Re: svn commit: r211393 - head/lib/libutil

[Dag-Erling Smørgrav]

Dag-Erling Smørgrav <d...@des.no> writes:
> Note that this commit semi-intentionally introduces another bug: in some
> cases, the user's limits will not be applied at all.  This is by far the
> lesser of two evils, and is easy (albeit time-consuming) to fix.

Specifically, each of the files listed below needs to be audited.  Those
that already call setusercontext() with the LOGIN_SETUSER flag set are
fine.  Those that don't need to do so either instead of or shortly after
calling setuid().

contrib/lukemftpd/src/ftpd.c:   setusercontext(NULL, getpwuid(0), 0,
contrib/lukemftpd/src/ftpd.c-                  
LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK|LOGIN_SETMAC);
contrib/lukemftpd/src/ftpd.c-#endif
--
contrib/lukemftpd/src/ftpd.c:   setusercontext(lc, pw, 0,
contrib/lukemftpd/src/ftpd.c-           
LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY|
contrib/lukemftpd/src/ftpd.c-           
LOGIN_SETRESOURCES|LOGIN_SETUMASK|LOGIN_SETMAC);
--
contrib/sendmail/src/deliver.c:                             
setusercontext(NULL, pwd, pwd->pw_uid,
contrib/sendmail/src/deliver.c-                                            
sucflags) == -1 &&
contrib/sendmail/src/deliver.c-                             suidwarn)
--
contrib/sendmail/src/deliver.c:                                 
syserr("openmailer: setusercontext() failed");
contrib/sendmail/src/deliver.c-                                 
exit(EX_TEMPFAIL);
contrib/sendmail/src/deliver.c-                         }
--
crypto/openssh/openbsd-compat/port-irix.c:irix_setusercontext(struct passwd *pw)
crypto/openssh/openbsd-compat/port-irix.c-{
crypto/openssh/openbsd-compat/port-irix.c-#ifdef WITH_IRIX_PROJECT
--
crypto/openssh/session.c:               (void) setusercontext(lc, pw, 
pw->pw_uid,
crypto/openssh/session.c-                   LOGIN_SETENV|LOGIN_SETPATH);
crypto/openssh/session.c-               copy_environment(environ, &env, 
&envsize);
--
crypto/openssh/session.c:do_setusercontext(struct passwd *pw)
crypto/openssh/session.c-{
crypto/openssh/session.c-       char *chroot_path, *tmp;
--
crypto/openssh/session.c:               if (setusercontext(lc, pw, pw->pw_uid,
crypto/openssh/session.c-                   (LOGIN_SETALL & 
~(LOGIN_SETENV|LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
crypto/openssh/session.c-                       perror("unable to set user 
context");
--
crypto/openssh/session.c:               irix_setusercontext(pw);
crypto/openssh/session.c-# endif /* defined(WITH_IRIX_PROJECT) || 
defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
crypto/openssh/session.c-# ifdef _AIX
--
crypto/openssh/session.c:               if (setusercontext(lc, pw, pw->pw_uid, 
LOGIN_SETUSER) < 0) {
crypto/openssh/session.c-                       perror("unable to set user 
context (setuser)");
crypto/openssh/session.c-                       exit(1);
--
crypto/openssh/session.c:               do_setusercontext(pw);
crypto/openssh/session.c-               child_close_fds();
crypto/openssh/session.c-               do_pwchange(s);
--
crypto/openssh/session.c:               do_setusercontext(pw);
crypto/openssh/session.c-               /*
crypto/openssh/session.c:                * PAM session modules in 
do_setusercontext may have
crypto/openssh/session.c-                * generated messages, so if this in an 
