Site Navigation

Date:      Mon, 16 Aug 2010 13:48:03 +0200
From:      =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To:        src-committers@freebsd.org
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org
Subject:   Re: svn commit: r211393 - head/lib/libutil
Message-ID:  <86bp924w3w.fsf@ds4.des.no>
In-Reply-To: <86mxsm4wff.fsf@ds4.des.no> ("Dag-Erling =?utf-8?Q?Sm=C3=B8rg?= =?utf-8?Q?rav=22's?= message of "Mon, 16 Aug 2010 13:41:08 %2B0200")
References:  <201008161132.o7GBWKhx097183@svn.freebsd.org> <86mxsm4wff.fsf@ds4.des.no>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Dag-Erling Sm=C3=B8rgrav <des@des.no> writes:
> Note that this commit semi-intentionally introduces another bug: in some
> cases, the user's limits will not be applied at all.  This is by far the
> lesser of two evils, and is easy (albeit time-consuming) to fix.

Specifically, each of the files listed below needs to be audited.  Those
that already call setusercontext() with the LOGIN_SETUSER flag set are
fine.  Those that don't need to do so either instead of or shortly after
calling setuid().

contrib/lukemftpd/src/ftpd.c:	setusercontext(NULL, getpwuid(0), 0,
contrib/lukemftpd/src/ftpd.c-		       LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|=
LOGIN_SETUMASK|LOGIN_SETMAC);
contrib/lukemftpd/src/ftpd.c-#endif
--
contrib/lukemftpd/src/ftpd.c:	setusercontext(lc, pw, 0,
contrib/lukemftpd/src/ftpd.c-		LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIOR=
ITY|
contrib/lukemftpd/src/ftpd.c-		LOGIN_SETRESOURCES|LOGIN_SETUMASK|LOGIN_SETM=
AC);
--
contrib/sendmail/src/deliver.c:				    setusercontext(NULL, pwd, pwd->pw_ui=
d,
contrib/sendmail/src/deliver.c-						   sucflags) =3D=3D -1 &&
contrib/sendmail/src/deliver.c-				    suidwarn)
--
contrib/sendmail/src/deliver.c:					syserr("openmailer: setusercontext() fa=
iled");
contrib/sendmail/src/deliver.c-					exit(EX_TEMPFAIL);
contrib/sendmail/src/deliver.c-				}
--
crypto/openssh/openbsd-compat/port-irix.c:irix_setusercontext(struct passwd=
 *pw)
crypto/openssh/openbsd-compat/port-irix.c-{
crypto/openssh/openbsd-compat/port-irix.c-#ifdef WITH_IRIX_PROJECT
--
crypto/openssh/session.c:		(void) setusercontext(lc, pw, pw->pw_uid,
crypto/openssh/session.c-		    LOGIN_SETENV|LOGIN_SETPATH);
crypto/openssh/session.c-		copy_environment(environ, &env, &envsize);
--
crypto/openssh/session.c:do_setusercontext(struct passwd *pw)
crypto/openssh/session.c-{
crypto/openssh/session.c-	char *chroot_path, *tmp;
--
crypto/openssh/session.c:		if (setusercontext(lc, pw, pw->pw_uid,
crypto/openssh/session.c-		    (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH=
|LOGIN_SETUSER))) < 0) {
crypto/openssh/session.c-			perror("unable to set user context");
--
crypto/openssh/session.c:		irix_setusercontext(pw);
crypto/openssh/session.c-# endif /* defined(WITH_IRIX_PROJECT) || defined(W=
ITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
crypto/openssh/session.c-# ifdef _AIX
--
crypto/openssh/session.c:		if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SET=
USER) < 0) {
crypto/openssh/session.c-			perror("unable to set user context (setuser)");
crypto/openssh/session.c-			exit(1);
--
crypto/openssh/session.c:		do_setusercontext(pw);
crypto/openssh/session.c-		child_close_fds();
crypto/openssh/session.c-		do_pwchange(s);
--
crypto/openssh/session.c:		do_setusercontext(pw);
crypto/openssh/session.c-		/*
crypto/openssh/session.c:		 * PAM session modules in do_setusercontext may =
have
crypto/openssh/session.c-		 * generated messages, so if this in an interact=
ive
crypto/openssh/session.c-		 * login then display them too.
