rump
./usr/tests/net/if/t_compat tests-net-tests atf,rump
./usr/tests/net/if/t_ifconf tests-net-tests atf,rump
+./usr/tests/net/if/t_ifconfig tests-net-tests atf,rump
./usr/tests/net/if_bridge tests-net-tests compattestfile,atf
./usr/tests/net/if_bridge/Atffile tests-net-tests atf,rump
./usr/tests/net/if_bridge/Kyuafile tests-net-tests atf,rump,kyua
Index: src/tests/net/if/Makefile
diff -u src/tests/net/if/Makefile:1.4 src/tests/net/if/Makefile:1.5
--- src/tests/net/if/Makefile:1.4 Mon Dec 8 07:34:31 2014
+++ src/tests/net/if/Makefile Wed Jul 1 08:33:31 2015
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.4 2014/12/08 07:34:31 ozaki-r Exp $
+# $NetBSD: Makefile,v 1.5 2015/07/01 08:33:31 ozaki-r Exp $
#
.include bsd.own.mk
@@ -7,6 +7,7 @@ TESTSDIR= ${TESTSBASE}/net/if
TESTS_C= t_compat
TESTS_SH= t_ifconf
+TESTS_SH+= t_ifconfig
PROGS= ifconf
MAN.ifconf= # empty
Added files:
Index: src/tests/net/if/t_ifconfig.sh
diff -u /dev/null src/tests/net/if/t_ifconfig.sh:1.1
--- /dev/null Wed Jul 1 08:33:31 2015
+++ src/tests/net/if/t_ifconfig.sh Wed Jul 1 08:33:31 2015
@@ -0,0 +1,78 @@
+# $NetBSD: t_ifconfig.sh,v 1.1 2015/07/01 08:33:31 ozaki-r Exp $
+#
+# Copyright (c) 2015 The NetBSD Foundation, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#notice, this list of conditions and the following disclaimer in the
+#documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+RUMP_SERVER1=unix://./r1
+
+RUMP_FLAGS=\
+-lrumpnet -lrumpnet_net -lrumpnet_netinet -lrumpnet_netinet6 -lrumpnet_shmif
+
+atf_test_case create_destroy cleanup
+create_destroy_head()
+{
+
+ atf_set descr tests of ifconfig create and destroy
+ atf_set require.progs rump_server
+}
+
+create_destroy_body()
+{
+ atf_check -s exit:0 rump_server ${RUMP_FLAGS} ${RUMP_SERVER1}
+
+ export RUMP_SERVER=${RUMP_SERVER1}
+
+ # Create and destroy (no address)
+ atf_check -s exit:0 rump.ifconfig shmif0 create
+ atf_check -s exit:0 rump.ifconfig shmif0 destroy
+
+ # Create and destroy (with an IPv4 address)
+ atf_check -s exit:0 rump.ifconfig shmif0 create
+ atf_check -s exit:0 rump.ifconfig shmif0 linkstr shmbus
+ atf_check -s exit:0 rump.ifconfig shmif0 192.168.0.1/24
+ atf_check -s exit:0 rump.ifconfig shmif0 up
+ atf_check -s exit:0 rump.ifconfig shmif0 destroy
+
+ # Create and destroy (with an IPv6 address)
+ atf_check -s exit:0 rump.ifconfig shmif0 create
+ atf_check -s exit:0 rump.ifconfig shmif0 linkstr shmbus
+ atf_check -s exit:0 rump.ifconfig shmif0 inet6 fc00::1
+ atf_check -s exit:0 rump.ifconfig shmif0 up
+ atf_check -s exit:0 rump.ifconfig shmif0 destroy
+
+ unset RUMP_SERVER
+}
+
+create_destroy_cleanup()
+{
+
+ RUMP_SERVER=${RUMP_SERVER1}
CVS commit: src/sys/miscfs
Module Name:src Committed By: hannken Date: Wed Jul 1 08:13:53 UTC 2015 Modified Files: src/sys/miscfs/deadfs: dead_vfsops.c src/sys/miscfs/specfs: spec_vnops.c Log Message: Unfortunately MFS uses v_data of its anonymous device vnode so it cannot be used as vcache key. Use v_interlock as key ... To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/sys/miscfs/deadfs/dead_vfsops.c cvs rdiff -u -r1.152 -r1.153 src/sys/miscfs/specfs/spec_vnops.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/miscfs/deadfs/dead_vfsops.c diff -u src/sys/miscfs/deadfs/dead_vfsops.c:1.6 src/sys/miscfs/deadfs/dead_vfsops.c:1.7 --- src/sys/miscfs/deadfs/dead_vfsops.c:1.6 Tue Jun 30 06:19:22 2015 +++ src/sys/miscfs/deadfs/dead_vfsops.c Wed Jul 1 08:13:53 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: dead_vfsops.c,v 1.6 2015/06/30 06:19:22 hannken Exp $ */ +/* $NetBSD: dead_vfsops.c,v 1.7 2015/07/01 08:13:53 hannken Exp $ */ /*- * Copyright (c) 2014 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: dead_vfsops.c,v 1.6 2015/06/30 06:19:22 hannken Exp $); +__KERNEL_RCSID(0, $NetBSD: dead_vfsops.c,v 1.7 2015/07/01 08:13:53 hannken Exp $); #include sys/param.h #include sys/systm.h @@ -108,9 +108,8 @@ dead_newvnode(struct mount *mp, struct v uvm_vnp_setsize(vp, 0); spec_node_init(vp, vap-va_rdev); - vp-v_data = vp; - *key_len = sizeof(vp-v_data); - *new_key = vp-v_data; + *key_len = sizeof(vp-v_interlock); + *new_key = vp-v_interlock; return 0; } Index: src/sys/miscfs/specfs/spec_vnops.c diff -u src/sys/miscfs/specfs/spec_vnops.c:1.152 src/sys/miscfs/specfs/spec_vnops.c:1.153 --- src/sys/miscfs/specfs/spec_vnops.c:1.152 Tue Jun 30 06:19:21 2015 +++ src/sys/miscfs/specfs/spec_vnops.c Wed Jul 1 08:13:52 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: spec_vnops.c,v 1.152 2015/06/30 06:19:21 hannken Exp $ */ +/* $NetBSD: spec_vnops.c,v 1.153 2015/07/01 08:13:52 hannken Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -58,7 +58,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: spec_vnops.c,v 1.152 2015/06/30 06:19:21 hannken Exp $); +__KERNEL_RCSID(0, $NetBSD: spec_vnops.c,v 1.153 2015/07/01 08:13:52 hannken Exp $); #include sys/param.h #include sys/proc.h @@ -1097,8 +1097,7 @@ spec_reclaim(void *v) struct vnode *vp = ap-a_vp; KASSERT(vp-v_mount == dead_rootmount); - vcache_remove(vp-v_mount, vp-v_data, sizeof(vp-v_data)); - vp-v_data = NULL; + vcache_remove(vp-v_mount, vp-v_interlock, sizeof(vp-v_interlock)); return 0; }
CVS commit: src/distrib/sets/lists/xcomp
Module Name:src Committed By: christos Date: Wed Jul 1 18:18:00 UTC 2015 Modified Files: src/distrib/sets/lists/xcomp: mi Log Message: fix lint sets. To generate a diff of this commit: cvs rdiff -u -r1.168 -r1.169 src/distrib/sets/lists/xcomp/mi Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/xcomp/mi diff -u src/distrib/sets/lists/xcomp/mi:1.168 src/distrib/sets/lists/xcomp/mi:1.169 --- src/distrib/sets/lists/xcomp/mi:1.168 Sat Jun 27 13:07:58 2015 +++ src/distrib/sets/lists/xcomp/mi Wed Jul 1 14:18:00 2015 @@ -1,4 +1,4 @@ -# $NetBSD: mi,v 1.168 2015/06/27 17:07:58 matt Exp $ +# $NetBSD: mi,v 1.169 2015/07/01 18:18:00 christos Exp $ # # Note: don't delete entries from here - mark them as obsolete instead. # @@ -9331,14 +9331,14 @@ ./usr/libdata/lint/llib-lglut.ln -unknown- lint,xorg ./usr/libdata/lint/llib-llbxutil.ln -obsolete- obsolete,xorg ./usr/libdata/lint/llib-llbxutil.ln -unknown- lint,x11 -./usr/libdata/lint/llib-llisp.ln -unknown- lint,xorg -./usr/libdata/lint/llib-lmp.ln-unknown- lint,xorg +./usr/libdata/lint/llib-llisp.ln -obsolete- obsolete +./usr/libdata/lint/llib-lmp.ln-obsolete- obsolete ./usr/libdata/lint/llib-loldX.ln -unknown- lint,x11 ./usr/libdata/lint/llib-lpciaccess.ln -unknown- lint,xorg ./usr/libdata/lint/llib-lpsres.ln -unknown- lint,x11 ./usr/libdata/lint/llib-lpthread-stubs.ln -unknown- lint,xorg ./usr/libdata/lint/llib-lre.ln-unknown- lint,xorg -./usr/libdata/lint/llib-lxcb-composite.ln -unknown- lint,xorg +./usr/libdata/lint/llib-lxcb-composite.ln -obsolete- obsolete ./usr/libdata/lint/llib-lxcb-damage.ln -unknown- lint,xorg ./usr/libdata/lint/llib-lxcb-dpms.ln -unknown- lint,xorg ./usr/libdata/lint/llib-lxcb-dri2.ln -unknown- lint,xorg
CVS commit: src/usr.sbin/postinstall
Module Name:src
Committed By: martin
Date: Wed Jul 1 12:40:07 UTC 2015
Modified Files:
src/usr.sbin/postinstall: postinstall
Log Message:
Clean up the src/etc/mtree directory after using it to generate the mtree
spec file.
XXX this is fishy, we should find a better way.
