From d7aee5fb2399dfe24eb0a28dc1b67190f17d9a20 Mon Sep 17 00:00:00 2001 From: thib Date: Sun, 8 Jul 2001 12:40:43 +0000 Subject: [PATCH] get rid of the setre*() --- config.h.in | 10 +++++----- configure.in | 18 +++++++++--------- fcrontab.c | 46 ++++++++++++++++++++-------------------------- job.c | 23 +++-------------------- 4 files changed, 37 insertions(+), 60 deletions(-) diff --git a/config.h.in b/config.h.in index 7fcc512..f702673 100644 --- a/config.h.in +++ b/config.h.in @@ -21,7 +21,7 @@ * `LICENSE' that comes with the fcron source distribution. */ - /* $Id: config.h.in,v 1.33 2001-07-07 17:33:03 thib Exp $ */ + /* $Id: config.h.in,v 1.34 2001-07-08 12:41:52 thib Exp $ */ /* *********************************************************** */ @@ -233,11 +233,11 @@ /* Define if you have the setenv function. */ #undef HAVE_SETENV -/* Define if you have the setregid function. */ -#undef HAVE_SETREGID +/* Define if you have the setegid function. */ +#undef HAVE_SETEGID -/* Define if you have the setreuid function. */ -#undef HAVE_SETREUID +/* Define if you have the seteuid function. */ +#undef HAVE_SETEUID /* Define if you have the strerror function. */ #undef HAVE_STRERROR diff --git a/configure.in b/configure.in index cb272a5..00d2fe6 100644 --- a/configure.in +++ b/configure.in @@ -68,8 +68,8 @@ fi AC_CHECK_FUNCS(getcwd gettimeofday mktime putenv strerror setenv gethostname) AC_CHECK_FUNCS(mkstemp) AC_CHECK_FUNCS(flock lockf) -AC_CHECK_FUNCS(setreuid, [setreuid=1], [setreuid=0]) -AC_CHECK_FUNCS(setregid, [setregid=1], [setregid=0]) +AC_CHECK_FUNCS(seteuid, [seteuid=1], [seteuid=0]) +AC_CHECK_FUNCS(setegid, [setegid=1], [setegid=0]) dnl Checks for programs. @@ -554,7 +554,7 @@ ROOTGROUP="$rootgroup" AC_SUBST(ROOTGROUP) AC_DEFINE_UNQUOTED(ROOTGROUP, "$rootgroup") -if test \( $setreuid -eq 0 \) -o \( $setregid -eq 0 \) ; then +if test \( $seteuid -eq 0 \) -o \( $setegid -eq 0 \) ; then username="$rootname" groupname="$rootgroup" else @@ -567,7 +567,7 @@ AC_ARG_WITH(username, AC_MSG_ERROR(Need USERNAME.) ;; yes) - if test \( $setreuid -eq 1 \) -a \( $setregid -eq 1 \) ; then + if test \( $seteuid -eq 1 \) -a \( $setegid -eq 1 \) ; then username=fcron AC_MSG_RESULT(fcron) else @@ -575,7 +575,7 @@ AC_ARG_WITH(username, fi ;; *) - if test \( $setreuid -eq 1 \) -a \( $setregid -eq 1 \) ; then + if test \( $seteuid -eq 1 \) -a \( $setegid -eq 1 \) ; then username="$withval"; AC_MSG_RESULT($withval) else @@ -584,7 +584,7 @@ AC_ARG_WITH(username, fi ;; esac ], - if test \( $setreuid -eq 1 \) -a \( $setregid -eq 1 \) ; then + if test \( $seteuid -eq 1 \) -a \( $setegid -eq 1 \) ; then username=fcron AC_MSG_RESULT(fcron) else @@ -600,7 +600,7 @@ AC_ARG_WITH(groupname, AC_MSG_ERROR(Need GROUPNAME.) ;; yes) - if test \( $setreuid -eq 1 \) -a \( $setregid -eq 1 \) ; then + if test \( $seteuid -eq 1 \) -a \( $setegid -eq 1 \) ; then groupname=fcron AC_MSG_RESULT(fcron) else @@ -608,7 +608,7 @@ AC_ARG_WITH(groupname, fi ;; *) - if test \( $setreuid -eq 1 \) -a \( $setregid -eq 1 \) ; then + if test \( $seteuid -eq 1 \) -a \( $setegid -eq 1 \) ; then groupname="$withval"; AC_MSG_RESULT($withval) else @@ -617,7 +617,7 @@ AC_ARG_WITH(groupname, fi ;; esac ], - if test \( $setreuid -eq 1 \) -a \( $setregid -eq 1 \) ; then + if test \( $seteuid -eq 1 \) -a \( $setegid -eq 1 \) ; then groupname=fcron AC_MSG_RESULT(fcron) else diff --git a/fcrontab.c b/fcrontab.c index 06d9cf5..fcfa295 100644 --- a/fcrontab.c +++ b/fcrontab.c @@ -22,7 +22,7 @@ * `LICENSE' that comes with the fcron source distribution. */ - /* $Id: fcrontab.c,v 1.42 2001-07-07 17:30:32 thib Exp $ */ + /* $Id: fcrontab.c,v 1.43 2001-07-08 12:41:30 thib Exp $ */ /* * The goal of this program is simple : giving a user interface to fcron @@ -42,7 +42,7 @@ #include "fcrontab.h" -char rcs_info[] = "$Id: fcrontab.c,v 1.42 2001-07-07 17:30:32 thib Exp $"; +char rcs_info[] = "$Id: fcrontab.c,v 1.43 2001-07-08 12:41:30 thib Exp $"; void info(void); void usage(void); @@ -171,7 +171,7 @@ copy(char *orig, char *dest) /* create it as fcrontab_uid (to avoid problem if user's uid changed) * except for root. Root requires filesystem uid root for security * reasons */ -#if defined(HAVE_SETREGID) && defined(HAVE_SETREUID) +#if defined(HAVE_SETEGID) && defined(HAVE_SETEUID) if (asuid != 0 && seteuid(fcrontab_uid) != 0) error_e("seteuid(fcrontab_uid[%d])", fcrontab_uid); #endif @@ -179,7 +179,7 @@ copy(char *orig, char *dest) error_e("copy: dest"); return ERR; } -#if defined(HAVE_SETREGID) && defined(HAVE_SETREUID) +#if defined(HAVE_SETEGID) && defined(HAVE_SETEUID) if (asuid != 0 && seteuid(uid) != 0) die_e("seteuid(uid[%d])", uid); #endif @@ -222,7 +222,7 @@ remove_fcrontab(char rm_orig) error_e("could not remove %s", buf); } -#if defined(HAVE_SETREGID) && defined(HAVE_SETREUID) +#if defined(HAVE_SETEGID) && defined(HAVE_SETEUID) if (seteuid(fcrontab_uid) != 0) error_e("seteuid(fcrontab_uid[%d])", fcrontab_uid); #endif @@ -240,7 +240,7 @@ remove_fcrontab(char rm_orig) need_sig = 1; -#if defined(HAVE_SETREGID) && defined(HAVE_SETREUID) +#if defined(HAVE_SETEGID) && defined(HAVE_SETEUID) if (seteuid(uid) != 0) die_e("seteuid(uid[%d])", uid); #endif @@ -366,7 +366,7 @@ edit_file(char *buf) error_e("could not fdopen"); goto exiterr; } -#if ! (defined(HAVE_SETREGID) && defined(HAVE_SETREUID)) +#if ! (defined(HAVE_SETEGID) && defined(HAVE_SETEUID)) if (fchown(file, asuid, asgid) != 0) { error_e("Could not fchown %s to asuid and asgid", tmp_str); goto exiterr; @@ -404,27 +404,18 @@ edit_file(char *buf) switch ( pid = fork() ) { case 0: /* child */ -#if defined(HAVE_SETREGID) && defined(HAVE_SETREUID) - if (uid != 0) { - if (setregid(asgid, asgid) < 0) { - error_e("setregid(asgid, asgid)"); + if ( uid != 0 ) { + if (setgid(asgid) < 0) { + error_e("setgid(asgid)"); goto exiterr; } - if (setreuid(asuid, asuid) < 0) { - error_e("setreuid(asuid, asuid)"); + if (setuid(asuid) < 0) { + error_e("setuid(asuid)"); goto exiterr; } } -#else - if (setgid(asgid) < 0) { - error_e("setgid(asgid)"); - goto exiterr; - } - if (setuid(asuid) < 0) { - error_e("setuid(asuid)"); - goto exiterr; - } -#endif + debug("*** uid:%d euid:%d