git: 062b69ba045d - main - comsat: Improve use of setuid()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 28 Nov 2024 13:05:17 UTC
The branch main has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=062b69ba045dc0fef3d9b8d73365d2798c05a480
commit 062b69ba045dc0fef3d9b8d73365d2798c05a480
Author: Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2024-11-27 20:36:46 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2024-11-28 13:04:10 +0000
comsat: Improve use of setuid()
Just return from jkfprintf if either (a) user lookup fails (that is,
getpwnam fails) or (b) setuid() to the user's uid fails. If comsat is
invoked from inetd using the default of tty:tty we will now return due
to setuid() failing rather than fopen() failing.
PR: 270404
Reviewed by: kevans
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47823
---
libexec/comsat/comsat.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c
index 2d2141238a4e..76f6190bea7b 100644
--- a/libexec/comsat/comsat.c
+++ b/libexec/comsat/comsat.c
@@ -213,8 +213,10 @@ jkfprintf(FILE *tp, char user[], char file[], off_t offset)
unsigned char line[BUFSIZ];
/* Set effective uid to user in case mail drop is on nfs */
- if ((p = getpwnam(user)) != NULL)
- (void) setuid(p->pw_uid);
+ if ((p = getpwnam(user)) == NULL)
+ return;
+ if (setuid(p->pw_uid) != 0)
+ return;
if ((fi = fopen(file, "r")) == NULL)
return;