To generate a diff of this commit:
cvs rdiff -u -r1.193 -r1.194 src/usr.sbin/postinstall/postinstall
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/postinstall/postinstall
diff -u src/usr.sbin/postinstall/postinstall:1.193 src/usr.sbin/postinstall/postinstall:1.194
--- src/usr.sbin/postinstall/postinstall:1.193 Sun Jun 28 09:29:58 2015
+++ src/usr.sbin/postinstall/postinstall Wed Jul 1 12:40:07 2015
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: postinstall,v 1.193 2015/06/28 09:29:58 martin Exp $
+# $NetBSD: postinstall,v 1.194 2015/07/01 12:40:07 martin Exp $
#
# Copyright (c) 2002-2008 The NetBSD Foundation, Inc.
# All rights reserved.
@@ -1180,6 +1180,8 @@ do_mtree()
else
env AWK={$AWK:Q} ${MAKE} -s -C ${SRC_DIR}/etc/mtree emit_dist_file \
${SCRATCHDIR}/NetBSD.dist
+ ${MAKE} -s -C ${SRC_DIR}/etc/mtree clean /dev/null 21
+ ${SCRATCHDIR}/NetBSD.dist
MTREE_DIR=${SCRATCHDIR}
fi
compare_dir $1 ${MTREE_DIR} ${DEST_DIR}/etc/mtree 444 NetBSD.dist
CVS commit: src/usr.sbin/cpuctl/arch
Module Name:src Committed By: msaitoh Date: Wed Jul 1 15:46:26 UTC 2015 Modified Files: src/usr.sbin/cpuctl/arch: i386.c Log Message: Add Xeon E5-4600 v3, Xeon E3-1200 v4 etc. from the latest Intel SDM. To generate a diff of this commit: cvs rdiff -u -r1.66 -r1.67 src/usr.sbin/cpuctl/arch/i386.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/cpuctl/arch/i386.c diff -u src/usr.sbin/cpuctl/arch/i386.c:1.66 src/usr.sbin/cpuctl/arch/i386.c:1.67 --- src/usr.sbin/cpuctl/arch/i386.c:1.66 Fri May 8 07:29:08 2015 +++ src/usr.sbin/cpuctl/arch/i386.c Wed Jul 1 15:46:26 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: i386.c,v 1.66 2015/05/08 07:29:08 msaitoh Exp $ */ +/* $NetBSD: i386.c,v 1.67 2015/07/01 15:46:26 msaitoh Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -57,7 +57,7 @@ #include sys/cdefs.h #ifndef lint -__RCSID($NetBSD: i386.c,v 1.66 2015/05/08 07:29:08 msaitoh Exp $); +__RCSID($NetBSD: i386.c,v 1.67 2015/07/01 15:46:26 msaitoh Exp $); #endif /* not lint */ #include sys/types.h @@ -354,26 +354,26 @@ const struct cpu_cpuid_nameclass i386_cp Ivy Bridge, [0x3c] = 4th gen Core, Xeon E3-12xx v3 (Haswell), -[0x3d] = Core M-5xxx, Future 5th gen Core (Broadwell), +[0x3d] = Core M-5xxx, 5th gen Core (Broadwell), [0x3e] = Xeon E5/E7 v2 (Ivy Bridge-E), Core i7-49xx Extreme, -[0x3f] = Xeon E5-2600/1600 v3 (Haswell-E), +[0x3f] = Xeon E5-4600/2600/1600 v3, Xeon E7 v3 (Haswell-E), Core i7-59xx Extreme, [0x45] = 4th gen Core, Xeon E3-12xx v3 (Haswell), [0x46] = 4th gen Core, Xeon E3-12xx v3 (Haswell), -[0x47] = 5th gen Core (Broadwell), +[0x47] = 5th gen Core, Xeon E3-1200 v4 (Broadwell), [0x4a] = Atom Z3400, [0x4c] = Atom X[57]-Z8000 (Airmont), [0x4d] = Atom C2000, -[0x4e] = Next gen Core (Sky Lake), +[0x4e] = Next gen Core (Skylake), [0x4f] = Future gen Xeon (Broadwell), [0x56] = Next gen Xeon D (Broadwell), [0x57] = Next gen Xeon Phi, [0x5a] = Atom E3500, [0x5d] = Atom X3-C3000 (Silvermont), -[0x5e] = Next gen Core (Sky Lake), +[0x5e] = Next gen Core (Skylake), }, Pentium Pro, II or III, /* Default */ NULL,
CVS commit: src/usr.bin/xlint/lint1
Module Name:src
Committed By: christos
Date: Wed Jul 1 15:34:30 UTC 2015
Modified Files:
src/usr.bin/xlint/lint1: cgram.y
Log Message:
Fix segmentation fault caused by freeing prematurely function parameter types
inside cast expressions.
To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 src/usr.bin/xlint/lint1/cgram.y
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/xlint/lint1/cgram.y
diff -u src/usr.bin/xlint/lint1/cgram.y:1.69 src/usr.bin/xlint/lint1/cgram.y:1.70
--- src/usr.bin/xlint/lint1/cgram.y:1.69 Mon May 11 13:20:06 2015
+++ src/usr.bin/xlint/lint1/cgram.y Wed Jul 1 11:34:30 2015
@@ -1,5 +1,5 @@
%{
-/* $NetBSD: cgram.y,v 1.69 2015/05/11 17:20:06 christos Exp $ */
+/* $NetBSD: cgram.y,v 1.70 2015/07/01 15:34:30 christos Exp $ */
/*
* Copyright (c) 1996 Christopher G. Demetriou. All Rights Reserved.
@@ -35,7 +35,7 @@
#include sys/cdefs.h
#if defined(__RCSID) !defined(lint)
-__RCSID($NetBSD: cgram.y,v 1.69 2015/05/11 17:20:06 christos Exp $);
+__RCSID($NetBSD: cgram.y,v 1.70 2015/07/01 15:34:30 christos Exp $);
#endif
#include stdlib.h
@@ -1921,8 +1921,10 @@ toicon(tnode_t *tn, int required)
/*
* Abstract declarations are used inside expression. To free
* the memory would be a fatal error.
+ * We don't free blocks that are inside casts because these
+ * will be used later to match types.
*/
- if (dcs-d_ctx != ABSTRACT)
+ if (tn-tn_op != CON dcs-d_ctx != ABSTRACT)
tfreeblk();
if ((t = v-v_tspec) == FLOAT || t == DOUBLE || t == LDOUBLE) {
CVS commit: src/tests/usr.bin/xlint/lint1
Module Name:src
Committed By: christos
Date: Wed Jul 1 15:36:44 UTC 2015
Modified Files:
src/tests/usr.bin/xlint/lint1: Makefile
Added Files:
src/tests/usr.bin/xlint/lint1: d_cast_fun_array_param.c
Log Message:
new test.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/tests/usr.bin/xlint/lint1/Makefile
cvs rdiff -u -r0 -r1.1 src/tests/usr.bin/xlint/lint1/d_cast_fun_array_param.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/usr.bin/xlint/lint1/Makefile
diff -u src/tests/usr.bin/xlint/lint1/Makefile:1.7 src/tests/usr.bin/xlint/lint1/Makefile:1.8
--- src/tests/usr.bin/xlint/lint1/Makefile:1.7 Mon May 11 13:21:32 2015
+++ src/tests/usr.bin/xlint/lint1/Makefile Wed Jul 1 11:36:44 2015
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.7 2015/05/11 17:21:32 christos Exp $
+# $NetBSD: Makefile,v 1.8 2015/07/01 15:36:44 christos Exp $
NOMAN= # defined
@@ -27,6 +27,7 @@ FILES+= d_c99_union_init2.c
FILES+= d_c99_union_init3.c
FILES+= d_c9x_array_init.c
FILES+= d_c9x_recursive_init.c
+FILES+= d_cast_fun_array_param.c
FILES+= d_cast_init.c
FILES+= d_cast_init2.c
FILES+= d_cast_lhs.c
Added files:
Index: src/tests/usr.bin/xlint/lint1/d_cast_fun_array_param.c
diff -u /dev/null src/tests/usr.bin/xlint/lint1/d_cast_fun_array_param.c:1.1
--- /dev/null Wed Jul 1 11:36:44 2015
+++ src/tests/usr.bin/xlint/lint1/d_cast_fun_array_param.c Wed Jul 1 11:36:44 2015
@@ -0,0 +1,9 @@
+
+static void f(void *b[4]) {
+ (void)b;
+}
+
+void *
+foo(void *fn) {
+ return fn == 0 ? f : (void (*)(void *[4])) fn;
+}
CVS commit: src/external/mit/xorg/lib/libGLU
Module Name:src Committed By: christos Date: Wed Jul 1 15:38:56 UTC 2015 Modified Files: src/external/mit/xorg/lib/libGLU: Makefile Log Message: remove lint hack. To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/external/mit/xorg/lib/libGLU/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/mit/xorg/lib/libGLU/Makefile diff -u src/external/mit/xorg/lib/libGLU/Makefile:1.16 src/external/mit/xorg/lib/libGLU/Makefile:1.17 --- src/external/mit/xorg/lib/libGLU/Makefile:1.16 Tue Dec 16 01:10:12 2014 +++ src/external/mit/xorg/lib/libGLU/Makefile Wed Jul 1 11:38:56 2015 @@ -1,6 +1,4 @@ -# $NetBSD: Makefile,v 1.16 2014/12/16 06:10:12 mrg Exp $ - -NOLINT= 1 # XTODO: tess.ln SIGSEGVs lint :( +# $NetBSD: Makefile,v 1.17 2015/07/01 15:38:56 christos Exp $ .include bsd.own.mk
CVS commit: src/distrib/sets/lists/tests
Module Name:src Committed By: christos Date: Wed Jul 1 15:37:35 UTC 2015 Modified Files: src/distrib/sets/lists/tests: mi Log Message: new test To generate a diff of this commit: cvs rdiff -u -r1.631 -r1.632 src/distrib/sets/lists/tests/mi Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/tests/mi diff -u src/distrib/sets/lists/tests/mi:1.631 src/distrib/sets/lists/tests/mi:1.632 --- src/distrib/sets/lists/tests/mi:1.631 Wed Jul 1 04:33:31 2015 +++ src/distrib/sets/lists/tests/mi Wed Jul 1 11:37:35 2015 @@ -1,4 +1,4 @@ -# $NetBSD: mi,v 1.631 2015/07/01 08:33:31 ozaki-r Exp $ +# $NetBSD: mi,v 1.632 2015/07/01 15:37:35 christos Exp $ # # Note: don't delete entries from here - mark them as obsolete instead. # @@ -3750,6 +3750,7 @@ ./usr/tests/usr.bin/xlint/lint1/d_c99_union_init3.c tests-usr.bin-tests compattestfile,atf ./usr/tests/usr.bin/xlint/lint1/d_c9x_array_init.c tests-usr.bin-tests compattestfile,atf ./usr/tests/usr.bin/xlint/lint1/d_c9x_recursive_init.c tests-usr.bin-tests compattestfile,atf +./usr/tests/usr.bin/xlint/lint1/d_cast_fun_array_param.c tests-usr.bin-tests compattestfile,atf ./usr/tests/usr.bin/xlint/lint1/d_cast_init.c tests-usr.bin-tests compattestfile,atf ./usr/tests/usr.bin/xlint/lint1/d_cast_init2.c tests-usr.bin-tests compattestfile,atf ./usr/tests/usr.bin/xlint/lint1/d_cast_lhs.c tests-usr.bin-tests compattestfile,atf
CVS commit: [netbsd-5] src/usr.bin/calendar
Module Name:src
Committed By: bouyer
Date: Wed Jul 1 07:18:32 UTC 2015
Modified Files:
src/usr.bin/calendar [netbsd-5]: calendar.c
Log Message:
Pull up following revision(s) (requested by dholland in ticket #1971):
usr.bin/calendar/calendar.c: revision 1.51
Correct privilege handling problems in calendar -a (which runs as root
from /etc/daily); do not exec other programs while the real uid is
still 0.
Also, clear the supplementary groups list up front and call initgroups
when becoming another user, to avoid leaking any extra group
privileges that we might have.
