hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-12-18 05:53:36 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

comsat: Use initgroups and setgid not just setuid

Browse Source 
PR:		270404
Reviewed by:	jlduran
Obtained from:	NetBSD
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47828
This commit is contained in:
Ed Maste 2024-11-28 11:54:48 -05:00
parent 4294f1cac1
commit d4dd9e22c1
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libexec/comsat/comsat.c
View File

@ -212,10 +212,11 @@ jkfprintf(FILE *tp, char user[], char file[], off_t offset)
struct passwd *p;
unsigned char line[BUFSIZ];
/* Set effective uid to user in case mail drop is on nfs */
if ((p = getpwnam(user)) == NULL)
return;
if (setuid(p->pw_uid) != 0)
/* Set uid/gid/groups to user's in case mail drop is on nfs */
if ((p = getpwnam(user)) == NULL ||
initgroups(p->pw_name, p->pw_gid) == -1 ||
setgid(p->pw_gid) == -1 ||
setuid(p->pw_uid) == -1)
return;
if ((fi = fopen(file, "r")) == NULL)