--
crypto/openssh/sshd.c:	do_setusercontext(privsep_pw);
crypto/openssh/sshd.c-#else
crypto/openssh/sshd.c-	gidset[0] =3D privsep_pw->pw_gid;
--
crypto/openssh/sshd.c:	do_setusercontext(authctxt->pw);
crypto/openssh/sshd.c-
crypto/openssh/sshd.c- skip:
--
libexec/atrun/atrun.c:	if (setusercontext(NULL, pentry, uid, LOGIN_SETALL &
libexec/atrun/atrun.c-		~(LOGIN_SETPRIORITY | LOGIN_SETPATH | LOGIN_SETENV)=
) !=3D 0)
libexec/atrun/atrun.c:	    exit(EXIT_FAILURE);	/* setusercontext() logged t=
he error */
libexec/atrun/atrun.c-#else /* LOGIN_CAP */
libexec/atrun/atrun.c-	if (initgroups(pentry->pw_name,pentry->pw_gid))
--
libexec/atrun/atrun.c:	if (setusercontext(NULL, pentry, uid, LOGIN_SETALL) =
!=3D 0)
libexec/atrun/atrun.c:	    exit(EXIT_FAILURE);	/* setusercontext() logged t=
he error */
libexec/atrun/atrun.c-#else /* LOGIN_CAP */
libexec/atrun/atrun.c-	if (initgroups(pentry->pw_name,pentry->pw_gid))
--
libexec/ftpd/ftpd.c:	setusercontext(NULL, getpwuid(0), 0,
libexec/ftpd/ftpd.c-		       LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SET=
UMASK|
libexec/ftpd/ftpd.c-		       LOGIN_SETMAC);
--
libexec/ftpd/ftpd.c:	setusercontext(lc, pw, 0,
libexec/ftpd/ftpd.c-		LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY|
libexec/ftpd/ftpd.c-		LOGIN_SETRESOURCES|LOGIN_SETUMASK|LOGIN_SETMAC);
--
libexec/rshd/rshd.c:	if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROU=
P) !=3D 0) {
libexec/rshd/rshd.c:		syslog(LOG_ERR, "setusercontext: %m");
libexec/rshd/rshd.c-		exit(1);
libexec/rshd/rshd.c-	}
--
libexec/rshd/rshd.c:	if (setusercontext(lc, pwd, pwd->pw_uid,
libexec/rshd/rshd.c-		LOGIN_SETALL & ~LOGIN_SETGROUP) < 0) {
libexec/rshd/rshd.c:		syslog(LOG_ERR, "setusercontext(): %m");
libexec/rshd/rshd.c-		exit(1);
libexec/rshd/rshd.c-	}
--
release/picobsd/tinyware/login/pico-login.c:	 * We need to do this before s=
etusercontext() because that may
release/picobsd/tinyware/login/pico-login.c-	 * set or reset some environme=
nt variables.
release/picobsd/tinyware/login/pico-login.c-	 */
--
release/picobsd/tinyware/login/pico-login.c:	if (setusercontext(lc, pwd, pw=
d->pw_uid, LOGIN_SETGROUP) !=3D 0) {
release/picobsd/tinyware/login/pico-login.c:                syslog(LOG_ERR,=
 "setusercontext() failed - exiting");
release/picobsd/tinyware/login/pico-login.c-		exit(1);
release/picobsd/tinyware/login/pico-login.c-	}
--
release/picobsd/tinyware/login/pico-login.c:	if (setusercontext(lc, pwd, pw=
d->pw_uid,
release/picobsd/tinyware/login/pico-login.c-	    LOGIN_SETALL & ~(LOGIN_SET=
LOGIN|LOGIN_SETGROUP)) !=3D 0) {
release/picobsd/tinyware/login/pico-login.c:                syslog(LOG_ERR,=
 "setusercontext() failed - exiting");
release/picobsd/tinyware/login/pico-login.c-		exit(1);
release/picobsd/tinyware/login/pico-login.c-	}
--
sbin/init/init.c:		setusercontext(lc, (struct passwd*)NULL, 0,
sbin/init/init.c-		    LOGIN_SETPRIORITY | LOGIN_SETRESOURCES);
sbin/init/init.c-		login_close(lc);
--