And finally, don't silently ignore errors changing uid and gid; those
are serious if they happen.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.47.4.1 src/usr.bin/calendar/calendar.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/calendar/calendar.c
diff -u src/usr.bin/calendar/calendar.c:1.47 src/usr.bin/calendar/calendar.c:1.47.4.1
--- src/usr.bin/calendar/calendar.c:1.47 Tue Sep 30 05:51:41 2008
+++ src/usr.bin/calendar/calendar.c Wed Jul 1 07:18:32 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: calendar.c,v 1.47 2008/09/30 05:51:41 dholland Exp $ */
+/* $NetBSD: calendar.c,v 1.47.4.1 2015/07/01 07:18:32 bouyer Exp $ */
/*
* Copyright (c) 1989, 1993, 1994
@@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1989, 19
#if 0
static char sccsid[] = @(#)calendar.c 8.4 (Berkeley) 1/7/95;
#endif
-__RCSID($NetBSD: calendar.c,v 1.47 2008/09/30 05:51:41 dholland Exp $);
+__RCSID($NetBSD: calendar.c,v 1.47.4.1 2015/07/01 07:18:32 bouyer Exp $);
#endif /* not lint */
#include sys/param.h
@@ -48,6 +48,7 @@ __RCSID($NetBSD: calendar.c,v 1.47 2008
#include sys/uio.h
#include sys/wait.h
+#include assert.h
#include ctype.h
#include err.h
#include errno.h
@@ -105,6 +106,7 @@ static const char *months[] = {
static void atodays(int, char *, unsigned short *);
static void cal(void);
static void closecal(FILE *);
+static void changeuser(void);
static int getday(char *);
static int getfield(char *, char **, int *);
static void getmmdd(struct tm *, char *);
@@ -164,12 +166,24 @@ main(int argc, char **argv)
* XXX - This ignores the user's CALENDAR_DIR variable.
* Run under user's login shell?
*/
+ if (setgroups(0, NULL) == -1) {
+ err(EXIT_FAILURE, setgroups);
+ }
while ((pw = getpwent()) != NULL) {
- (void)setegid(pw-pw_gid);
- (void)seteuid(pw-pw_uid);
- if (chdir(pw-pw_dir) != -1)
+ if (setegid(pw-pw_gid) == -1) {
+warn(%s: setegid, pw-pw_name);
+continue;
+ }
+ if (seteuid(pw-pw_uid) == -1) {
+warn(%s: seteuid, pw-pw_name);
+continue;
+ }
+ if (chdir(pw-pw_dir) != -1) {
cal();
- (void)seteuid(0);
+ }
+ if (seteuid(0) == -1) {
+warn(%s: seteuid back to 0, pw-pw_name);
+ }
}
} else if ((caldir = getenv(CALENDAR_DIR)) != NULL) {
if (chdir(caldir) != -1)
@@ -405,6 +419,10 @@ opencal(void)
(void)close(pdes[1]);
}
(void)close(pdes[0]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
/* tell CPP to only open regular files */
if(!cpp_restricted setenv(CPP_RESTRICTED, , 1) == -1)
err(EXIT_FAILURE, Cannot restrict cpp);
@@ -469,6 +487,10 @@ closecal(FILE *fp)
(void)close(pdes[0]);
}
(void)close(pdes[1]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
(void)execl(_PATH_SENDMAIL, sendmail, -i, -t, -F,
\Reminder Service\, -f, root, NULL);
err(EXIT_FAILURE, Cannot exec `%s', _PATH_SENDMAIL);
@@ -492,6 +514,34 @@ done: (void)fclose(fp);
continue;
}
+static void
+changeuser(void)
+{
+ uid_t uid;
+ gid_t gid;
+
+ uid = geteuid();
+ gid = getegid();
+ assert(uid == pw-pw_uid);
+ assert(gid == pw-pw_gid);
+
+ if (seteuid(0) == -1) {
+ err(EXIT_FAILURE, %s: changing user: cannot reassert uid 0,
+ pw-pw_name);
+ }
+ if (setgid(gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume gid %d,
+ pw-pw_name, (int)gid);
+ }
+ if (initgroups(pw-pw_name, gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot initgroups, pw-pw_name);
+ }
+ if (setuid(uid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume uid %d,
+ pw-pw_name, (int)uid);
+ }
+}
+
static int
getmonth(char *s)
{
CVS commit: [netbsd-5-1] src/usr.bin/calendar
Module Name:src
Committed By: bouyer
Date: Wed Jul 1 07:18:37 UTC 2015
Modified Files:
src/usr.bin/calendar [netbsd-5-1]: calendar.c
Log Message:
Pull up following revision(s) (requested by dholland in ticket #1971):
usr.bin/calendar/calendar.c: revision 1.51
Correct privilege handling problems in calendar -a (which runs as root
from /etc/daily); do not exec other programs while the real uid is
still 0.
Also, clear the supplementary groups list up front and call initgroups
when becoming another user, to avoid leaking any extra group
privileges that we might have.
And finally, don't silently ignore errors changing uid and gid; those
are serious if they happen.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.47.12.1 src/usr.bin/calendar/calendar.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/calendar/calendar.c
diff -u src/usr.bin/calendar/calendar.c:1.47 src/usr.bin/calendar/calendar.c:1.47.12.1
--- src/usr.bin/calendar/calendar.c:1.47 Tue Sep 30 05:51:41 2008
+++ src/usr.bin/calendar/calendar.c Wed Jul 1 07:18:37 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: calendar.c,v 1.47 2008/09/30 05:51:41 dholland Exp $ */
+/* $NetBSD: calendar.c,v 1.47.12.1 2015/07/01 07:18:37 bouyer Exp $ */
/*
* Copyright (c) 1989, 1993, 1994
@@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1989, 19
#if 0
static char sccsid[] = @(#)calendar.c 8.4 (Berkeley) 1/7/95;
#endif
-__RCSID($NetBSD: calendar.c,v 1.47 2008/09/30 05:51:41 dholland Exp $);
+__RCSID($NetBSD: calendar.c,v 1.47.12.1 2015/07/01 07:18:37 bouyer Exp $);
#endif /* not lint */
#include sys/param.h
@@ -48,6 +48,7 @@ __RCSID($NetBSD: calendar.c,v 1.47 2008
#include sys/uio.h
#include sys/wait.h
+#include assert.h
#include ctype.h
#include err.h
#include errno.h
@@ -105,6 +106,7 @@ static const char *months[] = {
static void atodays(int, char *, unsigned short *);
static void cal(void);
static void closecal(FILE *);
+static void changeuser(void);
static int getday(char *);
static int getfield(char *, char **, int *);
static void getmmdd(struct tm *, char *);
@@ -164,12 +166,24 @@ main(int argc, char **argv)
* XXX - This ignores the user's CALENDAR_DIR variable.
* Run under user's login shell?
*/
+ if (setgroups(0, NULL) == -1) {
+ err(EXIT_FAILURE, setgroups);
+ }
while ((pw = getpwent()) != NULL) {
- (void)setegid(pw-pw_gid);
- (void)seteuid(pw-pw_uid);
- if (chdir(pw-pw_dir) != -1)
+ if (setegid(pw-pw_gid) == -1) {
+warn(%s: setegid, pw-pw_name);
+continue;
+ }
+ if (seteuid(pw-pw_uid) == -1) {
+warn(%s: seteuid, pw-pw_name);
+continue;
+ }
+ if (chdir(pw-pw_dir) != -1) {
cal();
- (void)seteuid(0);
+ }
+ if (seteuid(0) == -1) {
+warn(%s: seteuid back to 0, pw-pw_name);
+ }
}
} else if ((caldir = getenv(CALENDAR_DIR)) != NULL) {
if (chdir(caldir) != -1)
@@ -405,6 +419,10 @@ opencal(void)
(void)close(pdes[1]);
}
(void)close(pdes[0]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
/* tell CPP to only open regular files */
if(!cpp_restricted setenv(CPP_RESTRICTED, , 1) == -1)
err(EXIT_FAILURE, Cannot restrict cpp);
@@ -469,6 +487,10 @@ closecal(FILE *fp)
(void)close(pdes[0]);
}
(void)close(pdes[1]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
(void)execl(_PATH_SENDMAIL, sendmail, -i, -t, -F,
\Reminder Service\, -f, root, NULL);
err(EXIT_FAILURE, Cannot exec `%s', _PATH_SENDMAIL);
@@ -492,6 +514,34 @@ done: (void)fclose(fp);
continue;
}
+static void
+changeuser(void)
+{
+ uid_t uid;
+ gid_t gid;
+
+ uid = geteuid();
+ gid = getegid();
+ assert(uid == pw-pw_uid);
+ assert(gid == pw-pw_gid);
+
+ if (seteuid(0) == -1) {
+ err(EXIT_FAILURE, %s: changing user: cannot reassert uid 0,
+ pw-pw_name);
+ }
+ if (setgid(gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume gid %d,
+ pw-pw_name, (int)gid);
+ }
+ if (initgroups(pw-pw_name, gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot initgroups, pw-pw_name);
+ }
+ if (setuid(uid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume uid %d,
+ pw-pw_name, (int)uid);
+ }
+}
+
static int
getmonth(char *s)
{
CVS commit: [netbsd-6-1] src/usr.bin/calendar
Module Name:src
Committed By: bouyer
Date: Wed Jul 1 07:22:48 UTC 2015
Modified Files:
src/usr.bin/calendar [netbsd-6-1]: calendar.c
Log Message:
Pull up following revision(s) (requested by dholland in ticket #1309):
usr.bin/calendar/calendar.c: revision 1.51
Correct privilege handling problems in calendar -a (which runs as root
from /etc/daily); do not exec other programs while the real uid is
still 0.
Also, clear the supplementary groups list up front and call initgroups
when becoming another user, to avoid leaking any extra group
privileges that we might have.
And finally, don't silently ignore errors changing uid and gid; those
are serious if they happen.
To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.48.14.1 src/usr.bin/calendar/calendar.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/calendar/calendar.c
diff -u src/usr.bin/calendar/calendar.c:1.48 src/usr.bin/calendar/calendar.c:1.48.14.1
--- src/usr.bin/calendar/calendar.c:1.48 Tue Dec 8 13:49:08 2009
+++ src/usr.bin/calendar/calendar.c Wed Jul 1 07:22:48 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: calendar.c,v 1.48 2009/12/08 13:49:08 wiz Exp $ */
+/* $NetBSD: calendar.c,v 1.48.14.1 2015/07/01 07:22:48 bouyer Exp $ */
/*
* Copyright (c) 1989, 1993, 1994
@@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1989, 19
#if 0
static char sccsid[] = @(#)calendar.c 8.4 (Berkeley) 1/7/95;
#endif
-__RCSID($NetBSD: calendar.c,v 1.48 2009/12/08 13:49:08 wiz Exp $);
+__RCSID($NetBSD: calendar.c,v 1.48.14.1 2015/07/01 07:22:48 bouyer Exp $);
#endif /* not lint */
#include sys/param.h
@@ -48,6 +48,7 @@ __RCSID($NetBSD: calendar.c,v 1.48 2009
#include sys/uio.h
#include sys/wait.h
+#include assert.h
#include ctype.h
#include err.h
#include errno.h
@@ -112,6 +113,7 @@ static const char *months[] = {
static void atodays(int, char *, unsigned short *);
static void cal(void);
static void closecal(FILE *);
+static void changeuser(void);
static int getday(char *);
static int getfield(char *, char **, int *);
static void getmmdd(struct tm *, char *);
@@ -171,12 +173,24 @@ main(int argc, char **argv)
* XXX - This ignores the user's CALENDAR_DIR variable.
* Run under user's login shell?
