git: d4dd9e22c138 - main - comsat: Use initgroups and setgid not just setuid
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 01 Dec 2024 20:30:50 UTC
The branch main has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=d4dd9e22c13896e6b5e2a6fc78dad4f8496cc14d
commit d4dd9e22c13896e6b5e2a6fc78dad4f8496cc14d
Author: Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2024-11-28 16:54:48 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2024-12-01 20:29:02 +0000
comsat: Use initgroups and setgid not just setuid
PR: 270404
Reviewed by: jlduran
Obtained from: NetBSD
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47828
---
libexec/comsat/comsat.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c
index 76f6190bea7b..e2aea1b709b6 100644
--- a/libexec/comsat/comsat.c
+++ b/libexec/comsat/comsat.c
@@ -212,10 +212,11 @@ jkfprintf(FILE *tp, char user[], char file[], off_t offset)
struct passwd *p;
unsigned char line[BUFSIZ];
- /* Set effective uid to user in case mail drop is on nfs */
- if ((p = getpwnam(user)) == NULL)
- return;
- if (setuid(p->pw_uid) != 0)
+ /* Set uid/gid/groups to user's in case mail drop is on nfs */
+ if ((p = getpwnam(user)) == NULL ||
+ initgroups(p->pw_name, p->pw_gid) == -1 ||
+ setgid(p->pw_gid) == -1 ||
+ setuid(p->pw_uid) == -1)
return;
if ((fi = fopen(file, "r")) == NULL)