mirror of
https://github.com/sheumann/hush.git
synced 2025-01-03 00:31:16 +00:00
Convert setuid/setgid users to xsetuid/xsetgid.
This commit is contained in:
parent
25c194fd19
commit
afb94ecf2b
@ -227,10 +227,7 @@ int passwd_main(int argc, char **argv)
|
||||
signal(SIGINT, SIG_IGN);
|
||||
signal(SIGQUIT, SIG_IGN);
|
||||
umask(077);
|
||||
if (setuid(0)) {
|
||||
syslog(LOG_ERR, "can't setuid(0)");
|
||||
bb_error_msg_and_die( "Cannot change ID to root.\n");
|
||||
}
|
||||
xsetuid(0);
|
||||
if (!update_passwd(pw, crypt_passwd)) {
|
||||
syslog(LOG_INFO, "password for `%s' changed by user `%s'", name,
|
||||
myname);
|
||||
|
@ -262,7 +262,8 @@ int arping_main(int argc, char **argv)
|
||||
s = socket(PF_PACKET, SOCK_DGRAM, 0);
|
||||
ifindex = errno;
|
||||
|
||||
setuid(getuid());
|
||||
// Drop suid root privileges
|
||||
xsetuid(getuid());
|
||||
|
||||
{
|
||||
unsigned long opt;
|
||||
|
@ -145,7 +145,7 @@ int etherwake_main(int argc, char *argv[])
|
||||
s = make_socket();
|
||||
|
||||
/* now that we have a raw socket we can drop root */
|
||||
setuid(getuid());
|
||||
xsetuid(getuid());
|
||||
|
||||
/* look up the dest mac address */
|
||||
get_dest_addr(argv[optind], &eaddr);
|
||||
|
@ -159,8 +159,8 @@ static int godaemon(void)
|
||||
|
||||
close(0);
|
||||
inetbind();
|
||||
if (setgid(nogrp)) bb_error_msg_and_die("Could not setgid()");
|
||||
if (setuid(nobody)) bb_error_msg_and_die("Could not setuid()");
|
||||
xsetgid(nogrp);
|
||||
xsetuid(nobody);
|
||||
close(1);
|
||||
close(2);
|
||||
|
||||
|
@ -1513,11 +1513,11 @@ inetd_main (int argc, char *argv[])
|
||||
if (sep->se_group) {
|
||||
pwd->pw_gid = grp->gr_gid;
|
||||
}
|
||||
setgid ((gid_t) pwd->pw_gid);
|
||||
xsetgid ((gid_t) pwd->pw_gid);
|
||||
initgroups (pwd->pw_name, pwd->pw_gid);
|
||||
setuid ((uid_t) pwd->pw_uid);
|
||||
xsetuid((uid_t) pwd->pw_uid);
|
||||
} else if (sep->se_group) {
|
||||
setgid (grp->gr_gid);
|
||||
xsetgid(grp->gr_gid);
|
||||
setgroups (1, &grp->gr_gid);
|
||||
}
|
||||
dup2 (ctrl, 0);
|
||||
|
@ -941,7 +941,6 @@ traceroute_main(int argc, char *argv[])
|
||||
#endif
|
||||
u_short off = 0;
|
||||
struct IFADDRLIST *al;
|
||||
int uid = getuid();
|
||||
char *device = NULL;
|
||||
int max_ttl = 30;
|
||||
char *max_ttl_str = NULL;
|
||||
@ -1010,8 +1009,7 @@ traceroute_main(int argc, char *argv[])
|
||||
* set the ip source address of the outbound
|
||||
* probe (e.g., on a multi-homed host).
|
||||
*/
|
||||
if (uid)
|
||||
bb_error_msg_and_die("-s %s: Permission denied", source);
|
||||
if (getuid()) bb_error_msg_and_die("-s %s: Permission denied", source);
|
||||
}
|
||||
if(waittime_str)
|
||||
waittime = str2val(waittime_str, "wait time", 2, 24 * 60 * 60);
|
||||
@ -1160,8 +1158,8 @@ traceroute_main(int argc, char *argv[])
|
||||
sizeof(on));
|
||||
|
||||
/* Revert to non-privileged user after opening sockets */
|
||||
setgid(getgid());
|
||||
setuid(uid);
|
||||
xsetgid(getgid());
|
||||
xsetuid(getuid());
|
||||
|
||||
outip = (struct ip *)xcalloc(1, (unsigned)packlen);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user