gid:%d egid:%d\n", getuid(), geteuid(), getgid(), getegid()); + execlp(cureditor, cureditor, tmp_str, NULL); error_e("Error while running \"%s\"", cureditor); goto exiterr; @@ -446,7 +437,7 @@ edit_file(char *buf) goto exiterr; } -#if ! (defined(HAVE_SETREGID) && defined(HAVE_SETREUID)) +#if ! (defined(HAVE_SETEGID) && defined(HAVE_SETEUID)) /* we have chown the tmp file to user's name : user may have * linked the tmp file to a file owned by root. In that case, as * fcrontab is setuid root, user may read some informations he is not @@ -460,7 +451,7 @@ edit_file(char *buf) int fd = 0; if ( (fd = open(tmp_str, O_RDONLY)) <= 0 || fstat(fd, &st) != 0 || ! S_ISREG(st.st_mode) || - S_ISLNK(st.st.mode) || st.st_uid != asuid || st.st_nlink > 1){ + S_ISLNK(st.st_mode) || st.st_uid != asuid || st.st_nlink > 1){ fprintf(stderr, "%s is not a valid regular file.\n", tmp_str); close(fd); goto exiterr; @@ -764,6 +755,8 @@ int main(int argc, char **argv) { + debug("*** uid:%d euid:%d gid:%d egid:%d\n", getuid(), geteuid(), getgid(), getegid()); + memset(buf, 0, sizeof(buf)); memset(file, 0, sizeof(file)); @@ -779,7 +772,7 @@ main(int argc, char **argv) /* interpret command line options */ parseopt(argc, argv); -#if defined(HAVE_SETREGID) && defined(HAVE_SETREUID) +#if defined(HAVE_SETEGID) && defined(HAVE_SETEUID) { struct passwd *pass; if ( ! (pass = getpwnam(USERNAME)) ) @@ -814,6 +807,7 @@ main(int argc, char **argv) #endif + debug("*** uid:%d euid:%d gid:%d egid:%d\n", getuid(), geteuid(), getgid(), getegid()); /* this program is seteuid : we set default permission mode * to 640 for security reasons */ umask(026); diff --git a/job.c b/job.c index 52656ee..3c374e6 100644 --- a/job.c +++ b/job.c @@ -22,7 +22,7 @@ * `LICENSE' that comes with the fcron source distribution. */ - /* $Id: job.c,v 1.39 2001-06-22 21:06:05 thib Exp $ */ + /* $Id: job.c,v 1.40 2001-07-08 12:40:43 thib Exp $ */ #include "fcron.h" #include "job.h" @@ -61,25 +61,8 @@ change_user(char *user_name) } #endif /* HAVE_SETENV */ + debug("*** uid:%d euid:%d gid:%d egid:%d\n", getuid(), geteuid(), getgid(), getegid()); /* Change running state to the user in question */ - -#if defined(HAVE_SETREGID) && defined(HAVE_SETREUID) - /* we need to become temporary root to do that */ - if (setreuid(0, 0) != 0 ) - die_e("Could not set uid to 0"); - if (setregid(0, 0) != 0 ) - die_e("Could not set gid to 0"); - - - if (initgroups(pas->pw_name, pas->pw_gid) < 0) - die_e("initgroups failed: %s", pas->pw_name); - - if (setregid(pas->pw_gid, pas->pw_gid) < 0) - die("setregid failed: %s %d", pas->pw_name, pas->pw_gid); - - if (setreuid(pas->pw_uid, pas->pw_uid) < 0) - die("setreuid failed: %s %d", pas->pw_name, pas->pw_uid); -#else if (initgroups(pas->pw_name, pas->pw_gid) < 0) die_e("initgroups failed: %s", pas->pw_name); @@ -88,7 +71,7 @@ change_user(char *user_name) if (setuid(pas->pw_uid) < 0) die("setuid failed: %s %d", pas->pw_name, pas->pw_uid); -#endif + debug("*** uid:%d euid:%d gid:%d egid:%d\n", getuid(), geteuid(), getgid(), getegid()); return(pas->pw_uid); } -- 2.40.0