Don't try to play uid swapping games if the effective uid is not zero

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5697 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 19 insertions, 8 deletions

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index 476966c1e..255c3af2f 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,6 +1,9 @@
 Tue May  2 22:12:39 1995  Theodore Y. Ts'o  (tytso@dcl)
 
-	* kcmd.c (kcmd()): Bug fix to jik's bug fix.  (Caused by our code
+	* krcp.c (main): Don't try to play uid swapping games if the
+		effective uid is not zero.
+
+	* kcmd.c (kcmd): Bug fix to jik's bug fix.  (Caused by our code
 		drift since jik's changes went in, and not sufficiently
 		careful checking of jik's patches before applying it.)
 
diff --git a/src/appl/bsd/krcp.c b/src/appl/bsd/krcp.c
index 7aa446530..ef0da9083 100644
--- a/src/appl/bsd/krcp.c
+++ b/src/appl/bsd/krcp.c
@@ -144,6 +144,7 @@ main(argc, argv)
 #ifdef KERBEROS
     krb5_flags authopts;
     krb5_error_code status;	
+    int euid;
     char **orig_argv = save_argv(argc, argv);
     
     sp = getservbyname("kshell", "tcp");
@@ -469,18 +470,25 @@ main(argc, argv)
 		    if (encryptflag)
 		      send_auth();
 		}
+		euid = geteuid();
 #ifdef HAVE_SETREUID
-		(void) setreuid(0, userid);
+		if (euid == 0)
+		    (void) setreuid(0, userid);
 		sink(1, argv+argc-1);
-		(void) setreuid(userid, 0);
+		if (euid == 0)
+		    (void) setreuid(userid, 0);
 #else
-		(void) setuid(0);
-		if(seteuid(userid)) {
-		  perror("rcp seteuid user"); errs++; exit(errs);
+		if (euid == 0) {
+		    (void) setuid(0);
+		    if(seteuid(userid)) {
+			perror("rcp seteuid user"); errs++; exit(errs);
+		    }
 		}
 		sink(1, argv+argc-1);
-		if(seteuid(0)) {
-		  perror("rcp seteuid 0"); errs++; exit(errs);
+		if (euid == 0) {
+		    if(seteuid(0)) {
+			perror("rcp seteuid 0"); errs++; exit(errs);
+		    }
 		}
 #endif
 #else