diff options
author | Laurent Bercot <ska-skaware@skarnet.org> | 2017-07-16 16:52:08 +0000 |
---|---|---|
committer | Laurent Bercot <ska-skaware@skarnet.org> | 2017-07-16 16:52:08 +0000 |
commit | 8b000a20cc367c727b9f2c0d8e68372d0c9df995 (patch) | |
tree | 4b1fe6d66241ee4844a77f9dad61bf14a3bb97e2 /src | |
parent | 61c1f79bcace61c650edd09fc4424c2d08fbf79e (diff) | |
download | skalibs-8b000a20cc367c727b9f2c0d8e68372d0c9df995.tar.xz |
More secure setgroups functions. (thanks muh)
Diffstat (limited to 'src')
-rw-r--r-- | src/include/skalibs/setgroups.h | 1 | ||||
-rw-r--r-- | src/libstddjb/prot_grps.c | 14 | ||||
-rw-r--r-- | src/libstddjb/setgroups.c | 8 |
3 files changed, 19 insertions, 4 deletions
diff --git a/src/include/skalibs/setgroups.h b/src/include/skalibs/setgroups.h index fab0614..98998e0 100644 --- a/src/include/skalibs/setgroups.h +++ b/src/include/skalibs/setgroups.h @@ -9,6 +9,7 @@ #include <unistd.h> +extern int setgroups_and_gid (gid_t, size_t, gid_t const *) ; extern int setgroups_with_egid (size_t, gid_t const *) ; extern int skalibs_setgroups (size_t, gid_t const *) ; diff --git a/src/libstddjb/prot_grps.c b/src/libstddjb/prot_grps.c index cc4ba0d..c5ea35b 100644 --- a/src/libstddjb/prot_grps.c +++ b/src/libstddjb/prot_grps.c @@ -2,16 +2,26 @@ /* MT-unsafe */ -#include <skalibs/nonposix.h> #include <unistd.h> +#include <pwd.h> #include <grp.h> #include <limits.h> +#include <errno.h> #include <skalibs/setgroups.h> #include <skalibs/djbunix.h> int prot_grps (char const *name) { gid_t tab[NGROUPS_MAX] ; + struct passwd *pw ; int n = prot_readgroups(name, tab, NGROUPS_MAX) ; - return n < 0 ? -1 : setgroups(n, tab) ; + if (n < 0) return n ; + errno = 0 ; + pw = getpwnam(name) ; + if (!pw) + { + if (!errno) errno = ENOENT ; + return -1 ; + } + return setgroups_and_gid(pw->pw_gid, n, tab) ; } diff --git a/src/libstddjb/setgroups.c b/src/libstddjb/setgroups.c index c7610ab..d064ed2 100644 --- a/src/libstddjb/setgroups.c +++ b/src/libstddjb/setgroups.c @@ -10,10 +10,9 @@ #include <grp.h> #include <skalibs/setgroups.h> -int setgroups_with_egid (size_t n, gid_t const *tab) +int setgroups_and_gid (gid_t g, size_t n, gid_t const *tab) { size_t i = 1 ; - gid_t g = getegid() ; if (!n) return setgroups(1, &g) ; if (tab[0] == g) return setgroups(n, tab) ; for (; i < n ; i++) if (tab[i] == g) break ; @@ -34,6 +33,11 @@ int setgroups_with_egid (size_t n, gid_t const *tab) } } +int setgroups_with_egid (size_t n, gid_t const *tab) +{ + return setgroups_and_gid(getegid(), n, tab) ; +} + int skalibs_setgroups (size_t n, gid_t const *tab) { #ifdef SKALIBS_BSD_SUCKS |