*/
+ if (setgroups(0, NULL) == -1) {
+ err(EXIT_FAILURE, setgroups);
+ }
while ((pw = getpwent()) != NULL) {
- (void)setegid(pw-pw_gid);
- (void)seteuid(pw-pw_uid);
- if (chdir(pw-pw_dir) != -1)
+ if (setegid(pw-pw_gid) == -1) {
+warn(%s: setegid, pw-pw_name);
+continue;
+ }
+ if (seteuid(pw-pw_uid) == -1) {
+warn(%s: seteuid, pw-pw_name);
+continue;
+ }
+ if (chdir(pw-pw_dir) != -1) {
cal();
- (void)seteuid(0);
+ }
+ if (seteuid(0) == -1) {
+warn(%s: seteuid back to 0, pw-pw_name);
+ }
}
} else if ((caldir = getenv(CALENDAR_DIR)) != NULL) {
if (chdir(caldir) != -1)
@@ -424,6 +438,10 @@ opencal(void)
(void)close(pdes[1]);
}
(void)close(pdes[0]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
/* tell CPP to only open regular files */
if(!cpp_restricted setenv(CPP_RESTRICTED, , 1) == -1)
err(EXIT_FAILURE, Cannot restrict cpp);
@@ -488,6 +506,10 @@ closecal(FILE *fp)
(void)close(pdes[0]);
}
(void)close(pdes[1]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
(void)execl(_PATH_SENDMAIL, sendmail, -i, -t, -F,
\Reminder Service\, -f, root, NULL);
err(EXIT_FAILURE, Cannot exec `%s', _PATH_SENDMAIL);
@@ -511,6 +533,34 @@ done: (void)fclose(fp);
continue;
}
+static void
+changeuser(void)
+{
+ uid_t uid;
+ gid_t gid;
+
+ uid = geteuid();
+ gid = getegid();
+ assert(uid == pw-pw_uid);
+ assert(gid == pw-pw_gid);
+
+ if (seteuid(0) == -1) {
+ err(EXIT_FAILURE, %s: changing user: cannot reassert uid 0,
+ pw-pw_name);
+ }
+ if (setgid(gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume gid %d,
+ pw-pw_name, (int)gid);
+ }
+ if (initgroups(pw-pw_name, gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot initgroups, pw-pw_name);
+ }
+ if (setuid(uid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume uid %d,
+ pw-pw_name, (int)uid);
+ }
+}
+
static int
getmonth(char *s)
{
CVS commit: [netbsd-6-1] src/doc
Module Name:src Committed By: bouyer Date: Wed Jul 1 07:24:30 UTC 2015 Modified Files: src/doc [netbsd-6-1]: CHANGES-6.1.6 Log Message: ticket 1309 To generate a diff of this commit: cvs rdiff -u -r1.1.2.42 -r1.1.2.43 src/doc/CHANGES-6.1.6 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.1.6 diff -u src/doc/CHANGES-6.1.6:1.1.2.42 src/doc/CHANGES-6.1.6:1.1.2.43 --- src/doc/CHANGES-6.1.6:1.1.2.42 Wed May 27 05:57:00 2015 +++ src/doc/CHANGES-6.1.6 Wed Jul 1 07:24:30 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.1.6,v 1.1.2.42 2015/05/27 05:57:00 msaitoh Exp $ +# $NetBSD: CHANGES-6.1.6,v 1.1.2.43 2015/07/01 07:24:30 bouyer Exp $ A complete list of changes from the NetBSD 6.1.5 release to the NetBSD 6.1.6 release: @@ -5718,3 +5718,17 @@ sys/arch/xen/xen/xenevt.c 1.42 Fix off by one error, pointed out by Wei Liu in port-xen/49919. [bouyer, ticket #1299] +usr.bin/calendar/calendar.c 1.51 + + Correct privilege handling problems in calendar -a (which runs as root + from /etc/daily); do not exec other programs while the real uid is + still 0. + + Also, clear the supplementary groups list up front and call initgroups + when becoming another user, to avoid leaking any extra group + privileges that we might have. + + And finally, don't silently ignore errors changing uid and gid; those + are serious if they happen. + [dholland, ticket #1309] +
CVS commit: [netbsd-7] src/usr.bin/calendar
Module Name:src
Committed By: bouyer
Date: Wed Jul 1 07:26:42 UTC 2015
Modified Files:
src/usr.bin/calendar [netbsd-7]: calendar.c
Log Message:
Pull up following revision(s) (requested by dholland in ticket #860):
usr.bin/calendar/calendar.c: revision 1.51
Correct privilege handling problems in calendar -a (which runs as root
from /etc/daily); do not exec other programs while the real uid is
still 0.
Also, clear the supplementary groups list up front and call initgroups
when becoming another user, to avoid leaking any extra group
privileges that we might have.
And finally, don't silently ignore errors changing uid and gid; those
are serious if they happen.
To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.50.4.1 src/usr.bin/calendar/calendar.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/calendar/calendar.c
diff -u src/usr.bin/calendar/calendar.c:1.50 src/usr.bin/calendar/calendar.c:1.50.4.1
--- src/usr.bin/calendar/calendar.c:1.50 Sat Nov 9 15:57:15 2013
+++ src/usr.bin/calendar/calendar.c Wed Jul 1 07:26:42 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: calendar.c,v 1.50 2013/11/09 15:57:15 christos Exp $ */
+/* $NetBSD: calendar.c,v 1.50.4.1 2015/07/01 07:26:42 bouyer Exp $ */
/*
* Copyright (c) 1989, 1993, 1994
@@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1989, 19
#if 0
static char sccsid[] = @(#)calendar.c 8.4 (Berkeley) 1/7/95;
#endif
-__RCSID($NetBSD: calendar.c,v 1.50 2013/11/09 15:57:15 christos Exp $);
+__RCSID($NetBSD: calendar.c,v 1.50.4.1 2015/07/01 07:26:42 bouyer Exp $);
#endif /* not lint */
#include sys/param.h
@@ -48,6 +48,7 @@ __RCSID($NetBSD: calendar.c,v 1.50 2013
#include sys/uio.h
#include sys/wait.h
+#include assert.h
#include ctype.h
#include err.h
#include errno.h
@@ -112,6 +113,7 @@ static const char *months[] = {
static void atodays(int, char *, unsigned short *);
static void cal(void);
static void closecal(FILE *);
+static void changeuser(void);
static int getday(char *);
static int getfield(char *, char **, int *);
static void getmmdd(struct tm *, char *);
@@ -171,12 +173,24 @@ main(int argc, char **argv)
* XXX - This ignores the user's CALENDAR_DIR variable.
* Run under user's login shell?
*/
+ if (setgroups(0, NULL) == -1) {
+ err(EXIT_FAILURE, setgroups);
+ }
while ((pw = getpwent()) != NULL) {
- (void)setegid(pw-pw_gid);
- (void)seteuid(pw-pw_uid);
- if (chdir(pw-pw_dir) != -1)
+ if (setegid(pw-pw_gid) == -1) {
+warn(%s: setegid, pw-pw_name);
+continue;
+ }
+ if (seteuid(pw-pw_uid) == -1) {
+warn(%s: seteuid, pw-pw_name);
+continue;
+ }
+ if (chdir(pw-pw_dir) != -1) {
cal();
- (void)seteuid(0);
+ }
+ if (seteuid(0) == -1) {
+warn(%s: seteuid back to 0, pw-pw_name);
+ }
}
} else if ((caldir = getenv(CALENDAR_DIR)) != NULL) {
if (chdir(caldir) != -1)
@@ -429,6 +443,10 @@ opencal(FILE **in)
(void)close(pdes[1]);
}
(void)close(pdes[0]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
/* tell CPP to only open regular files */
if(!cpp_restricted setenv(CPP_RESTRICTED, , 1) == -1)
err(EXIT_FAILURE, Cannot restrict cpp);
@@ -495,6 +513,10 @@ closecal(FILE *fp)
(void)close(pdes[0]);
}
(void)close(pdes[1]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
(void)execl(_PATH_SENDMAIL, sendmail, -i, -t, -F,
\Reminder Service\, -f, root, NULL);
err(EXIT_FAILURE, Cannot exec `%s', _PATH_SENDMAIL);
@@ -518,6 +540,34 @@ done: (void)fclose(fp);
continue;
}
+static void
+changeuser(void)
+{
+ uid_t uid;
+ gid_t gid;
+
+ uid = geteuid();
+ gid = getegid();
+ assert(uid == pw-pw_uid);
+ assert(gid == pw-pw_gid);
+
+ if (seteuid(0) == -1) {
+ err(EXIT_FAILURE, %s: changing user: cannot reassert uid 0,
+ pw-pw_name);
+ }
+ if (setgid(gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume gid %d,
+ pw-pw_name, (int)gid);
+ }
+ if (initgroups(pw-pw_name, gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot initgroups, pw-pw_name);
+ }
+ if (setuid(uid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume uid %d,
+ pw-pw_name, (int)uid);
+ }
+}
+
static int
getmonth(char *s)
{
CVS commit: [netbsd-7] src/usr.bin/calendar
Module Name:src
Committed By: bouyer
Date: Wed Jul 1 07:30:15 UTC 2015
Modified Files:
src/usr.bin/calendar [netbsd-7]: calendar.c
Log Message:
Pull up following revision(s) (requested by dholland in ticket #861):
usr.bin/calendar/calendar.c: revision 1.52
Repair accidental regression in -r1.49: for -a mode, don't allow
calendars to be other than regular files unless the -x option is in
effect.
(If not in -a mode, we're running purely as the user whose calendar it
is and if they want to DoS themselves with named pipes it's their own
lookout.)
To generate a diff of this commit:
cvs rdiff -u -r1.50.4.1 -r1.50.4.2 src/usr.bin/calendar/calendar.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/calendar/calendar.c
diff -u src/usr.bin/calendar/calendar.c:1.50.4.1 src/usr.bin/calendar/calendar.c:1.50.4.2
--- src/usr.bin/calendar/calendar.c:1.50.4.1 Wed Jul 1 07:26:42 2015
+++ src/usr.bin/calendar/calendar.c Wed Jul 1 07:30:15 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: calendar.c,v 1.50.4.1 2015/07/01 07:26:42 bouyer Exp $ */
+/* $NetBSD: calendar.c,v 1.50.4.2 2015/07/01 07:30:15 bouyer Exp $ */
/*
* Copyright (c) 1989, 1993, 1994
@@ -39,10 +39,11 @@ __COPYRIGHT(@(#) Copyright (c) 1989, 19
#if 0
static char sccsid[] = @(#)calendar.c 8.4 (Berkeley) 1/7/95;
#endif
-__RCSID($NetBSD: calendar.c,v 1.50.4.1 2015/07/01 07:26:42 bouyer Exp $);
+__RCSID($NetBSD: calendar.c,v 1.50.4.2 2015/07/01 07:30:15 bouyer Exp $);
#endif /* not lint */
#include sys/param.h
+#include sys/ioctl.h
#include sys/time.h
#include sys/stat.h
#include sys/uio.h
@@ -120,6 +121,7 @@ static void getmmdd(struct tm *, char *
static int getmonth(char *);
static bool isnow(char *);
static FILE *opencal(FILE **);
+static int tryopen(const char *, int);
static void settime(void);
static void usage(void) __dead;
@@ -403,7 +405,7 @@ opencal(FILE **in)
/* open up calendar file as stdin */
if (fname == NULL) {
for (const char **name = defaultnames; *name != NULL; name++) {
- if ((fd = open(*name, O_RDONLY)) == -1)
+ if ((fd = tryopen(*name, O_RDONLY)) == -1)
continue;
else
break;
@@ -413,7 +415,7 @@ opencal(FILE **in)
return NULL;
err(EXIT_FAILURE, Cannot open calendar file);
}
- } else if ((fd = open(fname, O_RDONLY)) == -1) {
+ } else if ((fd = tryopen(fname, O_RDONLY)) == -1) {
if (doall)
return NULL;
err(EXIT_FAILURE, Cannot open `%s', fname);
@@ -482,6 +484,74 @@ opencal(FILE **in)
/*NOTREACHED*/
}
+static int
+tryopen(const char *pathname, int flags)
+{
+ int fd, serrno, zero;
+ struct stat st;
+
+ /*
+ * XXX: cpp_restricted has inverted sense; it is false by default,
+ * and -x sets it to true. CPP_RESTRICTED is set in the environment
+ * if cpp_restricted is false... go figure. This should be fixed
+ * later.
