From afb94ecf2bb6c53ce2a381d6ce45a426243c76d9 Mon Sep 17 00:00:00 2001 From: Rob Landley Date: Sun, 16 Jul 2006 08:06:34 +0000 Subject: Convert setuid/setgid users to xsetuid/xsetgid. --- loginutils/passwd.c | 5 +---- networking/arping.c | 3 ++- networking/ether-wake.c | 2 +- networking/fakeidentd.c | 4 ++-- networking/inetd.c | 6 +++--- networking/traceroute.c | 8 +++----- 6 files changed, 12 insertions(+), 16 deletions(-) diff --git a/loginutils/passwd.c b/loginutils/passwd.c index 5b828df..7745444 100644 --- a/loginutils/passwd.c +++ b/loginutils/passwd.c @@ -227,10 +227,7 @@ int passwd_main(int argc, char **argv) signal(SIGINT, SIG_IGN); signal(SIGQUIT, SIG_IGN); umask(077); - if (setuid(0)) { - syslog(LOG_ERR, "can't setuid(0)"); - bb_error_msg_and_die( "Cannot change ID to root.\n"); - } + xsetuid(0); if (!update_passwd(pw, crypt_passwd)) { syslog(LOG_INFO, "password for `%s' changed by user `%s'", name, myname); diff --git a/networking/arping.c b/networking/arping.c index 6cb6076..5665ddb 100644 --- a/networking/arping.c +++ b/networking/arping.c @@ -262,7 +262,8 @@ int arping_main(int argc, char **argv) s = socket(PF_PACKET, SOCK_DGRAM, 0); ifindex = errno; - setuid(getuid()); + // Drop suid root privileges + xsetuid(getuid()); { unsigned long opt; diff --git a/networking/ether-wake.c b/networking/ether-wake.c index b4fb0c2..1803d22 100644 --- a/networking/ether-wake.c +++ b/networking/ether-wake.c @@ -145,7 +145,7 @@ int etherwake_main(int argc, char *argv[]) s = make_socket(); /* now that we have a raw socket we can drop root */ - setuid(getuid()); + xsetuid(getuid()); /* look up the dest mac address */ get_dest_addr(argv[optind], &eaddr); diff --git a/networking/fakeidentd.c b/networking/fakeidentd.c index b5b70f5..9cdbc57 100644 --- a/networking/fakeidentd.c +++ b/networking/fakeidentd.c @@ -159,8 +159,8 @@ static int godaemon(void) close(0); inetbind(); - if (setgid(nogrp)) bb_error_msg_and_die("Could not setgid()"); - if (setuid(nobody)) bb_error_msg_and_die("Could not setuid()"); + xsetgid(nogrp); + xsetuid(nobody); close(1); close(2); diff --git a/networking/inetd.c b/networking/inetd.c index d50bbd3..54294b6 100644 --- a/networking/inetd.c +++ b/networking/inetd.c @@ -1513,11 +1513,11 @@ inetd_main (int argc, char *argv[]) if (sep->se_group) { pwd->pw_gid = grp->gr_gid; } - setgid ((gid_t) pwd->pw_gid); + xsetgid ((gid_t) pwd->pw_gid); initgroups (pwd->pw_name, pwd->pw_gid); - setuid ((uid_t) pwd->pw_uid); + xsetuid((uid_t) pwd->pw_uid); } else if (sep->se_group) { - setgid (grp->gr_gid); + xsetgid(grp->gr_gid); setgroups (1, &grp->gr_gid); } dup2 (ctrl, 0); diff --git a/networking/traceroute.c b/networking/traceroute.c index 79f3957..c2084fc 100644 --- a/networking/traceroute.c +++ b/networking/traceroute.c @@ -941,7 +941,6 @@ traceroute_main(int argc, char *argv[]) #endif u_short off = 0; struct IFADDRLIST *al; - int uid = getuid(); char *device = NULL; int max_ttl = 30; char *max_ttl_str = NULL; @@ -1010,8 +1009,7 @@ traceroute_main(int argc, char *argv[]) * set the ip source address of the outbound * probe (e.g., on a multi-homed host). */ - if (uid) - bb_error_msg_and_die("-s %s: Permission denied", source); + if (getuid()) bb_error_msg_and_die("-s %s: Permission denied", source); } if(waittime_str) waittime = str2val(waittime_str, "wait time", 2, 24 * 60 * 60); @@ -1160,8 +1158,8 @@ traceroute_main(int argc, char *argv[]) sizeof(on)); /* Revert to non-privileged user after opening sockets */ - setgid(getgid()); - setuid(uid); + xsetgid(getgid()); + xsetuid(getuid()); outip = (struct ip *)xcalloc(1, (unsigned)packlen); -- cgit v1.1