From nobody Mon Dec 02 21:10:45 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Y2GfG1dZdz5gRfc; Mon, 02 Dec 2024 21:10:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Y2GfF6n0Jz42J7; Mon, 2 Dec 2024 21:10:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1733173846; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=uVkdO3lqxgpmux/X3r+1kwFznaSFN0TTqwMiPEnLPUI=; b=t6/KrKhvk7WOnhcjPjcbysB0r7prISfglHLQ6/DMJUsU2o+7Ofh5xIf0yKV1Ew+8bSf5OE 62GAcKPmD5FjAm25h3t9U/lYswbWyIFpvs8JJp88GoT9JnalQeBg4Ow/HMsh0YkAHMHXTV 69IBk57ZqczH8a+TEgY0vjEjfvZ/Q06BNNu9xLRJlrBINTkrnQVkdea5DXa6N0uuWo+TKI +G/hHyuEMYHBmgx3I5Xyj2TLJS8VxUZQvXsZ9JHG7gjMsjXjFVs9LvdFbhEhOZyyM+NZFG 8OoeAAB3nPQphOwtDyPO/NSmNXMumHiZLS+jbRLADqVnWJ53scpntNV2XMHRkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1733173845; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=uVkdO3lqxgpmux/X3r+1kwFznaSFN0TTqwMiPEnLPUI=; b=JGvwVNQtRWo9jApgFsbgr8snMIjuwyCgbjLKweRag8KROQO65/W+R8WwVY5BKmv88oKIs9 Ravqeb2uYgIKSEaamNy/SmTAUAu8dq9GblsK/Ks7bqdc/4WpA1vfIqdgyu85s7DKglEhXe OFTGMMji3uWZ2kZp1dUoNP+6+0ba9Lod2uq+DZsW9Kbw2jxZWVAqz3LzJq2WQBJpytIlVm 6+HgwzBYK39Ccs6HtKJ6TKJ0HwhmlwdtnD8wAcC0S/M0iSmpNc3dSntaaZdS2q3MHaAWvx EFUyQiAInjyffqt199tKWwxrSl0I66a3ILl9+/ROCt2w9ooYq337tnwul9IZqQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1733173845; a=rsa-sha256; cv=none; b=l6TAb9RoySXLs2vO5Fn6DAXFX/9y1RwYOWP0+yQr8sCGNjhUmZo7jmLicp/C6O53T9d++U xJ6YK3B2FEMVF3y2M9smTRUS9SHOjzks8YJuUNTzFHMNL9q6n32sKwPFYkJgsoBc/DxTHT 22FHB5yDQvB+Yq+BakRmeBgYiPgtQv51F1wy9JFtC+X1yNZ/z+TSmtx7ELdbQ4BelRkb96 aL/vulxipFRBNvheETrrB6hMzXRAS0kZuYzV/jrov7xXX/lKzwjQpuWOvbLMBd+pZ/CaU9 ae0ICwhqauLC9GAqenOGpENzbpxTQiB2wAdRdmar7tf1jB7x2oeqkWnfljVl/g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Y2GfF6NH8ztfC; Mon, 2 Dec 2024 21:10:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4B2LAj41002585; Mon, 2 Dec 2024 21:10:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4B2LAj0w002582; Mon, 2 Dec 2024 21:10:45 GMT (envelope-from git) Date: Mon, 2 Dec 2024 21:10:45 GMT Message-Id: <202412022110.4B2LAj0w002582@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 957f7a2a58e5 - stable/14 - comsat: Improve use of setuid() List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 957f7a2a58e550bd31d8ebec67f99d19087746a2 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=957f7a2a58e550bd31d8ebec67f99d19087746a2 commit 957f7a2a58e550bd31d8ebec67f99d19087746a2 Author: Ed Maste AuthorDate: 2024-11-27 20:36:46 +0000 Commit: Ed Maste CommitDate: 2024-12-02 21:10:31 +0000 comsat: Improve use of setuid() Just return from jkfprintf if either (a) user lookup fails (that is, getpwnam fails) or (b) setuid() to the user's uid fails. If comsat is invoked from inetd using the default of tty:tty we will now return due to setuid() failing rather than fopen() failing. PR: 270404 Reviewed by: kevans Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47823 (cherry picked from commit 062b69ba045dc0fef3d9b8d73365d2798c05a480) --- libexec/comsat/comsat.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c index 138881db9e4a..3f94f8d56201 100644 --- a/libexec/comsat/comsat.c +++ b/libexec/comsat/comsat.c @@ -225,8 +225,10 @@ jkfprintf(FILE *tp, char user[], char file[], off_t offset) unsigned char line[BUFSIZ]; /* Set effective uid to user in case mail drop is on nfs */ - if ((p = getpwnam(user)) != NULL) - (void) setuid(p->pw_uid); + if ((p = getpwnam(user)) == NULL) + return; + if (setuid(p->pw_uid) != 0) + return; if ((fi = fopen(file, "r")) == NULL) return;