Date: Fri, 29 Sep 2000 23:07:33 -0600 From: Warner Losh <imp@village.org> To: Don Lewis <Don.Lewis@tsc.tdk.com> Cc: Jacques Vidrine <nectar@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libc/net hesiod.c Message-ID: <200009300507.e8U57YG24889@billy-club.village.org> In-Reply-To: Your message of "Fri, 29 Sep 2000 20:18:33 PDT." <200009300318.UAA19183@salsa.gv.tsc.tdk.com> References: <200009300318.UAA19183@salsa.gv.tsc.tdk.com> <200009291256.FAA32249@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200009300318.UAA19183@salsa.gv.tsc.tdk.com> Don Lewis writes:
: On Sep 29, 5:56am, Jacques Vidrine wrote:
: } Subject: cvs commit: src/lib/libc/net hesiod.c
: } nectar 2000/09/29 05:56:34 PDT
: }
: } Modified files:
: } lib/libc/net hesiod.c
: } Log:
: } Ignore HESIOD_CONFIG and HES_DOMAIN environmental variables for
: } set-user-ID and set-group-ID programs.
:
: Would a better test be to check issetugid()? The process may have
: already dropped privileges ...
I concur. One should use issetugid() rather than checking directly
against the uid/gid because we may have dropped privs already. This
is important because there are two reasons to check to see if we are
running at elevated privs. One is to prevent us from reading files
that the user might not ordinarily be able to read (which this test
catches) and the second is to make extra sure that we have a trusted
file when runing with elevated privs because the program might be able
to still get the elevated privs back. Buffer overflows are still
dangerous even after we've dropped privs because that revocation isn't
necessarily permanant and the egg code can often get them back. And I
think there's at least one reason that I'm forgetting...
Jacques, please apply the following to the file. I'll commit it
tomorrow morning if it hasn't been changed by then. I almost commited
this just now and in the process managed to leave a lock file behind.
cvs@ has been notified.
Index: hesiod.c
===================================================================
RCS file: /home/imp/FreeBSD/CVS/src/lib/libc/net/hesiod.c,v
retrieving revision 1.2
diff -u -r1.2 hesiod.c
--- hesiod.c 2000/09/29 12:56:33 1.2
+++ hesiod.c 2000/09/30 05:05:54
@@ -90,7 +90,7 @@
const char *p, *configname;
int trust;
- trust = geteuid() == getuid() && getegid() == getgid();
+ trust = !issetuid();
ctx = malloc(sizeof(struct hesiod_p));
if (ctx) {
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009300507.e8U57YG24889>