From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 31 Jul 2006 17:50:06 +0000 (+0000)
Subject: Add seteuid() flavor of set_perms() for systems without setreuid()
X-Git-Tag: SUDO_1_7_0~591
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ea8c5d5d2d771bf0e13dfaba3f2af0c4164098f7;p=sudo

Add seteuid() flavor of set_perms() for systems without setreuid()
or setresuid() that have a working seteuid().  Tested on Darwin.
---

diff --git a/config.h.in b/config.h.in
index be13ad794..16eeb64d2 100644
--- a/config.h.in
+++ b/config.h.in
@@ -260,6 +260,9 @@
 /* Define to 1 if you use SecurID for authentication. */
 #undef HAVE_SECURID
 
+/* Define to 1 if you have the `seteuid' function. */
+#undef HAVE_SETEUID
+
 /* Define to 1 if you have the `setlocale' function. */
 #undef HAVE_SETLOCALE
 
diff --git a/configure b/configure
index c57864ae0..af041dcc2 100755
--- a/configure
+++ b/configure
@@ -14238,6 +14238,110 @@ else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ SKIP_SETEUID=yes
+fi
+done
+
+fi
+if test -z "$SKIP_SETEUID"; then
+
+for ac_func in seteuid
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
 eval "$as_ac_var=no"
 fi
 rm -f conftest.err conftest.$ac_objext \
diff --git a/configure.in b/configure.in
index 6e6cf7399..40df095bf 100644
--- a/configure.in
+++ b/configure.in
@@ -1696,7 +1696,10 @@ if test -z "$SKIP_SETRESUID"; then
     AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
 fi
 if test -z "$SKIP_SETREUID"; then
-    AC_CHECK_FUNCS(setreuid)
+    AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
+fi
+if test -z "$SKIP_SETEUID"; then
+    AC_CHECK_FUNCS(seteuid)
 fi
 if test X"$with_interfaces" != X"no"; then
     AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
diff --git a/set_perms.c b/set_perms.c
index 42b181194..9cd5b8513 100644
--- a/set_perms.c
+++ b/set_perms.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994-1996,1998-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1994-1996,1998-2006 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -214,6 +214,84 @@ set_perms(perm)
 }
 
 # else /* !HAVE_SETRESUID && !HAVE_SETREUID */
+# ifdef HAVE_SETEUID
+
+/*
+ * Set real and effective uids and gids based on perm.
+ * NOTE: does not support the "stay_setuid" option.
+ */
+void
+set_perms(perm)
+    int perm;
+{
+    /*
+     * Since we only have setuid() and seteuid() and semantics
+     * for these calls differ on various systems, we set
+     * real and effective uids to ROOT_UID initially to be safe.
+     */
+    if (seteuid(ROOT_UID))
+	error(1, "seteuid(ROOT_UID)");
+    if (setuid(ROOT_UID))
+	error(1, "setuid(ROOT_UID)");
+
+    switch (perm) {
+	case PERM_FULL_ROOT:
+	case PERM_ROOT:
+				/* already set above */
+			      	break;
+
+	case PERM_USER:
+    	    	    	        (void) setegid(user_gid);
+				if (seteuid(user_uid))
+				    error(1, "seteuid(user_uid)");
+			      	break;
+				
+	case PERM_FULL_USER:
+				/* headed for exec() */
+    	    	    	        (void) setgid(user_gid);
+				if (setuid(user_uid))
+				    error(1, "setuid(user_uid)");
+			      	break;
+				
+	case PERM_RUNAS:
+				if (seteuid(runas_pw->pw_uid))
+				    error(1, "unable to change to runas uid");
+			      	break;
+
+	case PERM_FULL_RUNAS:
+				/* headed for exec() */
+				runas_setup();
+				if (setuid(runas_pw->pw_uid))
+				    error(1, "unable to change to runas uid");
+				break;
+
+	case PERM_SUDOERS:
+				if (setegid(SUDOERS_GID))
+				    error(1, "unable to change to sudoers gid");
+
+				/*
+				 * If SUDOERS_UID == ROOT_UID and SUDOERS_MODE
+				 * is group readable we use a non-zero
+				 * uid in order to avoid NFS lossage.
+				 * Using uid 1 is a bit bogus but should
+				 * work on all OS's.
+				 */
+				if (SUDOERS_UID == ROOT_UID) {
+				    if ((SUDOERS_MODE & 040) && seteuid(1))
+					error(1, "seteuid(1)");
+				} else {
+				    if (seteuid(SUDOERS_UID))
+					error(1, "seteuid(SUDOERS_UID)");
+				}
+			      	break;
+	case PERM_TIMESTAMP:
+				if (seteuid(timestamp_uid))
+				    error(1, "seteuid(timestamp_uid)");
+			      	break;
+    }
+}
+
+# else /* !HAVE_SETRESUID && !HAVE_SETREUID && !HAVE_SETEUID */
 
 /*
  * Set uids and gids based on perm via setuid() and setgid().
@@ -252,6 +330,7 @@ set_perms(perm)
 				break;
     }
 }
+#  endif /* HAVE_SETEUID */
 # endif /* HAVE_SETREUID */
 #endif /* HAVE_SETRESUID */