interactive
crypto/openssh/session.c-                * login then display them too.
--
crypto/openssh/sshd.c:  do_setusercontext(privsep_pw);
crypto/openssh/sshd.c-#else
crypto/openssh/sshd.c-  gidset[0] = privsep_pw->pw_gid;
--
crypto/openssh/sshd.c:  do_setusercontext(authctxt->pw);
crypto/openssh/sshd.c-
crypto/openssh/sshd.c- skip:
--
libexec/atrun/atrun.c:  if (setusercontext(NULL, pentry, uid, LOGIN_SETALL &
libexec/atrun/atrun.c-          ~(LOGIN_SETPRIORITY | LOGIN_SETPATH | 
LOGIN_SETENV)) != 0)
libexec/atrun/atrun.c:      exit(EXIT_FAILURE); /* setusercontext() logged the 
error */
libexec/atrun/atrun.c-#else /* LOGIN_CAP */
libexec/atrun/atrun.c-  if (initgroups(pentry->pw_name,pentry->pw_gid))
--
libexec/atrun/atrun.c:  if (setusercontext(NULL, pentry, uid, LOGIN_SETALL) != 
0)
libexec/atrun/atrun.c:      exit(EXIT_FAILURE); /* setusercontext() logged the 
error */
libexec/atrun/atrun.c-#else /* LOGIN_CAP */
libexec/atrun/atrun.c-  if (initgroups(pentry->pw_name,pentry->pw_gid))
--
libexec/ftpd/ftpd.c:    setusercontext(NULL, getpwuid(0), 0,
libexec/ftpd/ftpd.c-                   
LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK|
libexec/ftpd/ftpd.c-                   LOGIN_SETMAC);
--
libexec/ftpd/ftpd.c:    setusercontext(lc, pw, 0,
libexec/ftpd/ftpd.c-            LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY|
libexec/ftpd/ftpd.c-            LOGIN_SETRESOURCES|LOGIN_SETUMASK|LOGIN_SETMAC);
--
libexec/rshd/rshd.c:    if (setusercontext(lc, pwd, pwd->pw_uid, 
LOGIN_SETGROUP) != 0) {
libexec/rshd/rshd.c:            syslog(LOG_ERR, "setusercontext: %m");
libexec/rshd/rshd.c-            exit(1);
libexec/rshd/rshd.c-    }
--
libexec/rshd/rshd.c:    if (setusercontext(lc, pwd, pwd->pw_uid,
libexec/rshd/rshd.c-            LOGIN_SETALL & ~LOGIN_SETGROUP) < 0) {
libexec/rshd/rshd.c:            syslog(LOG_ERR, "setusercontext(): %m");
libexec/rshd/rshd.c-            exit(1);
libexec/rshd/rshd.c-    }
--
release/picobsd/tinyware/login/pico-login.c:     * We need to do this before 
setusercontext() because that may
release/picobsd/tinyware/login/pico-login.c-     * set or reset some 
environment variables.
release/picobsd/tinyware/login/pico-login.c-     */
--
release/picobsd/tinyware/login/pico-login.c:    if (setusercontext(lc, pwd, 
pwd->pw_uid, LOGIN_SETGROUP) != 0) {
release/picobsd/tinyware/login/pico-login.c:                syslog(LOG_ERR, 
"setusercontext() failed - exiting");
release/picobsd/tinyware/login/pico-login.c-            exit(1);
release/picobsd/tinyware/login/pico-login.c-    }
--
release/picobsd/tinyware/login/pico-login.c:    if (setusercontext(lc, pwd, 
pwd->pw_uid,
release/picobsd/tinyware/login/pico-login.c-        LOGIN_SETALL & 
~(LOGIN_SETLOGIN|LOGIN_SETGROUP)) != 0) {
release/picobsd/tinyware/login/pico-login.c:                syslog(LOG_ERR, 
"setusercontext() failed - exiting");
release/picobsd/tinyware/login/pico-login.c-            exit(1);
release/picobsd/tinyware/login/pico-login.c-    }
--
sbin/init/init.c:               setusercontext(lc, (struct passwd*)NULL, 0,
sbin/init/init.c-                   LOGIN_SETPRIORITY | LOGIN_SETRESOURCES);
sbin/init/init.c-               login_close(lc);
--
usr.bin/login/login.c:  if (setusercontext(lc, pwd, pwd->pw_uid, 
LOGIN_SETGROUP) != 0) {