+ */
+ if (doall cpp_restricted == false) {
+ /*
+ * We are running with the user's euid, so they can't
+ * cause any mayhem (e.g. opening rewinding tape
+ * devices) that they couldn't do easily enough on
+ * their own. All we really need to worry about is opens
+ * that hang, because that would DoS the calendar run.
+ */
+ fd = open(pathname, flags | O_NONBLOCK);
+ if (fd == -1) {
+ return -1;
+ }
+ if (fstat(fd, st) == -1) {
+ serrno = errno;
+ close(fd);
+ errno = serrno;
+ return -1;
+ }
+ if (S_ISCHR(st.st_mode) ||
+ S_ISBLK(st.st_mode) ||
+ S_ISFIFO(st.st_mode)) {
+ close(fd);
+
+ /* Call shenanigans in the daily output */
+ errno = EPERM;
+ warn(%s: %s, pw-pw_name, pathname);
+
+ errno = EPERM;
+ return -1;
+ }
+ if (S_ISDIR(st.st_mode)) {
+ /* Don't warn about this */
+ close(fd);
+ errno = EISDIR;
+ return -1;
+ }
+ if (!S_ISREG(st.st_mode)) {
+ /* There shouldn't be other cases to go here */
+ close(fd);
+ errno = EINVAL;
+ return -1;
+ }
+ zero = 0;
+ if (ioctl(fd, FIONBIO, zero) == -1) {
+ serrno = errno;
+ warn(%s: %s: FIONBIO, pw-pw_name, pathname);
+ close(fd);
+ errno = serrno;
+ return -1;
+ }
+ return fd;
+ } else {
+ return open(pathname, flags);
+ }
+}
+
static void
closecal(FILE *fp)
{
CVS commit: [netbsd-5-2] src/usr.bin/calendar
Module Name:src
Committed By: bouyer
Date: Wed Jul 1 07:18:42 UTC 2015
Modified Files:
src/usr.bin/calendar [netbsd-5-2]: calendar.c
Log Message:
Pull up following revision(s) (requested by dholland in ticket #1971):
usr.bin/calendar/calendar.c: revision 1.51
Correct privilege handling problems in calendar -a (which runs as root
from /etc/daily); do not exec other programs while the real uid is
still 0.
Also, clear the supplementary groups list up front and call initgroups
when becoming another user, to avoid leaking any extra group
privileges that we might have.
And finally, don't silently ignore errors changing uid and gid; those
are serious if they happen.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.47.2.1 src/usr.bin/calendar/calendar.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/calendar/calendar.c
diff -u src/usr.bin/calendar/calendar.c:1.47 src/usr.bin/calendar/calendar.c:1.47.2.1
--- src/usr.bin/calendar/calendar.c:1.47 Tue Sep 30 05:51:41 2008
+++ src/usr.bin/calendar/calendar.c Wed Jul 1 07:18:42 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: calendar.c,v 1.47 2008/09/30 05:51:41 dholland Exp $ */
+/* $NetBSD: calendar.c,v 1.47.2.1 2015/07/01 07:18:42 bouyer Exp $ */
/*
* Copyright (c) 1989, 1993, 1994
@@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1989, 19
#if 0
static char sccsid[] = @(#)calendar.c 8.4 (Berkeley) 1/7/95;
#endif
-__RCSID($NetBSD: calendar.c,v 1.47 2008/09/30 05:51:41 dholland Exp $);
+__RCSID($NetBSD: calendar.c,v 1.47.2.1 2015/07/01 07:18:42 bouyer Exp $);
#endif /* not lint */
#include sys/param.h
@@ -48,6 +48,7 @@ __RCSID($NetBSD: calendar.c,v 1.47 2008
#include sys/uio.h
#include sys/wait.h
+#include assert.h
#include ctype.h
#include err.h
#include errno.h
@@ -105,6 +106,7 @@ static const char *months[] = {
static void atodays(int, char *, unsigned short *);
static void cal(void);
static void closecal(FILE *);
+static void changeuser(void);
static int getday(char *);
static int getfield(char *, char **, int *);
static void getmmdd(struct tm *, char *);
@@ -164,12 +166,24 @@ main(int argc, char **argv)
* XXX - This ignores the user's CALENDAR_DIR variable.
* Run under user's login shell?
*/
+ if (setgroups(0, NULL) == -1) {
+ err(EXIT_FAILURE, setgroups);
+ }
while ((pw = getpwent()) != NULL) {
- (void)setegid(pw-pw_gid);
- (void)seteuid(pw-pw_uid);
- if (chdir(pw-pw_dir) != -1)
+ if (setegid(pw-pw_gid) == -1) {
+warn(%s: setegid, pw-pw_name);
+continue;
+ }
+ if (seteuid(pw-pw_uid) == -1) {
+warn(%s: seteuid, pw-pw_name);
+continue;
+ }
+ if (chdir(pw-pw_dir) != -1) {
cal();
- (void)seteuid(0);
+ }
+ if (seteuid(0) == -1) {
+warn(%s: seteuid back to 0, pw-pw_name);
+ }
}
} else if ((caldir = getenv(CALENDAR_DIR)) != NULL) {
if (chdir(caldir) != -1)
@@ -405,6 +419,10 @@ opencal(void)
(void)close(pdes[1]);
}
(void)close(pdes[0]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
/* tell CPP to only open regular files */
if(!cpp_restricted setenv(CPP_RESTRICTED, , 1) == -1)
err(EXIT_FAILURE, Cannot restrict cpp);
@@ -469,6 +487,10 @@ closecal(FILE *fp)
(void)close(pdes[0]);
}
(void)close(pdes[1]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
(void)execl(_PATH_SENDMAIL, sendmail, -i, -t, -F,
\Reminder Service\, -f, root, NULL);
err(EXIT_FAILURE, Cannot exec `%s', _PATH_SENDMAIL);
@@ -492,6 +514,34 @@ done: (void)fclose(fp);
continue;
}
+static void
+changeuser(void)
+{
+ uid_t uid;
+ gid_t gid;
+
+ uid = geteuid();
+ gid = getegid();
+ assert(uid == pw-pw_uid);
+ assert(gid == pw-pw_gid);
+
+ if (seteuid(0) == -1) {
+ err(EXIT_FAILURE, %s: changing user: cannot reassert uid 0,
+ pw-pw_name);
+ }
+ if (setgid(gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume gid %d,
+ pw-pw_name, (int)gid);
+ }
+ if (initgroups(pw-pw_name, gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot initgroups, pw-pw_name);
+ }
+ if (setuid(uid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume uid %d,
+ pw-pw_name, (int)uid);
+ }
+}
+
static int
getmonth(char *s)
{
CVS commit: [netbsd-5] src/doc
Module Name:src Committed By: bouyer Date: Wed Jul 1 07:19:25 UTC 2015 Modified Files: src/doc [netbsd-5]: CHANGES-5.3 Log Message: ticket 1971 To generate a diff of this commit: cvs rdiff -u -r1.1.2.120 -r1.1.2.121 src/doc/CHANGES-5.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.3 diff -u src/doc/CHANGES-5.3:1.1.2.120 src/doc/CHANGES-5.3:1.1.2.121 --- src/doc/CHANGES-5.3:1.1.2.120 Thu Jun 4 09:02:21 2015 +++ src/doc/CHANGES-5.3 Wed Jul 1 07:19:25 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.3,v 1.1.2.120 2015/06/04 09:02:21 martin Exp $ +# $NetBSD: CHANGES-5.3,v 1.1.2.121 2015/07/01 07:19:25 bouyer Exp $ A complete list of changes from the NetBSD 5.2 release to the NetBSD 5.3 release: @@ -3922,3 +3922,17 @@ sys/arch/x86/x86/intel_busclock.c 1.10, to access MSRs safely. [sborrill, ticket #1963] +usr.bin/calendar/calendar.c 1.51 + + Correct privilege handling problems in calendar -a (which runs as root + from /etc/daily); do not exec other programs while the real uid is + still 0. + + Also, clear the supplementary groups list up front and call initgroups + when becoming another user, to avoid leaking any extra group + privileges that we might have. + + And finally, don't silently ignore errors changing uid and gid; those + are serious if they happen. + [dholland, ticket #1971] +
CVS commit: [netbsd-5-1] src/doc
Module Name:src Committed By: bouyer Date: Wed Jul 1 07:19:29 UTC 2015 Modified Files: src/doc [netbsd-5-1]: CHANGES-5.1.6 Log Message: ticket 1971 To generate a diff of this commit: cvs rdiff -u -r1.1.2.31 -r1.1.2.32 src/doc/CHANGES-5.1.6 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.1.6 diff -u src/doc/CHANGES-5.1.6:1.1.2.31 src/doc/CHANGES-5.1.6:1.1.2.32 --- src/doc/CHANGES-5.1.6:1.1.2.31 Thu Jun 4 09:07:28 2015 +++ src/doc/CHANGES-5.1.6 Wed Jul 1 07:19:29 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.1.6,v 1.1.2.31 2015/06/04 09:07:28 martin Exp $ +# $NetBSD: CHANGES-5.1.6,v 1.1.2.32 2015/07/01 07:19:29 bouyer Exp $ A complete list of changes from the NetBSD 5.1.5 release to the NetBSD 5.1.6 release: @@ -2633,3 +2633,17 @@ sys/arch/x86/x86/intel_busclock.c 1.10, [sborrill, ticket #1963] +usr.bin/calendar/calendar.c 1.51 + + Correct privilege handling problems in calendar -a (which runs as root + from /etc/daily); do not exec other programs while the real uid is + still 0. + + Also, clear the supplementary groups list up front and call initgroups + when becoming another user, to avoid leaking any extra group + privileges that we might have. + + And finally, don't silently ignore errors changing uid and gid; those + are serious if they happen. + [dholland, ticket #1971] +
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: bouyer Date: Wed Jul 1 07:19:30 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: ticket 1971 To generate a diff of this commit: cvs rdiff -u -r1.1.2.32 -r1.1.2.33 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.32 src/doc/CHANGES-5.2.4:1.1.2.33 --- src/doc/CHANGES-5.2.4:1.1.2.32 Thu Jun 4 09:05:29 2015 +++ src/doc/CHANGES-5.2.4 Wed Jul 1 07:19:30 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.32 2015/06/04 09:05:29 martin Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.33 2015/07/01 07:19:30 bouyer Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2633,3 +2633,17 @@ sys/arch/x86/x86/intel_busclock.c 1.10, [sborrill, ticket #1963] +usr.bin/calendar/calendar.c 1.51 + + Correct privilege handling problems in calendar -a (which runs as root + from /etc/daily); do not exec other programs while the real uid is + still 0. + + Also, clear the supplementary groups list up front and call initgroups + when becoming another user, to avoid leaking any extra group + privileges that we might have. + + And finally, don't silently ignore errors changing uid and gid; those + are serious if they happen. + [dholland, ticket #1971] +
CVS commit: [netbsd-6-0] src/usr.bin/calendar
Module Name:src
Committed By: bouyer
Date: Wed Jul 1 07:22:52 UTC 2015
Modified Files:
src/usr.bin/calendar [netbsd-6-0]: calendar.c
Log Message:
Pull up following revision(s) (requested by dholland in ticket #1309):
usr.bin/calendar/calendar.c: revision 1.51
Correct privilege handling problems in calendar -a (which runs as root
from /etc/daily); do not exec other programs while the real uid is
still 0.
