From nobody Thu Nov 28 13:05:17 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Xzc3y0tmhz5fhP7; Thu, 28 Nov 2024 13:05:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Xzc3y0McNz4jXm; Thu, 28 Nov 2024 13:05:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732799118; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2ZWARazbgyXZbxFjCpVKFogIWRx42opCkXlk3Y5Urm4=; b=CEL6TJYRWLqFAw8mDlU3XOfjQ91M190HibjNHQ56Mx6U826/1CRk6X50D/4ZaCAkuVN+hq 9MWZfcdSBiq3YRwX1ABHl/bvgv7+r87XW2be1OVUCk4Ufwtxo3R24kyOwBCoUrxKa7Rtn0 U7BTLJZWXJyqpfE39krKv50UKVj1XvqAv0UqTw6oxaM+6DZADTge/c0uHojyJMRObyYT/5 +09XceUd4WDpowIHQktbW9KMuadQ8c2UV/vBDq9UG4CWBpD585kgn4BJq4/aDOHJxyzrfi L/GGt3ATBKdpV7hB6dZciPCivYU7fU8LGqo3pVdJSZi+9goveifmizETX/D7pA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732799118; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2ZWARazbgyXZbxFjCpVKFogIWRx42opCkXlk3Y5Urm4=; b=V2cQF2piSOEf91C/zQDoFxL1hcqKuB7wzxboag4KxfeW9Nvgt9aDWgY5bxyKpBtAgUESsd kvcWFJ1cpKZMM2sPM9nK9Qe3D+k7OZSug+4twuZsKmw0PZxVdZcZt74P0BB53DnZE8FUOF sXElMw3FxJq2YwE/P5wj4FjBJCqGXaPVAqqUbuKwxTvZiUUJBesa+bYZ7yiDt3N8oowArd 6Ii/fnl7oSYhasyJbBAHPXIKqPvoTGwc4ogkc+htQGT4sTAnZ7KO4dv00hId6AULrKn5SO j3a49h6tChBceHBu5i4bDDKDEA8aU1yUhamKYdFT/Yu1zgzci3CcFpCRK+siiw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1732799118; a=rsa-sha256; cv=none; b=O9KxdhuqNKsq+ZVFdthyGpgpZ7tcp9FeLzQ3/nuz3/jxTO0dgmZatFI4FcwIkgUuXnahtn dc812cfJHU8NZQzFn5ME6gGs6VeFbq+CxBDKsg9SMPl9soEU/LL/lE86JkcJzJyG7pWW3n 8LcQNRU3DImaFrNH47KnEqItttS9D5nTNiZCYk/MKXAYUMYPJSSVTkhKiFocCfS09HSpzg ZQcI65nO3AIzvAsRE65KFZ2vrL3Z3sfhq8DVMpc7ex0vLuX6YayMdP2M5zAfz301pu2zhy FaxYAKtsW8myKCbz1cUGEufreh0ZsBeJBMlXvJj8FFtjBFm/3BtcHh9Cnxp7xg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Xzc3x6ySvzftq; Thu, 28 Nov 2024 13:05:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4ASD5HuX067633; Thu, 28 Nov 2024 13:05:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4ASD5HRO067630; Thu, 28 Nov 2024 13:05:17 GMT (envelope-from git) Date: Thu, 28 Nov 2024 13:05:17 GMT Message-Id: <202411281305.4ASD5HRO067630@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ed Maste Subject: git: 062b69ba045d - main - comsat: Improve use of setuid() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 062b69ba045dc0fef3d9b8d73365d2798c05a480 Auto-Submitted: auto-generated The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=062b69ba045dc0fef3d9b8d73365d2798c05a480 commit 062b69ba045dc0fef3d9b8d73365d2798c05a480 Author: Ed Maste AuthorDate: 2024-11-27 20:36:46 +0000 Commit: Ed Maste CommitDate: 2024-11-28 13:04:10 +0000 comsat: Improve use of setuid() Just return from jkfprintf if either (a) user lookup fails (that is, getpwnam fails) or (b) setuid() to the user's uid fails. If comsat is invoked from inetd using the default of tty:tty we will now return due to setuid() failing rather than fopen() failing. PR: 270404 Reviewed by: kevans Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47823 --- libexec/comsat/comsat.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c index 2d2141238a4e..76f6190bea7b 100644 --- a/libexec/comsat/comsat.c +++ b/libexec/comsat/comsat.c @@ -213,8 +213,10 @@ jkfprintf(FILE *tp, char user[], char file[], off_t offset) unsigned char line[BUFSIZ]; /* Set effective uid to user in case mail drop is on nfs */ - if ((p = getpwnam(user)) != NULL) - (void) setuid(p->pw_uid); + if ((p = getpwnam(user)) == NULL) + return; + if (setuid(p->pw_uid) != 0) + return; if ((fi = fopen(file, "r")) == NULL) return;