From owner-svn-src-stable@FreeBSD.ORG Thu May 5 22:07:02 2011 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6BB59106564A; Thu, 5 May 2011 22:07:02 +0000 (UTC) (envelope-from jilles@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 5A7EB8FC08; Thu, 5 May 2011 22:07:02 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p45M728k018876; Thu, 5 May 2011 22:07:02 GMT (envelope-from jilles@svn.freebsd.org) Received: (from jilles@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p45M72Lu018874; Thu, 5 May 2011 22:07:02 GMT (envelope-from jilles@svn.freebsd.org) Message-Id: <201105052207.p45M72Lu018874@svn.freebsd.org> From: Jilles Tjoelker Date: Thu, 5 May 2011 22:07:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r221515 - stable/8/bin/sh X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2011 22:07:02 -0000 Author: jilles Date: Thu May 5 22:07:02 2011 New Revision: 221515 URL: http://svn.freebsd.org/changeset/base/221515 Log: MFC r221012: sh: Check setuid()/setgid() return values. If the -p option is turned off, privileges from a setuid or setgid binary are dropped. Make sure to check if this succeeds. If it fails, this is an error which will cause the shell to abort except in interactive mode or if 'command' was used to make 'set' or an outer 'eval' or '.' non-special. Note that taking advantage of this feature and writing setuid shell scripts seems unwise. Modified: stable/8/bin/sh/options.c Directory Properties: stable/8/bin/sh/ (props changed) Modified: stable/8/bin/sh/options.c ============================================================================== --- stable/8/bin/sh/options.c Thu May 5 22:04:59 2011 (r221514) +++ stable/8/bin/sh/options.c Thu May 5 22:07:02 2011 (r221515) @@ -278,8 +278,10 @@ setoption(int flag, int val) int i; if (flag == 'p' && !val && privileged) { - (void) setuid(getuid()); - (void) setgid(getgid()); + if (setgid(getgid()) == -1) + error("setgid"); + if (setuid(getuid()) == -1) + error("setuid"); } for (i = 0; i < NOPTS; i++) if (optlist[i].letter == flag) {