usr.bin/login/login.c:	if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGR=
OUP) !=3D 0) {
usr.bin/login/login.c:		syslog(LOG_ERR, "setusercontext() failed - exiting"=
);
usr.bin/login/login.c-		bail(NO_SLEEP_EXIT, 1);
usr.bin/login/login.c-	}
--
usr.bin/login/login.c:	if (setusercontext(lc, pwd, pwd->pw_uid,
usr.bin/login/login.c-	    LOGIN_SETALL & ~(LOGIN_SETLOGIN|LOGIN_SETGROUP))=
 !=3D 0) {
usr.bin/login/login.c:		syslog(LOG_ERR, "setusercontext() failed - exiting"=
);
usr.bin/login/login.c-		exit(1);
usr.bin/login/login.c-	}
--
usr.bin/newgrp/newgrp.c:	setusercontext(lc, pwd, pwd->pw_uid,
usr.bin/newgrp/newgrp.c-	    LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV);
usr.bin/newgrp/newgrp.c-	login_close(lc);
--
usr.bin/su/su.c:	if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROUP) <=
 0)
usr.bin/su/su.c:		err(1, "setusercontext");
usr.bin/su/su.c-
usr.bin/su/su.c-	retcode =3D pam_setcred(pamh, PAM_ESTABLISH_CRED);
--
usr.bin/su/su.c:		if (setusercontext(lc, pwd, pwd->pw_uid, setwhat) < 0)
usr.bin/su/su.c:			err(1, "setusercontext");
usr.bin/su/su.c-
usr.bin/su/su.c-		if (!asme) {
--
usr.bin/su/su.c:				setusercontext(lc, pwd, pwd->pw_uid,
usr.bin/su/su.c-					LOGIN_SETPATH | LOGIN_SETUMASK |
usr.bin/su/su.c-					LOGIN_SETENV);
--
usr.sbin/cron/cron/do_command.c:		    setusercontext(lc, pwd, e->uid,
usr.sbin/cron/cron/do_command.c-			    LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN=
_SETENV)) =3D=3D 0)
usr.sbin/cron/cron/do_command.c-			(void) endpwent();
--
usr.sbin/cron/cron/popen.c:			    setusercontext(lc, pwd, e->uid,
usr.sbin/cron/cron/popen.c-				    LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SET=
ENV)) =3D=3D 0)
usr.sbin/cron/cron/popen.c-				(void) endpwent();
--
usr.sbin/daemon/daemon.c:	if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SE=
TALL) !=3D 0)
usr.sbin/daemon/daemon.c-		errx(1, "failed to set user environment");
usr.sbin/daemon/daemon.c-}
--
usr.sbin/inetd/inetd.c:				if (setusercontext(lc, pwd, pwd->pw_uid,
usr.sbin/inetd/inetd.c-				    LOGIN_SETALL & ~LOGIN_SETMAC)
usr.sbin/inetd/inetd.c-				    !=3D 0) {
--
usr.sbin/inetd/inetd.c:					 "%s: can't setusercontext(..%s..): %m",
usr.sbin/inetd/inetd.c-					 sep->se_service, sep->se_user);
usr.sbin/inetd/inetd.c-					_exit(EX_OSERR);
--
usr.sbin/jail/jail.c:		if (setusercontext(lcap, pwd, pwd->pw_uid,
usr.sbin/jail/jail.c-		    LOGIN_SETALL & ~LOGIN_SETGROUP & ~LOGIN_SETLOGIN=
) !=3D 0)
usr.sbin/jail/jail.c:			err(1, "setusercontext");
usr.sbin/jail/jail.c-		login_close(lcap);
usr.sbin/jail/jail.c-	}
--
usr.sbin/jexec/jexec.c:		if (setusercontext(lcap, pwd, pwd->pw_uid,
usr.sbin/jexec/jexec.c-		    LOGIN_SETALL & ~LOGIN_SETGROUP & ~LOGIN_SETLOG=
IN) !=3D 0)
usr.sbin/jexec/jexec.c:			err(1, "setusercontext");
usr.sbin/jexec/jexec.c-		login_close(lcap);
usr.sbin/jexec/jexec.c-	}

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86bp924w3w.fsf>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact