diff options
| author | Warner Losh <imp@FreeBSD.org> | 1997-12-30 05:13:21 +0000 |
|---|---|---|
| committer | Warner Losh <imp@FreeBSD.org> | 1997-12-30 05:13:21 +0000 |
| commit | 15678bfa0353347ff79322b508941e53e9919ae5 (patch) | |
| tree | f1fd7ba9b5c398992b551302f93440650db76d15 /sbin/ccdconfig/ccdconfig.c | |
| parent | f0da8de1866dec89d00aec8a90f70a8416c8f6da (diff) | |
| download | src-15678bfa0353347ff79322b508941e53e9919ae5.tar.gz src-15678bfa0353347ff79322b508941e53e9919ae5.zip | |
Properly drop group privs to open file names specified by the user.
Submitted by: Niall Smart rotel@indigo.ie
Obtained from: OpenBSD (rev 1.7 and 1.8)
Notes
Notes:
svn path=/head/; revision=32116
Diffstat (limited to 'sbin/ccdconfig/ccdconfig.c')
| -rw-r--r-- | sbin/ccdconfig/ccdconfig.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/sbin/ccdconfig/ccdconfig.c b/sbin/ccdconfig/ccdconfig.c index 1045a9b1e470..4d18a9c36fea 100644 --- a/sbin/ccdconfig/ccdconfig.c +++ b/sbin/ccdconfig/ccdconfig.c @@ -1,4 +1,4 @@ -/* $Id: ccdconfig.c,v 1.6 1997/02/22 14:32:10 peter Exp $ */ +/* $Id: ccdconfig.c,v 1.7 1997/06/10 11:04:50 charnier Exp $ */ /* $NetBSD: ccdconfig.c,v 1.2.2.1 1995/11/11 02:43:35 thorpej Exp $ */ @@ -161,6 +161,15 @@ main(argc, argv) if (options > 1) usage(); + /* + * Discard setgid privileges if not the running kernel so that bad + * guys can't print interesting stuff from kernel memory. + */ + if (core != NULL || kernel != NULL || action != CCD_DUMP) { + setegid(getgid()); + setgid(getgid()); + } + switch (action) { case CCD_CONFIG: case CCD_UNCONFIG: @@ -307,11 +316,16 @@ do_all(action) char line[_POSIX2_LINE_MAX]; char *cp, **argv; int argc, rval; + gid_t egid; + egid = getegid(); + setegid(getgid()); if ((f = fopen(ccdconf, "r")) == NULL) { + setegid(egid); warn("fopen: %s", ccdconf); return (1); } + setegid(egid); while (fgets(line, sizeof(line), f) != NULL) { argc = 0; |