Date: Wed, 4 Dec 2024 18:38:42 GMT From: Ed Maste <emaste@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: bb9678f1ff68 - stable/14 - comsat: Use initgroups and setgid not just setuid Message-ID: <202412041838.4B4IcgUm079402@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=bb9678f1ff6881b036220045adb58047332cfb0d commit bb9678f1ff6881b036220045adb58047332cfb0d Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2024-11-28 16:54:48 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2024-12-04 18:38:31 +0000 comsat: Use initgroups and setgid not just setuid PR: 270404 Reviewed by: jlduran Obtained from: NetBSD Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47828 (cherry picked from commit d4dd9e22c13896e6b5e2a6fc78dad4f8496cc14d) --- libexec/comsat/comsat.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c index 3f94f8d56201..1a9fb443e68e 100644 --- a/libexec/comsat/comsat.c +++ b/libexec/comsat/comsat.c @@ -224,10 +224,11 @@ jkfprintf(FILE *tp, char user[], char file[], off_t offset) struct passwd *p; unsigned char line[BUFSIZ]; - /* Set effective uid to user in case mail drop is on nfs */ - if ((p = getpwnam(user)) == NULL) - return; - if (setuid(p->pw_uid) != 0) + /* Set uid/gid/groups to user's in case mail drop is on nfs */ + if ((p = getpwnam(user)) == NULL || + initgroups(p->pw_name, p->pw_gid) == -1 || + setgid(p->pw_gid) == -1 || + setuid(p->pw_uid) == -1) return; if ((fi = fopen(file, "r")) == NULL)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202412041838.4B4IcgUm079402>