git: 91629228e3df - main - comsat: move uid/gid setting earlier
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 02 Dec 2024 19:57:26 UTC
The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=91629228e3df14997df12ffc6e7be6b9964e5463 commit 91629228e3df14997df12ffc6e7be6b9964e5463 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2024-12-01 20:43:10 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2024-12-02 19:57:13 +0000 comsat: move uid/gid setting earlier It's good to reduce privilege as early as possible. Suggested by: jlduran Reviewed by: jlduran Obtained from: NetBSD Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47869 --- libexec/comsat/comsat.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c index e2aea1b709b6..d5d1eedeb5f3 100644 --- a/libexec/comsat/comsat.c +++ b/libexec/comsat/comsat.c @@ -59,7 +59,7 @@ static int debug = 0; static char hostname[MAXHOSTNAMELEN]; -static void jkfprintf(FILE *, char[], char[], off_t); +static void jkfprintf(FILE *, char[], off_t); static void mailfor(char *); static void notify(struct utmpx *, char[], off_t, int); static void reapchildren(int); @@ -147,6 +147,7 @@ notify(struct utmpx *utp, char file[], off_t offset, int folder) FILE *tp; struct stat stb; struct termios tio; + struct passwd *p; char tty[20]; const char *s = utp->ut_line; @@ -180,6 +181,14 @@ notify(struct utmpx *utp, char file[], off_t offset, int folder) } (void)tcgetattr(fileno(tp), &tio); cr = ((tio.c_oflag & (OPOST|ONLCR)) == (OPOST|ONLCR)) ? "\n" : "\n\r"; + + /* Set uid/gid/groups to user's in case mail drop is on nfs */ + if ((p = getpwnam(utp->ut_user)) == NULL || + initgroups(p->pw_name, p->pw_gid) == -1 || + setgid(p->pw_gid) == -1 || + setuid(p->pw_uid) == -1) + return; + switch (stb.st_mode & (S_IXUSR | S_IXGRP)) { case S_IXUSR: case (S_IXUSR | S_IXGRP): @@ -188,7 +197,7 @@ notify(struct utmpx *utp, char file[], off_t offset, int folder) cr, utp->ut_user, (int)sizeof(hostname), hostname, folder ? cr : "", folder ? "to " : "", folder ? file : "", cr, cr); - jkfprintf(tp, utp->ut_user, file, offset); + jkfprintf(tp, file, offset); break; case S_IXGRP: (void)fprintf(tp, "\007"); @@ -204,21 +213,13 @@ notify(struct utmpx *utp, char file[], off_t offset, int folder) } static void -jkfprintf(FILE *tp, char user[], char file[], off_t offset) +jkfprintf(FILE *tp, char file[], off_t offset) { unsigned char *cp, ch; FILE *fi; int linecnt, charcnt, inheader; - struct passwd *p; unsigned char line[BUFSIZ]; - /* Set uid/gid/groups to user's in case mail drop is on nfs */ - if ((p = getpwnam(user)) == NULL || - initgroups(p->pw_name, p->pw_gid) == -1 || - setgid(p->pw_gid) == -1 || - setuid(p->pw_uid) == -1) - return; - if ((fi = fopen(file, "r")) == NULL) return;