usr.bin/login/login.c:          syslog(LOG_ERR, "setusercontext() failed - 
exiting");
usr.bin/login/login.c-          bail(NO_SLEEP_EXIT, 1);
usr.bin/login/login.c-  }
--
usr.bin/login/login.c:  if (setusercontext(lc, pwd, pwd->pw_uid,
usr.bin/login/login.c-      LOGIN_SETALL & ~(LOGIN_SETLOGIN|LOGIN_SETGROUP)) != 
0) {
usr.bin/login/login.c:          syslog(LOG_ERR, "setusercontext() failed - 
exiting");
usr.bin/login/login.c-          exit(1);
usr.bin/login/login.c-  }
--
usr.bin/newgrp/newgrp.c:        setusercontext(lc, pwd, pwd->pw_uid,
usr.bin/newgrp/newgrp.c-            LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV);
usr.bin/newgrp/newgrp.c-        login_close(lc);
--
usr.bin/su/su.c:        if (setusercontext(lc, pwd, pwd->pw_uid, 
LOGIN_SETGROUP) < 0)
usr.bin/su/su.c:                err(1, "setusercontext");
usr.bin/su/su.c-
usr.bin/su/su.c-        retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
--
usr.bin/su/su.c:                if (setusercontext(lc, pwd, pwd->pw_uid, 
setwhat) < 0)
usr.bin/su/su.c:                        err(1, "setusercontext");
usr.bin/su/su.c-
usr.bin/su/su.c-                if (!asme) {
--
usr.bin/su/su.c:                                setusercontext(lc, pwd, 
pwd->pw_uid,
usr.bin/su/su.c-                                        LOGIN_SETPATH | 
LOGIN_SETUMASK |
usr.bin/su/su.c-                                        LOGIN_SETENV);
--
usr.sbin/cron/cron/do_command.c:                    setusercontext(lc, pwd, 
e->uid,
usr.sbin/cron/cron/do_command.c-                            LOGIN_SETALL & 
~(LOGIN_SETPATH|LOGIN_SETENV)) == 0)
usr.sbin/cron/cron/do_command.c-                        (void) endpwent();
--
usr.sbin/cron/cron/popen.c:                         setusercontext(lc, pwd, 
e->uid,
usr.sbin/cron/cron/popen.c-                                 LOGIN_SETALL & 
~(LOGIN_SETPATH|LOGIN_SETENV)) == 0)
usr.sbin/cron/cron/popen.c-                             (void) endpwent();
--
usr.sbin/daemon/daemon.c:       if (setusercontext(NULL, pw, pw->pw_uid, 
LOGIN_SETALL) != 0)
usr.sbin/daemon/daemon.c-               errx(1, "failed to set user 
environment");
usr.sbin/daemon/daemon.c-}
--
usr.sbin/inetd/inetd.c:                         if (setusercontext(lc, pwd, 
pwd->pw_uid,
usr.sbin/inetd/inetd.c-                             LOGIN_SETALL & 
~LOGIN_SETMAC)
usr.sbin/inetd/inetd.c-                             != 0) {
--
usr.sbin/inetd/inetd.c:                                  "%s: can't 
setusercontext(..%s..): %m",
usr.sbin/inetd/inetd.c-                                  sep->se_service, 
sep->se_user);
usr.sbin/inetd/inetd.c-                                 _exit(EX_OSERR);
--
usr.sbin/jail/jail.c:           if (setusercontext(lcap, pwd, pwd->pw_uid,
usr.sbin/jail/jail.c-               LOGIN_SETALL & ~LOGIN_SETGROUP & 
~LOGIN_SETLOGIN) != 0)
usr.sbin/jail/jail.c:                   err(1, "setusercontext");
usr.sbin/jail/jail.c-           login_close(lcap);
usr.sbin/jail/jail.c-   }
--
usr.sbin/jexec/jexec.c:         if (setusercontext(lcap, pwd, pwd->pw_uid,
usr.sbin/jexec/jexec.c-             LOGIN_SETALL & ~LOGIN_SETGROUP & 
~LOGIN_SETLOGIN) != 0)
usr.sbin/jexec/jexec.c:                 err(1, "setusercontext");
usr.sbin/jexec/jexec.c-         login_close(lcap);
usr.sbin/jexec/jexec.c- }

DES
-- 
Dag-Erling Smørgrav - d...@des.no
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"