Also, clear the supplementary groups list up front and call initgroups
when becoming another user, to avoid leaking any extra group
privileges that we might have.
And finally, don't silently ignore errors changing uid and gid; those
are serious if they happen.
To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.48.12.1 src/usr.bin/calendar/calendar.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/calendar/calendar.c
diff -u src/usr.bin/calendar/calendar.c:1.48 src/usr.bin/calendar/calendar.c:1.48.12.1
--- src/usr.bin/calendar/calendar.c:1.48 Tue Dec 8 13:49:08 2009
+++ src/usr.bin/calendar/calendar.c Wed Jul 1 07:22:52 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: calendar.c,v 1.48 2009/12/08 13:49:08 wiz Exp $ */
+/* $NetBSD: calendar.c,v 1.48.12.1 2015/07/01 07:22:52 bouyer Exp $ */
/*
* Copyright (c) 1989, 1993, 1994
@@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1989, 19
#if 0
static char sccsid[] = @(#)calendar.c 8.4 (Berkeley) 1/7/95;
#endif
-__RCSID($NetBSD: calendar.c,v 1.48 2009/12/08 13:49:08 wiz Exp $);
+__RCSID($NetBSD: calendar.c,v 1.48.12.1 2015/07/01 07:22:52 bouyer Exp $);
#endif /* not lint */
#include sys/param.h
@@ -48,6 +48,7 @@ __RCSID($NetBSD: calendar.c,v 1.48 2009
#include sys/uio.h
#include sys/wait.h
+#include assert.h
#include ctype.h
#include err.h
#include errno.h
@@ -112,6 +113,7 @@ static const char *months[] = {
static void atodays(int, char *, unsigned short *);
static void cal(void);
static void closecal(FILE *);
+static void changeuser(void);
static int getday(char *);
static int getfield(char *, char **, int *);
static void getmmdd(struct tm *, char *);
@@ -171,12 +173,24 @@ main(int argc, char **argv)
* XXX - This ignores the user's CALENDAR_DIR variable.
* Run under user's login shell?
*/
+ if (setgroups(0, NULL) == -1) {
+ err(EXIT_FAILURE, setgroups);
+ }
while ((pw = getpwent()) != NULL) {
- (void)setegid(pw-pw_gid);
- (void)seteuid(pw-pw_uid);
- if (chdir(pw-pw_dir) != -1)
+ if (setegid(pw-pw_gid) == -1) {
+warn(%s: setegid, pw-pw_name);
+continue;
+ }
+ if (seteuid(pw-pw_uid) == -1) {
+warn(%s: seteuid, pw-pw_name);
+continue;
+ }
+ if (chdir(pw-pw_dir) != -1) {
cal();
- (void)seteuid(0);
+ }
+ if (seteuid(0) == -1) {
+warn(%s: seteuid back to 0, pw-pw_name);
+ }
}
} else if ((caldir = getenv(CALENDAR_DIR)) != NULL) {
if (chdir(caldir) != -1)
@@ -424,6 +438,10 @@ opencal(void)
(void)close(pdes[1]);
}
(void)close(pdes[0]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
/* tell CPP to only open regular files */
if(!cpp_restricted setenv(CPP_RESTRICTED, , 1) == -1)
err(EXIT_FAILURE, Cannot restrict cpp);
@@ -488,6 +506,10 @@ closecal(FILE *fp)
(void)close(pdes[0]);
}
(void)close(pdes[1]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
(void)execl(_PATH_SENDMAIL, sendmail, -i, -t, -F,
\Reminder Service\, -f, root, NULL);
err(EXIT_FAILURE, Cannot exec `%s', _PATH_SENDMAIL);
@@ -511,6 +533,34 @@ done: (void)fclose(fp);
continue;
}
+static void
+changeuser(void)
+{
+ uid_t uid;
+ gid_t gid;
+
+ uid = geteuid();
+ gid = getegid();
+ assert(uid == pw-pw_uid);
+ assert(gid == pw-pw_gid);
+
+ if (seteuid(0) == -1) {
+ err(EXIT_FAILURE, %s: changing user: cannot reassert uid 0,
+ pw-pw_name);
+ }
+ if (setgid(gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume gid %d,
+ pw-pw_name, (int)gid);
+ }
+ if (initgroups(pw-pw_name, gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot initgroups, pw-pw_name);
+ }
+ if (setuid(uid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume uid %d,
+ pw-pw_name, (int)uid);
+ }
+}
+
static int
getmonth(char *s)
{
CVS commit: [netbsd-6] src/usr.bin/calendar
Module Name:src
Committed By: bouyer
Date: Wed Jul 1 07:22:37 UTC 2015
Modified Files:
src/usr.bin/calendar [netbsd-6]: calendar.c
Log Message:
Pull up following revision(s) (requested by dholland in ticket #1309):
usr.bin/calendar/calendar.c: revision 1.51
Correct privilege handling problems in calendar -a (which runs as root
from /etc/daily); do not exec other programs while the real uid is
still 0.
Also, clear the supplementary groups list up front and call initgroups
when becoming another user, to avoid leaking any extra group
privileges that we might have.
And finally, don't silently ignore errors changing uid and gid; those
are serious if they happen.
To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.48.8.1 src/usr.bin/calendar/calendar.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/calendar/calendar.c
diff -u src/usr.bin/calendar/calendar.c:1.48 src/usr.bin/calendar/calendar.c:1.48.8.1
--- src/usr.bin/calendar/calendar.c:1.48 Tue Dec 8 13:49:08 2009
+++ src/usr.bin/calendar/calendar.c Wed Jul 1 07:22:37 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: calendar.c,v 1.48 2009/12/08 13:49:08 wiz Exp $ */
+/* $NetBSD: calendar.c,v 1.48.8.1 2015/07/01 07:22:37 bouyer Exp $ */
/*
* Copyright (c) 1989, 1993, 1994
@@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1989, 19
#if 0
static char sccsid[] = @(#)calendar.c 8.4 (Berkeley) 1/7/95;
#endif
-__RCSID($NetBSD: calendar.c,v 1.48 2009/12/08 13:49:08 wiz Exp $);
+__RCSID($NetBSD: calendar.c,v 1.48.8.1 2015/07/01 07:22:37 bouyer Exp $);
#endif /* not lint */
#include sys/param.h
@@ -48,6 +48,7 @@ __RCSID($NetBSD: calendar.c,v 1.48 2009
#include sys/uio.h
#include sys/wait.h
+#include assert.h
#include ctype.h
#include err.h
#include errno.h
@@ -112,6 +113,7 @@ static const char *months[] = {
static void atodays(int, char *, unsigned short *);
static void cal(void);
static void closecal(FILE *);
+static void changeuser(void);
static int getday(char *);
static int getfield(char *, char **, int *);
static void getmmdd(struct tm *, char *);
@@ -171,12 +173,24 @@ main(int argc, char **argv)
* XXX - This ignores the user's CALENDAR_DIR variable.
* Run under user's login shell?
*/
+ if (setgroups(0, NULL) == -1) {
+ err(EXIT_FAILURE, setgroups);
+ }
while ((pw = getpwent()) != NULL) {
- (void)setegid(pw-pw_gid);
- (void)seteuid(pw-pw_uid);
- if (chdir(pw-pw_dir) != -1)
+ if (setegid(pw-pw_gid) == -1) {
+warn(%s: setegid, pw-pw_name);
+continue;
+ }
+ if (seteuid(pw-pw_uid) == -1) {
+warn(%s: seteuid, pw-pw_name);
+continue;
+ }
+ if (chdir(pw-pw_dir) != -1) {
cal();
- (void)seteuid(0);
+ }
+ if (seteuid(0) == -1) {
+warn(%s: seteuid back to 0, pw-pw_name);
+ }
}
} else if ((caldir = getenv(CALENDAR_DIR)) != NULL) {
if (chdir(caldir) != -1)
@@ -424,6 +438,10 @@ opencal(void)
(void)close(pdes[1]);
}
(void)close(pdes[0]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
/* tell CPP to only open regular files */
if(!cpp_restricted setenv(CPP_RESTRICTED, , 1) == -1)
err(EXIT_FAILURE, Cannot restrict cpp);
@@ -488,6 +506,10 @@ closecal(FILE *fp)
(void)close(pdes[0]);
}
(void)close(pdes[1]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
(void)execl(_PATH_SENDMAIL, sendmail, -i, -t, -F,
\Reminder Service\, -f, root, NULL);
err(EXIT_FAILURE, Cannot exec `%s', _PATH_SENDMAIL);
@@ -511,6 +533,34 @@ done: (void)fclose(fp);
continue;
}
+static void
+changeuser(void)
+{
+ uid_t uid;
+ gid_t gid;
+
+ uid = geteuid();
+ gid = getegid();
+ assert(uid == pw-pw_uid);
+ assert(gid == pw-pw_gid);
+
+ if (seteuid(0) == -1) {
+ err(EXIT_FAILURE, %s: changing user: cannot reassert uid 0,
+ pw-pw_name);
+ }
+ if (setgid(gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume gid %d,
+ pw-pw_name, (int)gid);
+ }
+ if (initgroups(pw-pw_name, gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot initgroups, pw-pw_name);
+ }
+ if (setuid(uid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume uid %d,
+ pw-pw_name, (int)uid);
+ }
+}
+
static int
getmonth(char *s)
{
CVS commit: [netbsd-6-0] src/doc
Module Name:src Committed By: bouyer Date: Wed Jul 1 07:24:31 UTC 2015 Modified Files: src/doc [netbsd-6-0]: CHANGES-6.0.7 Log Message: ticket 1309 To generate a diff of this commit: cvs rdiff -u -r1.1.2.43 -r1.1.2.44 src/doc/CHANGES-6.0.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.0.7 diff -u src/doc/CHANGES-6.0.7:1.1.2.43 src/doc/CHANGES-6.0.7:1.1.2.44 --- src/doc/CHANGES-6.0.7:1.1.2.43 Wed May 27 05:57:31 2015 +++ src/doc/CHANGES-6.0.7 Wed Jul 1 07:24:31 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.0.7,v 1.1.2.43 2015/05/27 05:57:31 msaitoh Exp $ +# $NetBSD: CHANGES-6.0.7,v 1.1.2.44 2015/07/01 07:24:31 bouyer Exp $ A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7 release: @@ -5998,3 +5998,17 @@ sys/arch/xen/xen/xenevt.c 1.42 Fix off by one error, pointed out by Wei Liu in port-xen/49919. [bouyer, ticket #1299] +usr.bin/calendar/calendar.c 1.51 + + Correct privilege handling problems in calendar -a (which runs as root + from /etc/daily); do not exec other programs while the real uid is + still 0. + + Also, clear the supplementary groups list up front and call initgroups + when becoming another user, to avoid leaking any extra group + privileges that we might have. + + And finally, don't silently ignore errors changing uid and gid; those + are serious if they happen. + [dholland, ticket #1309] +
