diff options
author | Jeremy Allison <jra@samba.org> | 1998-12-22 02:53:06 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 1998-12-22 02:53:06 +0000 |
commit | 80810371e6ee2ed33cb22a3629373131e92a7ab4 (patch) | |
tree | addea2df3e938f8c84c27481715c02570930f06a /source/lib | |
parent | a26d050828ede44d2beeb01edfa7bddd0c6deac0 (diff) | |
download | samba-80810371e6ee2ed33cb22a3629373131e92a7ab4.tar.gz samba-80810371e6ee2ed33cb22a3629373131e92a7ab4.tar.xz samba-80810371e6ee2ed33cb22a3629373131e92a7ab4.zip |
Rather large (I'm afraid) tidyup of the setuid handling code.
All setuid code now resides in the one module lib/util_sec.c.
The interfaces this module exports are :
void gain_root_privilage(void); - Set real/eff/saved uid's to 0.
void gain_root_group_privilage(void); - Set real/eff/saved gid's to 0.
int set_effective_uid(uid_t uid); - Set eff uid *only* to given value.
int set_effective_gid(gid_t gid); - Set eff gid *only* to given value.
BOOL become_user_permanently(uid_t uid, gid_t gid); - Set real/eff/saved uid's and gid's
to uid and gid permanently - with no way back to root.
Most of the quota code now uses these calls (except for a few
special cases).
smbd/chgpasswd.c: Ensured the dochild exits in the fork()'d child.
libsmb/nmblib.c: Fix from Jasper for memory leak.
Jeremy.
Diffstat (limited to 'source/lib')
-rw-r--r-- | source/lib/smbrun.c | 34 | ||||
-rw-r--r-- | source/lib/util.c | 53 |
2 files changed, 9 insertions, 78 deletions
diff --git a/source/lib/smbrun.c b/source/lib/smbrun.c index 2257fa09e41..ad262c775a8 100644 --- a/source/lib/smbrun.c +++ b/source/lib/smbrun.c @@ -40,14 +40,9 @@ static BOOL setup_stdout_file(char *outfile,BOOL shared) close(1); if (shared) { - /* become root - unprivilaged users can't delete these files */ -#if defined(HAVE_SETRESUID) && defined(HAVE_SETRESGID) - setresgid(0,0,0); - setresuid(0,0,0); -#else - setuid(0); - seteuid(0); -#endif + /* become root - unprivilaged users can't delete these files */ + gain_root_privilage(); + gain_root_group_privilage(); } if(sys_stat(outfile, &st) == 0) { @@ -86,8 +81,8 @@ if shared is not set then open the file with O_EXCL set int smbrun(char *cmd,char *outfile,BOOL shared) { int fd,pid; - int uid = current_user.uid; - int gid = current_user.gid; + uid_t uid = current_user.uid; + gid_t gid = current_user.gid; /* * Lose any kernel oplock capabilities we may have. @@ -110,7 +105,7 @@ int smbrun(char *cmd,char *outfile,BOOL shared) } slprintf(syscmd,sizeof(syscmd)-1,"%s %d %d \"(%s 2>&1) > %s\"", - path,uid,gid,cmd, + path,(int)uid,(int)gid,cmd, outfile?outfile:"/dev/null"); DEBUG(5,("smbrun - running %s ",syscmd)); @@ -143,20 +138,9 @@ int smbrun(char *cmd,char *outfile,BOOL shared) /* now completely lose our privilages. This is a fairly paranoid way of doing it, but it does work on all systems that I know of */ -#if defined(HAVE_SETRESUID) && defined(HAVE_SETRESGID) - setresgid(0,0,0); - setresuid(0,0,0); - setresgid(gid,gid,gid); - setresuid(uid,uid,uid); -#else - setuid(0); - seteuid(0); - setgid(gid); - setegid(gid); - setuid(uid); - seteuid(uid); -#endif - + + become_user_permanently(uid, gid); + if (getuid() != uid || geteuid() != uid || getgid() != gid || getegid() != gid) { /* we failed to lose our privilages - do not execute diff --git a/source/lib/util.c b/source/lib/util.c index 9c8e6e92f01..3bf0a42c52a 100644 --- a/source/lib/util.c +++ b/source/lib/util.c @@ -2972,56 +2972,3 @@ BOOL reg_split_key(char *full_keyname, uint32 *reg_type, char *key_name) return True; } - -/**************************************************************************** - become the specified uid - permanently ! -****************************************************************************/ -BOOL become_user_permanently(uid_t uid, gid_t gid) -{ - /* now completely lose our privilages. This is a fairly paranoid - way of doing it, but it does work on all systems that I know of */ - -#if defined(HAVE_SETRESUID) && defined(HAVE_SETRESGID) - /* - * Firstly ensure all our uids are set to root. - */ - setresgid(0,0,0); - setresuid(0,0,0); - - /* - * Now ensure we change all our gids. - */ - setresgid(gid,gid,gid); - - /* - * Now ensure all the uids are the user. - */ - setresuid(uid,uid,uid); -#else - /* - * Firstly ensure all our uids are set to root. - */ - setuid(0); - seteuid(0); - - /* - * Now ensure we change all our gids. - */ - setgid(gid); - setegid(gid); - - /* - * Now ensure all the uids are the user. - */ - setuid(uid); - seteuid(uid); -#endif - - if (getuid() != uid || geteuid() != uid || - getgid() != gid || getegid() != gid) { - /* We failed to lose our privilages. */ - return False; - } - - return(True); -} |