From owner-cvs-all  Tue Sep  4  9:15:57 2001
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0C3C637B40C; Tue,  4 Sep 2001 09:15:52 -0700 (PDT)
Received: (from ru@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f84GFpx76144;
	Tue, 4 Sep 2001 09:15:51 -0700 (PDT)
	(envelope-from ru)
Message-Id: <200109041615.f84GFpx76144@freefall.freebsd.org>
From: Ruslan Ermilov <ru@FreeBSD.org>
Date: Tue, 4 Sep 2001 09:15:51 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/usr.bin/at panic.c privs.h
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

ru          2001/09/04 09:15:51 PDT

  Modified files:
    usr.bin/at           panic.c privs.h 
  Log:
  SECURITY.
  
  Fixed macros for temporarily relinquishing and restoring setuid/setgid
  privileges so that they never change the real user and group IDs of
  the calling process.
  
  The setre[ug]id() calls are still used in the REDUCE_PERM macro (with
  the r[ug]id arguments of -1) so that the call changes the saved user
  and group IDs of the process to that specified.
  
  Also, the panic() and perr() functions had insufficient privileges to
  delete the problematic file under /var/at.
  
  Revision  Changes    Path
  1.11      +10 -3     src/usr.bin/at/panic.c
  1.8       +38 -43    src/usr.bin/at/privs.h


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message