CVS commit: [netbsd-6] src/doc
Module Name:src Committed By: bouyer Date: Wed Jul 1 07:24:22 UTC 2015 Modified Files: src/doc [netbsd-6]: CHANGES-6.2 Log Message: ticket 1309 To generate a diff of this commit: cvs rdiff -u -r1.1.2.220 -r1.1.2.221 src/doc/CHANGES-6.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.2 diff -u src/doc/CHANGES-6.2:1.1.2.220 src/doc/CHANGES-6.2:1.1.2.221 --- src/doc/CHANGES-6.2:1.1.2.220 Fri Jun 19 17:51:18 2015 +++ src/doc/CHANGES-6.2 Wed Jul 1 07:24:22 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.2,v 1.1.2.220 2015/06/19 17:51:18 snj Exp $ +# $NetBSD: CHANGES-6.2,v 1.1.2.221 2015/07/01 07:24:22 bouyer Exp $ A complete list of changes from the 6.1 release until the 6.2 release: @@ -11532,3 +11532,17 @@ lib/libperfuse/ops.c1.84 Fix dot-lookup when readdir does not provide inodes [manu, ticket #1306] +usr.bin/calendar/calendar.c 1.51 + + Correct privilege handling problems in calendar -a (which runs as root + from /etc/daily); do not exec other programs while the real uid is + still 0. + + Also, clear the supplementary groups list up front and call initgroups + when becoming another user, to avoid leaking any extra group + privileges that we might have. + + And finally, don't silently ignore errors changing uid and gid; those + are serious if they happen. + [dholland, ticket #1309] +
CVS commit: [netbsd-7] src/doc
Module Name:src Committed By: bouyer Date: Wed Jul 1 07:30:55 UTC 2015 Modified Files: src/doc [netbsd-7]: CHANGES-7.0 Log Message: tickets 860 and 861 To generate a diff of this commit: cvs rdiff -u -r1.1.2.334 -r1.1.2.335 src/doc/CHANGES-7.0 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.0 diff -u src/doc/CHANGES-7.0:1.1.2.334 src/doc/CHANGES-7.0:1.1.2.335 --- src/doc/CHANGES-7.0:1.1.2.334 Mon Jun 29 17:27:13 2015 +++ src/doc/CHANGES-7.0 Wed Jul 1 07:30:55 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.0,v 1.1.2.334 2015/06/29 17:27:13 snj Exp $ +# $NetBSD: CHANGES-7.0,v 1.1.2.335 2015/07/01 07:30:55 bouyer Exp $ A complete list of changes from the initial NetBSD 7.0 branch on 11 Aug 2014 until the 7.0 release: @@ -32183,3 +32183,28 @@ sbin/gpt/recover.c1.6 recover simply copies the existing header over the missing one. [jnemeth, ticket #847] +usr.bin/calendar/calendar.c 1.51 + + Correct privilege handling problems in calendar -a (which runs as root + from /etc/daily); do not exec other programs while the real uid is + still 0. + + Also, clear the supplementary groups list up front and call initgroups + when becoming another user, to avoid leaking any extra group + privileges that we might have. + + And finally, don't silently ignore errors changing uid and gid; those + are serious if they happen. + [dholland, ticket #860] + +usr.bin/calendar/calendar.c 1.52 + + Repair accidental regression in -r1.49: for -a mode, don't allow + calendars to be other than regular files unless the -x option is in + effect. + + (If not in -a mode, we're running purely as the user whose calendar it + is and if they want to DoS themselves with named pipes it's their own + lookout.) + [dholland, ticket #861] +
CVS commit: src/sys
Module Name:src
Committed By: christos
Date: Thu Jul 2 03:47:54 UTC 2015
Modified Files:
src/sys/kern: sys_process.c
src/sys/sys: ptrace.h
Log Message:
Support PIOD_READ_AUXV so that gdb can handle PIE binaries. From OpenBSD.
To generate a diff of this commit:
cvs rdiff -u -r1.165 -r1.166 src/sys/kern/sys_process.c
cvs rdiff -u -r1.45 -r1.46 src/sys/sys/ptrace.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/sys_process.c
diff -u src/sys/kern/sys_process.c:1.165 src/sys/kern/sys_process.c:1.166
--- src/sys/kern/sys_process.c:1.165 Sun Nov 23 21:34:04 2014
+++ src/sys/kern/sys_process.c Wed Jul 1 23:47:54 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_process.c,v 1.165 2014/11/24 02:34:04 christos Exp $ */
+/* $NetBSD: sys_process.c,v 1.166 2015/07/02 03:47:54 christos Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -118,7 +118,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: sys_process.c,v 1.165 2014/11/24 02:34:04 christos Exp $);
+__KERNEL_RCSID(0, $NetBSD: sys_process.c,v 1.166 2015/07/02 03:47:54 christos Exp $);
#include opt_ptrace.h
#include opt_ktrace.h
@@ -127,6 +127,7 @@ __KERNEL_RCSID(0, $NetBSD: sys_process.
#include sys/systm.h
#include sys/proc.h
#include sys/errno.h
+#include sys/exec.h
#include sys/ptrace.h
#include sys/uio.h
#include sys/ras.h
@@ -148,6 +149,9 @@ __KERNEL_RCSID(0, $NetBSD: sys_process.
# endif
static kauth_listener_t ptrace_listener;
+#ifdef PTRACE
+static int process_auxv_offset(struct proc *, struct uio *);
+#endif
static int
ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
@@ -531,6 +535,14 @@ sys_ptrace(struct lwp *l, const struct s
error = copyin(SCARG(uap, addr), piod, sizeof(piod));
if (error)
break;
+
+ iov.iov_base = piod.piod_addr;
+ iov.iov_len = piod.piod_len;
+ uio.uio_iov = iov;
+ uio.uio_iovcnt = 1;
+ uio.uio_offset = (off_t)(unsigned long)piod.piod_offs;
+ uio.uio_resid = piod.piod_len;
+
switch (piod.piod_op) {
case PIOD_READ_D:
case PIOD_READ_I:
@@ -546,6 +558,19 @@ sys_ptrace(struct lwp *l, const struct s
}
uio.uio_rw = UIO_WRITE;
break;
+ case PIOD_READ_AUXV:
+ req = PT_READ_D;
+ uio.uio_rw = UIO_READ;
+ tmp = t-p_execsw-es_arglen * sizeof(char *);
+ if (uio.uio_offset tmp)
+return EIO;
+ if (uio.uio_resid tmp - uio.uio_offset)
+uio.uio_resid = tmp - uio.uio_offset;
+ piod.piod_len = iov.iov_len = uio.uio_resid;
+ error = process_auxv_offset(t, uio);
+ if (error)
+return error;
+ break;
default:
error = EINVAL;
break;
@@ -555,12 +580,6 @@ sys_ptrace(struct lwp *l, const struct s
error = proc_vmspace_getref(l-l_proc, vm);
if (error)
break;
- iov.iov_base = piod.piod_addr;
- iov.iov_len = piod.piod_len;
- uio.uio_iov = iov;
- uio.uio_iovcnt = 1;
- uio.uio_offset = (off_t)(unsigned long)piod.piod_offs;
- uio.uio_resid = piod.piod_len;
uio.uio_vmspace = vm;
error = process_domem(l, lt, uio);
@@ -1138,3 +1157,31 @@ process_stoptrace(void)
mutex_exit(p-p_lock);
}
#endif /* KTRACE || PTRACE */
+
+#ifdef PTRACE
+static int
+process_auxv_offset(struct proc *p, struct uio *uio)
+{
+ struct ps_strings pss;
+ int error;
+ off_t off = (off_t)p-p_psstrp;
+
+ if ((error = copyin_psstrings(p, pss)) != 0)
+ return error;
+
+ if (pss.ps_envstr == NULL)
+ return EIO;
+
+ uio-uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + pss.ps_nenvstr + 1);
+#ifdef __MACHINE_STACK_GROWS_UP
+ if (uio-uio_offset off)
+ return EIO;
+#else
+ if (uio-uio_offset off)
+ return EIO;
+ if ((uio-uio_offset + uio-uio_resid) off)
+ uio-uio_resid = off - uio-uio_offset;
+#endif
+ return 0;
+}
+#endif
Index: src/sys/sys/ptrace.h
diff -u src/sys/sys/ptrace.h:1.45 src/sys/sys/ptrace.h:1.46
--- src/sys/sys/ptrace.h:1.45 Fri Jan 3 19:10:03 2014
+++ src/sys/sys/ptrace.h Wed Jul 1 23:47:54 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: ptrace.h,v 1.45 2014/01/04 00:10:03 dsl Exp $ */
+/* $NetBSD: ptrace.h,v 1.46 2015/07/02 03:47:54 christos Exp $ */
/*-
* Copyright (c) 1984, 1993
@@ -104,6 +104,7 @@ struct ptrace_io_desc {
#define PIOD_WRITE_D 2 /* write to D spcae */
#define PIOD_READ_I 3 /* read from I space */
#define PIOD_WRITE_I 4 /* write to I space */
+#define PIOD_READ_AUXV 5 /* Read from aux array */
/*
* Argument structure for PT_LWPINFO.
CVS commit: src/lib/libc/sys
Module Name:src Committed By: christos Date: Thu Jul 2 03:50:21 UTC 2015 Modified Files: src/lib/libc/sys: ptrace.2 Log Message: document PIOD_READ_AUXV. To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.37 src/lib/libc/sys/ptrace.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libc/sys/ptrace.2 diff -u src/lib/libc/sys/ptrace.2:1.36 src/lib/libc/sys/ptrace.2:1.37 --- src/lib/libc/sys/ptrace.2:1.36 Mon Jul 28 04:10:23 2014 +++ src/lib/libc/sys/ptrace.2 Wed Jul 1 23:50:21 2015 @@ -1,7 +1,7 @@ -.\ $NetBSD: ptrace.2,v 1.36 2014/07/28 08:10:23 christos Exp $ +.\ $NetBSD: ptrace.2,v 1.37 2015/07/02 03:50:21 christos Exp $ .\ .\ This file is in the public domain. -.Dd July 28, 2014 +.Dd July 1, 2015 .Dt PTRACE 2 .Os .Sh NAME @@ -224,11 +224,15 @@ Possible values are: .It Dv PIOD_WRITE_D .It Dv PIOD_READ_I .It Dv PIOD_WRITE_I +.It Dv PIOD_READ_AUXV .El .Pp See the description of .Dv PT_READ_I for the difference between I and D spaces. +The +.Dv PIOD_READ_AUXV +operation can be used to read from the ELF auxiliary vector. A pointer to the I/O descriptor is passed in the .Fa addr argument to
CVS commit: src/sys/arch/x86/x86
Module Name:src
Committed By: msaitoh
Date: Thu Jul 2 05:11:50 UTC 2015
Modified Files:
src/sys/arch/x86/x86: intel_busclock.c
Log Message:
Fix bus clock for Airmont from the latest Intel SDM.
