From nobody Wed Dec 04 18:38:42 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Y3R9t6KfKz5g1Tj; Wed, 04 Dec 2024 18:38:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Y3R9t5qXsz40Wx; Wed, 4 Dec 2024 18:38:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1733337522; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=r6FbIw+Cth6hecl4N/aq4bwDVP4LYaLklbcGmmaPi00=; b=DDZEBhk4wscwuDxQWoCs+L5JYVRcN76HQTBGAFMrAmU0yJ0zzmTbT/CM5yX3X6/VyCR5fc m1+xuWieT0sDgb+3OPVmIWf1Co1Vop4A/hx86zaYw0jlh+Upe1ozP2m1PmJq7tMitF2PaP DHg30zhnQcwFmY5oqRkAsghdV7OESnREPgS2skNRI+jiIq6l8EyCkTVxzSpD+PkzCDqQpn OmS0Q8sGZd3NKdIdAGvVj+mqCxC9odbRRPLz3Ouz+JloTGVYMmK0Cs5MMQ57E6xBuRvBmu gzXPmpeEmYebgVEn0TOzHxtWR+uga1Rwi5KHAgXG0PacI/7Vh8DMPZJqPWB0WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1733337522; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=r6FbIw+Cth6hecl4N/aq4bwDVP4LYaLklbcGmmaPi00=; b=i7rYnmFWF02xtU75ZnfVOAtb5qzuiI0gKuQRUTqCG1XFMRAQO+zx2HizBJB1t9Aw8WiCMe EHBUVSpAKxFTwmy+Q5FJBs0fWCL9mofrR7mWXcemvz697suImFLh+AaB1XkgSYmTHaPmVU Jmg+ODKiyjBGV0mXxmb7lvpLIN45/cIgFLIXTr26+avHik5NxVLMEkteI5SWujzFcA8Ucp VpSxTJBiQ8coYPnGSegdHe9GvKBKwZp9Wi9GidJVgJ5OMNqqETCXHepszLf5wsALvl5AmW i3BrCMTO6n98vWeD7ohpAk7TI/iC45PlDDTb20fv8ozUxLhSDPjLtz7V9+Vs8w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1733337522; a=rsa-sha256; cv=none; b=TxsPcD2WwMLq5tSExPO3s36HZvI5Wp86nKHsRkyFJ0C8cJV8kncZFKHqTAtBwydajNU2uh Gh8YV8WQW5Fupi18jXieZLxUx0I3qKJeeR055Gj8hCjdB0B3/Rok+9FYdvZRNsq0RQT+ks okbKZ2lArPy6jJhp4VAL638uYFWhKUezQzEwRp+NOb4ziCXubpnIp43EK+EhsC+pScm0mu XHjNWWMofhJXB/5X0HLYzSFRcxok7PHDlaescBdPeAoQCkOcbnIgHlDRSEUkLVCIomFZ8A 2xejHltYyXQreA55B5rtAvI1crflSn2XCtoBIuMXYQ6fVlgiutEByphAeqqcVg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Y3R9t5JWvzJr4; Wed, 4 Dec 2024 18:38:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4B4IcgPN079405; Wed, 4 Dec 2024 18:38:42 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4B4IcgUm079402; Wed, 4 Dec 2024 18:38:42 GMT (envelope-from git) Date: Wed, 4 Dec 2024 18:38:42 GMT Message-Id: <202412041838.4B4IcgUm079402@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: bb9678f1ff68 - stable/14 - comsat: Use initgroups and setgid not just setuid List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: bb9678f1ff6881b036220045adb58047332cfb0d Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=bb9678f1ff6881b036220045adb58047332cfb0d commit bb9678f1ff6881b036220045adb58047332cfb0d Author: Ed Maste AuthorDate: 2024-11-28 16:54:48 +0000 Commit: Ed Maste CommitDate: 2024-12-04 18:38:31 +0000 comsat: Use initgroups and setgid not just setuid PR: 270404 Reviewed by: jlduran Obtained from: NetBSD Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47828 (cherry picked from commit d4dd9e22c13896e6b5e2a6fc78dad4f8496cc14d) --- libexec/comsat/comsat.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c index 3f94f8d56201..1a9fb443e68e 100644 --- a/libexec/comsat/comsat.c +++ b/libexec/comsat/comsat.c @@ -224,10 +224,11 @@ jkfprintf(FILE *tp, char user[], char file[], off_t offset) struct passwd *p; unsigned char line[BUFSIZ]; - /* Set effective uid to user in case mail drop is on nfs */ - if ((p = getpwnam(user)) == NULL) - return; - if (setuid(p->pw_uid) != 0) + /* Set uid/gid/groups to user's in case mail drop is on nfs */ + if ((p = getpwnam(user)) == NULL || + initgroups(p->pw_name, p->pw_gid) == -1 || + setgid(p->pw_gid) == -1 || + setuid(p->pw_uid) == -1) return; if ((fi = fopen(file, "r")) == NULL)