sure
but make sense to remove bad examples in tree
On Wed, Jun 02, 2010 at 08:33:10AM -0600, Theo de Raadt wrote:
> > endpwent() here to close file descriptor opened by getpwnam(),
> > since that all work with the password database was done.
>
> But no file descriptor is open.
>
> setpassent() was never called to keep the fd open.
>
> It's even explained in the manual page.
>
> > Index: tftp-proxy.c
> > ===================================================================
> > RCS file: /cvs/src//libexec/tftp-proxy/tftp-proxy.c,v
> > retrieving revision 1.6
> > diff -u tftp-proxy.c
> > --- tftp-proxy.c 13 Apr 2008 00:22:17 -0000 1.6
> > +++ tftp-proxy.c 2 Jun 2010 13:06:16 -0000
> > @@ -128,6 +128,7 @@
> > syslog(LOG_ERR, "can't revoke privs: %m");
> > exit(1);
> > }
> > + endpwent();
> >
> > /* non-blocking io */
> > if (ioctl(fd, FIONBIO, &on) < 0) {
Index: privsep.c
===================================================================
RCS file: /cvs/src//usr.sbin/tcpdump/privsep.c,v
retrieving revision 1.28
diff -u privsep.c
--- privsep.c 17 Apr 2009 22:31:24 -0000 1.28
+++ privsep.c 2 Jun 2010 15:18:00 -0000
@@ -175,7 +175,6 @@
err(1, "setresgid() failed");
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
err(1, "setresuid() failed");
- endpwent();
close(socks[0]);
priv_fd = socks[1];
Index: privsep.c
===================================================================
RCS file: /cvs/src//usr.sbin/syslogd/privsep.c,v
retrieving revision 1.34
diff -u privsep.c
--- privsep.c 23 Nov 2008 04:29:42 -0000 1.34
+++ privsep.c 2 Jun 2010 15:18:56 -0000
@@ -435,7 +435,6 @@
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1 ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
err(1, "failure dropping privs");
- endpwent();
if (dup2(fd[0], STDIN_FILENO) == -1)
err(1, "dup2 failed");