From: nekral-guest Date: Sat, 17 Nov 2007 20:28:32 +0000 (+0000) Subject: Last parts of the Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff: X-Git-Tag: 4.1.0~93 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8e568ef69728a48e6fa01937ffd3db509c54f9a0;p=shadow Last parts of the Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff: * src/chage.c: Make chage -l also drop the saved GID. * src/chage.c: Prefer setregid/setreuid to setgid/setuid. --- diff --git a/ChangeLog b/ChangeLog index ea37fafc..5904b548 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,9 +1,12 @@ 2007-11-17 Nicolas François + Fixes from Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff: * src/chage.c: Remove cleanup(). pw_lock is never called. Replace cleanup(2) by spw_unlock and remove the calls to cleanup(1). * src/chage.c: Remove variable pwrw. It is always set to 0. The password database is always read only. + * src/chage.c: Make chage -l also drop the saved GID. + * src/chage.c: Prefer setregid/setreuid to setgid/setuid. 2007-11-17 Nicolas François diff --git a/src/chage.c b/src/chage.c index cd3e185f..99791c8b 100644 --- a/src/chage.c +++ b/src/chage.c @@ -322,6 +322,7 @@ int main (int argc, char **argv) const struct spwd *sp; struct spwd spwd; uid_t ruid; + gid_t rgid; int amroot; const struct passwd *pw; struct passwd pwent; @@ -342,6 +343,7 @@ int main (int argc, char **argv) textdomain (PACKAGE); ruid = getuid (); + rgid = getgid (); amroot = (ruid == 0); #ifdef WITH_SELINUX if (amroot && is_selinux_enabled () > 0) @@ -547,7 +549,7 @@ int main (int argc, char **argv) exit (E_NOPERM); } - if (lflg && (setgid (getgid ()) || setuid (ruid))) { + if (lflg && (setregid (rgid, rgid) || setreuid (ruid, ruid))) { fprintf (stderr, _("%s: failed to drop privileges (%s)\n"), Prog, strerror (errno)); #ifdef WITH_AUDIT