From owner-svn-src-all@FreeBSD.ORG Mon Oct 22 03:07:07 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 07EC7D3F; Mon, 22 Oct 2012 03:07:06 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 556488FC0C; Mon, 22 Oct 2012 03:07:06 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q9M376s6017851; Mon, 22 Oct 2012 03:07:06 GMT (envelope-from eadler@svn.freebsd.org) Received: (from eadler@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q9M375PN017842; Mon, 22 Oct 2012 03:07:05 GMT (envelope-from eadler@svn.freebsd.org) Message-Id: <201210220307.q9M375PN017842@svn.freebsd.org> From: Eitan Adler Date: Mon, 22 Oct 2012 03:07:05 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r241848 - in head: libexec/tftpd sbin/ccdconfig sbin/restore usr.bin/lock usr.bin/msgs usr.bin/wall usr.sbin/edquota usr.sbin/kgmon X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Oct 2012 03:07:07 -0000 Author: eadler Date: Mon Oct 22 03:07:05 2012 New Revision: 241848 URL: http://svn.freebsd.org/changeset/base/241848 Log: Check the return error of set[e][ug]id. While this can never fail in the current version of FreeBSD, this isn't guarenteed by the API. Custom security modules, or future implementations of the setuid and setgid may fail. Submitted by: Erik Cederstrand Approved by: cperciva MFC after: 3 days Modified: head/libexec/tftpd/tftpd.c head/sbin/ccdconfig/ccdconfig.c head/sbin/restore/tape.c head/usr.bin/lock/lock.c head/usr.bin/msgs/msgs.c head/usr.bin/wall/wall.c head/usr.sbin/edquota/edquota.c head/usr.sbin/kgmon/kgmon.c Modified: head/libexec/tftpd/tftpd.c ============================================================================== --- head/libexec/tftpd/tftpd.c Mon Oct 22 03:06:59 2012 (r241847) +++ head/libexec/tftpd/tftpd.c Mon Oct 22 03:07:05 2012 (r241848) @@ -371,7 +371,10 @@ main(int argc, char *argv[]) } chdir("/"); setgroups(1, &nobody->pw_gid); - setuid(nobody->pw_uid); + if (setuid(nobody->pw_uid) != 0) { + tftp_log(LOG_ERR, "setuid failed"); + exit(1); + } } len = sizeof(me_sock); Modified: head/sbin/ccdconfig/ccdconfig.c ============================================================================== --- head/sbin/ccdconfig/ccdconfig.c Mon Oct 22 03:06:59 2012 (r241847) +++ head/sbin/ccdconfig/ccdconfig.c Mon Oct 22 03:07:05 2012 (r241848) @@ -288,13 +288,16 @@ do_all(int action) rval = 0; egid = getegid(); - setegid(getgid()); + if (setegid(getgid()) != 0) + err(1, "setegid failed"); if ((f = fopen(ccdconf, "r")) == NULL) { - setegid(egid); + if (setegid(egid) != 0) + err(1, "setegid failed"); warn("fopen: %s", ccdconf); return (1); } - setegid(egid); + if (setegid(egid) != 0) + err(1, "setegid failed"); while (fgets(line, sizeof(line), f) != NULL) { argc = 0; Modified: head/sbin/restore/tape.c ============================================================================== --- head/sbin/restore/tape.c Mon Oct 22 03:06:59 2012 (r241847) +++ head/sbin/restore/tape.c Mon Oct 22 03:07:05 2012 (r241848) @@ -164,7 +164,11 @@ setinput(char *source, int ispipecommand } pipein++; } - setuid(getuid()); /* no longer need or want root privileges */ + /* no longer need or want root privileges */ + if (setuid(getuid()) != 0) { + fprintf(stderr, "setuid failed\n"); + done(1); + } magtape = strdup(source); if (magtape == NULL) { fprintf(stderr, "Cannot allocate space for magtape buffer\n"); Modified: head/usr.bin/lock/lock.c ============================================================================== --- head/usr.bin/lock/lock.c Mon Oct 22 03:06:59 2012 (r241847) +++ head/usr.bin/lock/lock.c Mon Oct 22 03:07:05 2012 (r241848) @@ -129,7 +129,9 @@ main(int argc, char **argv) } timeout.tv_sec = sectimeout * 60; - setuid(getuid()); /* discard privs */ + /* discard privs */ + if (setuid(getuid()) != 0) + errx(1, "setuid failed"); if (tcgetattr(0, &tty)) /* get information for header */ exit(1); Modified: head/usr.bin/msgs/msgs.c ============================================================================== --- head/usr.bin/msgs/msgs.c Mon Oct 22 03:06:59 2012 (r241847) +++ head/usr.bin/msgs/msgs.c Mon Oct 22 03:07:05 2012 (r241848) @@ -175,7 +175,8 @@ main(int argc, char *argv[]) setlocale(LC_ALL, ""); time(&t); - setuid(uid = getuid()); + if (setuid(uid = getuid()) != 0) + err(1, "setuid failed"); ruptible = (signal(SIGINT, SIG_IGN) == SIG_DFL); if (ruptible) signal(SIGINT, SIG_DFL); Modified: head/usr.bin/wall/wall.c ============================================================================== --- head/usr.bin/wall/wall.c Mon Oct 22 03:06:59 2012 (r241847) +++ head/usr.bin/wall/wall.c Mon Oct 22 03:07:05 2012 (r241848) @@ -240,7 +240,8 @@ makemsg(char *fname) setegid(getgid()); if (freopen(fname, "r", stdin) == NULL) err(1, "can't read %s", fname); - setegid(egid); + if (setegid(egid) != 0) + err(1, "setegid failed"); } cnt = 0; while (fgetws(lbuf, sizeof(lbuf)/sizeof(wchar_t), stdin)) { Modified: head/usr.sbin/edquota/edquota.c ============================================================================== --- head/usr.sbin/edquota/edquota.c Mon Oct 22 03:06:59 2012 (r241847) +++ head/usr.sbin/edquota/edquota.c Mon Oct 22 03:07:05 2012 (r241848) @@ -453,8 +453,10 @@ editit(char *tmpf) const char *ed; sigsetmask(omask); - setgid(getgid()); - setuid(getuid()); + if (setgid(getgid()) != 0) + err(1, "setgid failed"); + if (setuid(getuid()) != 0) + err(1, "setuid failed"); if ((ed = getenv("EDITOR")) == (char *)0) ed = _PATH_VI; execlp(ed, ed, tmpf, (char *)0); Modified: head/usr.sbin/kgmon/kgmon.c ============================================================================== --- head/usr.sbin/kgmon/kgmon.c Mon Oct 22 03:06:59 2012 (r241847) +++ head/usr.sbin/kgmon/kgmon.c Mon Oct 22 03:07:05 2012 (r241848) @@ -90,7 +90,9 @@ main(int argc, char **argv) struct kvmvars kvmvars; char *system, *kmemf; - seteuid(getuid()); + if (seteuid(getuid()) != 0) { + err(1, "seteuid failed\n"); + } kmemf = NULL; system = NULL; while ((ch = getopt(argc, argv, "M:N:Bbhpr")) != -1) {