Convert setuid/setgid users to xsetuid/xsetgid.

2024-06-28 14:29:51 +00:00 · 2006-07-16 08:06:34 +00:00 · 2006-07-16 08:06:34 +00:00 · afb94ecf2b
commit afb94ecf2b
parent 25c194fd19
6 changed files with 12 additions and 16 deletions
--- a/loginutils/passwd.c
+++ b/loginutils/passwd.c
@ -227,10 +227,7 @@ int passwd_main(int argc, char **argv)
 	signal(SIGINT, SIG_IGN);
 	signal(SIGQUIT, SIG_IGN);
 	umask(077);
-	if (setuid(0)) {
-		syslog(LOG_ERR, "can't setuid(0)");
-		bb_error_msg_and_die( "Cannot change ID to root.\n");
-	}
+	xsetuid(0);
 	if (!update_passwd(pw, crypt_passwd)) {
 		syslog(LOG_INFO, "password for `%s' changed by user `%s'", name,
 			   myname);
--- a/networking/arping.c
+++ b/networking/arping.c
@ -262,7 +262,8 @@ int arping_main(int argc, char **argv)
 	s = socket(PF_PACKET, SOCK_DGRAM, 0);
 	ifindex = errno;

-	setuid(getuid());
+	// Drop suid root privileges
+	xsetuid(getuid());

 	{
 		unsigned long opt;
--- a/networking/ether-wake.c
+++ b/networking/ether-wake.c
@ -145,7 +145,7 @@ int etherwake_main(int argc, char *argv[])
 	s = make_socket();

 	/* now that we have a raw socket we can drop root */
-	setuid(getuid());
+	xsetuid(getuid());

 	/* look up the dest mac address */
 	get_dest_addr(argv[optind], &eaddr);
--- a/networking/fakeidentd.c
+++ b/networking/fakeidentd.c
@ -159,8 +159,8 @@ static int godaemon(void)

 		close(0);
 		inetbind();
-		if (setgid(nogrp))   bb_error_msg_and_die("Could not setgid()");
-		if (setuid(nobody))  bb_error_msg_and_die("Could not setuid()");
+		xsetgid(nogrp);
+		xsetuid(nobody);
 		close(1);
 		close(2);

--- a/networking/inetd.c
+++ b/networking/inetd.c
@ -1513,11 +1513,11 @@ inetd_main (int argc, char *argv[])
 			  if (sep->se_group) {
 				pwd->pw_gid = grp->gr_gid;
 			  }
-			  setgid ((gid_t) pwd->pw_gid);
+			  xsetgid ((gid_t) pwd->pw_gid);
 			  initgroups (pwd->pw_name, pwd->pw_gid);
-			  setuid ((uid_t) pwd->pw_uid);
+			  xsetuid((uid_t) pwd->pw_uid);
 			} else if (sep->se_group) {
-			  setgid (grp->gr_gid);
+			  xsetgid(grp->gr_gid);
 			  setgroups (1, &grp->gr_gid);
 			}
 			dup2 (ctrl, 0);
--- a/networking/traceroute.c
+++ b/networking/traceroute.c
@ -941,7 +941,6 @@ traceroute_main(int argc, char *argv[])
 #endif
 	u_short off = 0;
 	struct IFADDRLIST *al;
-	int uid = getuid();
 	char *device = NULL;
 	int max_ttl = 30;
 	char *max_ttl_str = NULL;
@ -1010,8 +1009,7 @@ traceroute_main(int argc, char *argv[])
 	     * set the ip source address of the outbound
 	     * probe (e.g., on a multi-homed host).
 	     */
-	     if (uid)
-		bb_error_msg_and_die("-s %s: Permission denied", source);
+	     if (getuid()) bb_error_msg_and_die("-s %s: Permission denied", source);
 	}
 	if(waittime_str)
 		waittime = str2val(waittime_str, "wait time", 2, 24 * 60 * 60);
@ -1160,8 +1158,8 @@ traceroute_main(int argc, char *argv[])
 		    sizeof(on));

 	/* Revert to non-privileged user after opening sockets */
-	setgid(getgid());
-	setuid(uid);
+	xsetgid(getgid());
+	xsetuid(getuid());

 	outip = (struct ip *)xcalloc(1, (unsigned)packlen);