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/sys/arch/x86/x86/intel_busclock.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/x86/x86/intel_busclock.c
diff -u src/sys/arch/x86/x86/intel_busclock.c:1.23 src/sys/arch/x86/x86/intel_busclock.c:1.24
--- src/sys/arch/x86/x86/intel_busclock.c:1.23 Wed May 27 00:08:50 2015
+++ src/sys/arch/x86/x86/intel_busclock.c Thu Jul 2 05:11:50 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: intel_busclock.c,v 1.23 2015/05/27 00:08:50 msaitoh Exp $ */
+/* $NetBSD: intel_busclock.c,v 1.24 2015/07/02 05:11:50 msaitoh Exp $ */
/*-
* Copyright (c) 1999, 2000, 2001 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: intel_busclock.c,v 1.23 2015/05/27 00:08:50 msaitoh Exp $);
+__KERNEL_RCSID(0, $NetBSD: intel_busclock.c,v 1.24 2015/07/02 05:11:50 msaitoh Exp $);
#include sys/param.h
#include sys/systm.h
@@ -276,7 +276,7 @@ p3_get_bus_clock(struct cpu_info *ci)
unable to determine bus speed);
goto print_msr;
}
- bus = (msr 0) 0x1f;
+ bus = (msr 0) 0x0f;
switch (bus) {
case 0:
bus_clock = 8333;
@@ -288,33 +288,21 @@ p3_get_bus_clock(struct cpu_info *ci)
bus_clock = 1;
break;
case 3:
- bus_clock = 11650;
- break;
- case 4:
- bus_clock = 8333;
- break;
- case 5:
- bus_clock = 1;
- break;
- case 6:
- bus_clock = 1;
- break;
- case 7:
bus_clock = 11666;
break;
- case 12:
+ case 4:
bus_clock = 8000;
break;
- case 13:
+ case 5:
bus_clock = 9333;
break;
- case 14:
+ case 6:
bus_clock = 9000;
break;
- case 15:
+ case 7:
bus_clock = ;
break;
- case 20:
+ case 8:
bus_clock = 8750;
break;
default:
CVS commit: src/usr.bin/calendar
Module Name:src
Committed By: dholland
Date: Wed Jul 1 06:48:25 UTC 2015
Modified Files:
src/usr.bin/calendar: calendar.c
Log Message:
Repair accidental regression in -r1.49: for -a mode, don't allow
calendars to be other than regular files unless the -x option is in
effect.
(If not in -a mode, we're running purely as the user whose calendar it
is and if they want to DoS themselves with named pipes it's their own
lookout.)
To generate a diff of this commit:
cvs rdiff -u -r1.51 -r1.52 src/usr.bin/calendar/calendar.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/calendar/calendar.c
diff -u src/usr.bin/calendar/calendar.c:1.51 src/usr.bin/calendar/calendar.c:1.52
--- src/usr.bin/calendar/calendar.c:1.51 Wed Jul 1 06:45:51 2015
+++ src/usr.bin/calendar/calendar.c Wed Jul 1 06:48:25 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: calendar.c,v 1.51 2015/07/01 06:45:51 dholland Exp $ */
+/* $NetBSD: calendar.c,v 1.52 2015/07/01 06:48:25 dholland Exp $ */
/*
* Copyright (c) 1989, 1993, 1994
@@ -39,10 +39,11 @@ __COPYRIGHT(@(#) Copyright (c) 1989, 19
#if 0
static char sccsid[] = @(#)calendar.c 8.4 (Berkeley) 1/7/95;
#endif
-__RCSID($NetBSD: calendar.c,v 1.51 2015/07/01 06:45:51 dholland Exp $);
+__RCSID($NetBSD: calendar.c,v 1.52 2015/07/01 06:48:25 dholland Exp $);
#endif /* not lint */
#include sys/param.h
+#include sys/ioctl.h
#include sys/time.h
#include sys/stat.h
#include sys/uio.h
@@ -120,6 +121,7 @@ static void getmmdd(struct tm *, char *
static int getmonth(char *);
static bool isnow(char *);
static FILE *opencal(FILE **);
+static int tryopen(const char *, int);
static void settime(void);
static void usage(void) __dead;
@@ -403,7 +405,7 @@ opencal(FILE **in)
/* open up calendar file as stdin */
if (fname == NULL) {
for (const char **name = defaultnames; *name != NULL; name++) {
- if ((fd = open(*name, O_RDONLY)) == -1)
+ if ((fd = tryopen(*name, O_RDONLY)) == -1)
continue;
else
break;
@@ -413,7 +415,7 @@ opencal(FILE **in)
return NULL;
err(EXIT_FAILURE, Cannot open calendar file);
}
- } else if ((fd = open(fname, O_RDONLY)) == -1) {
+ } else if ((fd = tryopen(fname, O_RDONLY)) == -1) {
if (doall)
return NULL;
err(EXIT_FAILURE, Cannot open `%s', fname);
@@ -482,6 +484,74 @@ opencal(FILE **in)
/*NOTREACHED*/
}
+static int
+tryopen(const char *pathname, int flags)
+{
+ int fd, serrno, zero;
+ struct stat st;
+
+ /*
+ * XXX: cpp_restricted has inverted sense; it is false by default,
+ * and -x sets it to true. CPP_RESTRICTED is set in the environment
+ * if cpp_restricted is false... go figure. This should be fixed
+ * later.
+ */
+ if (doall cpp_restricted == false) {
+ /*
+ * We are running with the user's euid, so they can't
+ * cause any mayhem (e.g. opening rewinding tape
+ * devices) that they couldn't do easily enough on
+ * their own. All we really need to worry about is opens
+ * that hang, because that would DoS the calendar run.
+ */
+ fd = open(pathname, flags | O_NONBLOCK);
+ if (fd == -1) {
+ return -1;
+ }
+ if (fstat(fd, st) == -1) {
+ serrno = errno;
+ close(fd);
+ errno = serrno;
+ return -1;
+ }
+ if (S_ISCHR(st.st_mode) ||
+ S_ISBLK(st.st_mode) ||
+ S_ISFIFO(st.st_mode)) {
+ close(fd);
+
+ /* Call shenanigans in the daily output */
+ errno = EPERM;
+ warn(%s: %s, pw-pw_name, pathname);
+
+ errno = EPERM;
+ return -1;
+ }
+ if (S_ISDIR(st.st_mode)) {
+ /* Don't warn about this */
+ close(fd);
+ errno = EISDIR;
+ return -1;
+ }
+ if (!S_ISREG(st.st_mode)) {
+ /* There shouldn't be other cases to go here */
+ close(fd);
+ errno = EINVAL;
+ return -1;
+ }
+ zero = 0;
+ if (ioctl(fd, FIONBIO, zero) == -1) {
+ serrno = errno;
+ warn(%s: %s: FIONBIO, pw-pw_name, pathname);
+ close(fd);
+ errno = serrno;
+ return -1;
+ }
+ return fd;
+ } else {
+ return open(pathname, flags);
+ }
+}
+
static void
closecal(FILE *fp)
{
CVS commit: src/usr.bin/calendar
Module Name:src
Committed By: dholland
Date: Wed Jul 1 06:45:51 UTC 2015
Modified Files:
src/usr.bin/calendar: calendar.c
Log Message:
Correct privilege handling problems in calendar -a (which runs as root
from /etc/daily); do not exec other programs while the real uid is
still 0.
Also, clear the supplementary groups list up front and call initgroups
when becoming another user, to avoid leaking any extra group
privileges that we might have.
And finally, don't silently ignore errors changing uid and gid; those
are serious if they happen.
To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 src/usr.bin/calendar/calendar.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/calendar/calendar.c
diff -u src/usr.bin/calendar/calendar.c:1.50 src/usr.bin/calendar/calendar.c:1.51
--- src/usr.bin/calendar/calendar.c:1.50 Sat Nov 9 15:57:15 2013
+++ src/usr.bin/calendar/calendar.c Wed Jul 1 06:45:51 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: calendar.c,v 1.50 2013/11/09 15:57:15 christos Exp $ */
+/* $NetBSD: calendar.c,v 1.51 2015/07/01 06:45:51 dholland Exp $ */
/*
* Copyright (c) 1989, 1993, 1994
@@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1989, 19
#if 0
static char sccsid[] = @(#)calendar.c 8.4 (Berkeley) 1/7/95;
#endif
-__RCSID($NetBSD: calendar.c,v 1.50 2013/11/09 15:57:15 christos Exp $);
+__RCSID($NetBSD: calendar.c,v 1.51 2015/07/01 06:45:51 dholland Exp $);
#endif /* not lint */
#include sys/param.h
@@ -48,6 +48,7 @@ __RCSID($NetBSD: calendar.c,v 1.50 2013
#include sys/uio.h
#include sys/wait.h
+#include assert.h
#include ctype.h
#include err.h
#include errno.h
@@ -112,6 +113,7 @@ static const char *months[] = {
static void atodays(int, char *, unsigned short *);
static void cal(void);
static void closecal(FILE *);
+static void changeuser(void);
static int getday(char *);
static int getfield(char *, char **, int *);
static void getmmdd(struct tm *, char *);
@@ -171,12 +173,24 @@ main(int argc, char **argv)
* XXX - This ignores the user's CALENDAR_DIR variable.
* Run under user's login shell?
*/
+ if (setgroups(0, NULL) == -1) {
+ err(EXIT_FAILURE, setgroups);
+ }
while ((pw = getpwent()) != NULL) {
- (void)setegid(pw-pw_gid);
- (void)seteuid(pw-pw_uid);
- if (chdir(pw-pw_dir) != -1)
+ if (setegid(pw-pw_gid) == -1) {
+warn(%s: setegid, pw-pw_name);
+continue;
+ }
+ if (seteuid(pw-pw_uid) == -1) {
+warn(%s: seteuid, pw-pw_name);
+continue;
+ }
+ if (chdir(pw-pw_dir) != -1) {
cal();
- (void)seteuid(0);
+ }
+ if (seteuid(0) == -1) {
+warn(%s: seteuid back to 0, pw-pw_name);
+ }
}
} else if ((caldir = getenv(CALENDAR_DIR)) != NULL) {
if (chdir(caldir) != -1)
@@ -429,6 +443,10 @@ opencal(FILE **in)
(void)close(pdes[1]);
}
(void)close(pdes[0]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
/* tell CPP to only open regular files */
if(!cpp_restricted setenv(CPP_RESTRICTED, , 1) == -1)
err(EXIT_FAILURE, Cannot restrict cpp);
@@ -495,6 +513,10 @@ closecal(FILE *fp)
(void)close(pdes[0]);
}
(void)close(pdes[1]);
+ if (doall) {
+ /* become the user properly */
+ changeuser();
+ }
(void)execl(_PATH_SENDMAIL, sendmail, -i, -t, -F,
\Reminder Service\, -f, root, NULL);
err(EXIT_FAILURE, Cannot exec `%s', _PATH_SENDMAIL);
@@ -518,6 +540,34 @@ done: (void)fclose(fp);
continue;
}
+static void
+changeuser(void)
+{
+ uid_t uid;
+ gid_t gid;
+
+ uid = geteuid();
+ gid = getegid();
+ assert(uid == pw-pw_uid);
+ assert(gid == pw-pw_gid);
+
+ if (seteuid(0) == -1) {
+ err(EXIT_FAILURE, %s: changing user: cannot reassert uid 0,
+ pw-pw_name);
+ }
+ if (setgid(gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume gid %d,
+ pw-pw_name, (int)gid);
+ }
+ if (initgroups(pw-pw_name, gid) == -1) {
+ err(EXIT_FAILURE, %s: cannot initgroups, pw-pw_name);
+ }
+ if (setuid(uid) == -1) {
+ err(EXIT_FAILURE, %s: cannot assume uid %d,
+ pw-pw_name, (int)uid);
+ }
+}
+
static int
getmonth(char *s)
{
