The branch stable/14 has been updated by emaste:
URL:
https://cgit.FreeBSD.org/src/commit/?id=30bcbf8a2fefe81e28bd9e293d9ee970464b0da4
commit 30bcbf8a2fefe81e28bd9e293d9ee970464b0da4
Author: Ed Maste <ema...@freebsd.org>
AuthorDate: 2024-12-01 20:43:10 +0000
Commit: Ed Maste <ema...@freebsd.org>
CommitDate: 2024-12-04 18:38:31 +0000
comsat: move uid/gid setting earlier
It's good to reduce privilege as early as possible.
Suggested by: jlduran
Reviewed by: jlduran
Obtained from: NetBSD
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47869
(cherry picked from commit 91629228e3df14997df12ffc6e7be6b9964e5463)
---
libexec/comsat/comsat.c | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c
index 1a9fb443e68e..2358336be61a 100644
--- a/libexec/comsat/comsat.c
+++ b/libexec/comsat/comsat.c
@@ -71,7 +71,7 @@ static int debug = 0;
static char hostname[MAXHOSTNAMELEN];
-static void jkfprintf(FILE *, char[], char[], off_t);
+static void jkfprintf(FILE *, char[], off_t);
static void mailfor(char *);
static void notify(struct utmpx *, char[], off_t, int);
static void reapchildren(int);
@@ -159,6 +159,7 @@ notify(struct utmpx *utp, char file[], off_t offset, int
folder)
FILE *tp;
struct stat stb;
struct termios tio;
+ struct passwd *p;
char tty[20];
const char *s = utp->ut_line;
@@ -192,6 +193,14 @@ notify(struct utmpx *utp, char file[], off_t offset, int
folder)
}
(void)tcgetattr(fileno(tp), &tio);
cr = ((tio.c_oflag & (OPOST|ONLCR)) == (OPOST|ONLCR)) ? "\n" : "\n\r";
+
+ /* Set uid/gid/groups to user's in case mail drop is on nfs */
+ if ((p = getpwnam(utp->ut_user)) == NULL ||
+ initgroups(p->pw_name, p->pw_gid) == -1 ||
+ setgid(p->pw_gid) == -1 ||
+ setuid(p->pw_uid) == -1)
+ return;
+
switch (stb.st_mode & (S_IXUSR | S_IXGRP)) {
case S_IXUSR:
case (S_IXUSR | S_IXGRP):
@@ -200,7 +209,7 @@ notify(struct utmpx *utp, char file[], off_t offset, int
folder)
cr, utp->ut_user, (int)sizeof(hostname), hostname,
folder ? cr : "", folder ? "to " : "", folder ? file : "",
cr, cr);
- jkfprintf(tp, utp->ut_user, file, offset);
+ jkfprintf(tp, file, offset);
break;
case S_IXGRP:
(void)fprintf(tp, "\007");
@@ -216,21 +225,13 @@ notify(struct utmpx *utp, char file[], off_t offset, int
folder)
}
static void
-jkfprintf(FILE *tp, char user[], char file[], off_t offset)
+jkfprintf(FILE *tp, char file[], off_t offset)
{
unsigned char *cp, ch;
FILE *fi;
int linecnt, charcnt, inheader;
- struct passwd *p;
unsigned char line[BUFSIZ];
- /* Set uid/gid/groups to user's in case mail drop is on nfs */
- if ((p = getpwnam(user)) == NULL ||
- initgroups(p->pw_name, p->pw_gid) == -1 ||
- setgid(p->pw_gid) == -1 ||
- setuid(p->pw_uid) == -1)
- return;
-
if ((fi = fopen(file, "r")) == NULL)
return;
