Re-implement my fix from rev 1.6 (same rev for both files being committed)

that was lost during the lite-2 merge. From the original commit message: Initialize the group list so that any filter programs that are run by lpd are not run with root's groups.
svn path=/head/; revision=60871
2025-01-11 17:04:19 +01:00 · 2000-05-24 11:38:50 +00:00 · 2000-05-24 11:38:50 +00:00 · 50545e9e59 · 2020-12-20 02:59:44 +00:00
commit 50545e9e59
parent 4efe647d8b
2 changed files with 20 additions and 2 deletions
--- a/usr.sbin/lpr/lpd/printjob.c
+++ b/usr.sbin/lpr/lpd/printjob.c
@ -1317,6 +1317,7 @@ dofork(pp, action)
 	int action;
 {
 	register int i, pid;
+	struct passwd *pwd;

 	for (i = 0; i < 20; i++) {
 		if ((pid = fork()) < 0) {
@ -1326,8 +1327,16 @@ dofork(pp, action)
 		/*
 		 * Child should run as daemon instead of root
 		 */
-		if (pid == 0)
+		if (pid == 0) {
+			if ((pwd = getpwuid(pp->daemon_user)) == NULL) {
+				syslog(LOG_ERR, "Can't lookup default daemon uid (%d) in password file",
+				    pp->daemon_user);
+				break;
+			}
+			initgroups(pwd->pw_name, pwd->pw_gid);
+			setgid(pwd->pw_gid);
 			setuid(pp->daemon_user);
+		}
 		return(pid);
 	}
 	syslog(LOG_ERR, "can't fork");
--- a/usr.sbin/lpr/runqueue/printjob.c
+++ b/usr.sbin/lpr/runqueue/printjob.c
@ -1307,6 +1307,7 @@ dofork(pp, action)
 	int action;
 {
 	register int i, pid;
+	struct passwd *pwd;

 	for (i = 0; i < 20; i++) {
 		if ((pid = fork()) < 0) {
@ -1316,8 +1317,16 @@ dofork(pp, action)
 		/*
 		 * Child should run as daemon instead of root
 		 */
-		if (pid == 0)
+		if (pid == 0) {
+			if ((pwd = getpwuid(pp->daemon_user)) == NULL) {
+				syslog(LOG_ERR, "Can't lookup default daemon uid (%d) in password file",
+				    pp->daemon_user);
+				break;
+			}
+			initgroups(pwd->pw_name, pwd->pw_gid);
+			setgid(pwd->pw_gid);
 			setuid(pp->daemon_user);
+		}
 		return(pid);
 	}
 	syslog(LOG_ERR, "can't fork");