From nobody Tue Aug  5 11:52:48 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bxBcx06J9z64N2x;
	Tue, 05 Aug 2025 11:52:49 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bxBcw2n21z3tQc;
	Tue, 05 Aug 2025 11:52:48 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1754394768;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=YhhFNt8+Kc7VJvG8Fu0HoXgDpw3p4n7mucAO2usFWXs=;
	b=ZOYFvZK6icYhyqOsxMjpnMN+SUErhnGgGbg+vm/GoynH0hA2JwDTMYEHqZ8HLxdQgiInrr
	bbQwH4mBu131VhhmeHa+bFr5BUnfr9jpbCBMsVpZ2JnI8VjMDwn/ufvHQZN927uQ3CMJAO
	HrDTzWoutIitT0h2Z5M0tV32vbLIDhO1K2uAKZmKgbXFppOYFaetZ9DhPbIpnY5OkcarLO
	XoTEZMP18ko1uqZS2CZZx2M/CUfuw4wWb//4nfobeMzupLNhTuJJiCXCnkDQGEFDX3JzN2
	rs/UooVAQgF3cNoU+yzm5wjynRYME0rqihshY543xXypQoZOinCrQJOWuoB2Uw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1754394768;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=YhhFNt8+Kc7VJvG8Fu0HoXgDpw3p4n7mucAO2usFWXs=;
	b=X5chbj5erUP6eM7srZEcKhkzptj7wVTdgTdTdkSqlA8AMLUuF5I+CwgdBm5n6ShedAyyBA
	cvhrjWhrSU+kG4KSHZq/H0ZsQElVOcr4QAuWP0rFmRLxtjNwphD7BmiXuCiiFYuvvfre+9
	5Ttg0AxTZJdAxBQNZWkNVLu/DNLPM7kXbepBJIkChvGrPGBSoG3vnqRK0sgSurUGVQMfmG
	4q6vaCq4UeMPYzheRw4TX/pppmOsBPVB6v6CNqYqnAB7ocY2R16JD8sGv5DBd4/VEsvizB
	hom+uMl824AfnmMNgH1S8HvIj8Cu6WaaGxQ+sFbyO96PdQxVDsNvdBfZEr1Etg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1754394768; a=rsa-sha256; cv=none;
	b=iIx1iV5/NEWPoc9K3djixq+EgKQI3oKqJvZBLhdFlu1g/MfQLhIlU2WKjzgDaKz7eoGnZu
	yC1Qf1jXkLT60qQZjNtZwt0Jl59NcbuB5fbKhtwS1CicfgHz25EIwLPlDU9r6gYxpsCmSk
	vlt4+xW9C3aQ5VAQ1FSDjl08eZ1330L23zDPQlSp3MgRCjKfKgniNm05KPOCrQY0EVqSLf
	HR87FHIkORUl4LPQcu2Pj6uHSJP75TENQ4KTDvOxBNqkXlny3csyXn4cmPG0IRQ0rz7CvY
	IoVm9L4IYTMvw9qu1FUm/QRoD0Mz7cLfDbSFqVla6DfBL7YWHum0OuU5xQtt2g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bxBcw2KYvzZXX;
	Tue, 05 Aug 2025 11:52:48 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 575BqmXW024590;
	Tue, 5 Aug 2025 11:52:48 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 575Bqm73024587;
	Tue, 5 Aug 2025 11:52:48 GMT
	(envelope-from git)
Date: Tue, 5 Aug 2025 11:52:48 GMT
Message-Id: <202508051152.575Bqm73024587@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= <des@FreeBSD.org>
Subject: git: 1501ecebf5af - stable/13 - comsat: Improve use of
  setuid()
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: des
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 1501ecebf5af7b47fde0020b888cfb4e4df1074e
Auto-Submitted: auto-generated

The branch stable/13 has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=1501ecebf5af7b47fde0020b888cfb4e4df1074e

commit 1501ecebf5af7b47fde0020b888cfb4e4df1074e
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2024-11-27 20:36:46 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2025-08-05 11:52:26 +0000

    comsat: Improve use of setuid()
    
    Just return from jkfprintf if either (a) user lookup fails (that is,
    getpwnam fails) or (b) setuid() to the user's uid fails.  If comsat is
    invoked from inetd using the default of tty:tty we will now return due
    to setuid() failing rather than fopen() failing.
    
    PR:             270404
    Reviewed by:    kevans
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D47823
    
    (cherry picked from commit 062b69ba045dc0fef3d9b8d73365d2798c05a480)
    
    comsat: Use initgroups and setgid not just setuid
    
    PR:             270404
    Reviewed by:    jlduran
    Obtained from:  NetBSD
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D47828
    
    (cherry picked from commit d4dd9e22c13896e6b5e2a6fc78dad4f8496cc14d)
    
    comsat: move uid/gid setting earlier
    
    It's good to reduce privilege as early as possible.
    
    Suggested by:   jlduran
    Reviewed by:    jlduran
    Obtained from:  NetBSD
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D47869
    
    (cherry picked from commit 91629228e3df14997df12ffc6e7be6b9964e5463)
---
 libexec/comsat/comsat.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c
index 138881db9e4a..2358336be61a 100644
--- a/libexec/comsat/comsat.c
+++ b/libexec/comsat/comsat.c
@@ -71,7 +71,7 @@ static int	debug = 0;
 
 static char	hostname[MAXHOSTNAMELEN];
 
-static void	jkfprintf(FILE *, char[], char[], off_t);
+static void	jkfprintf(FILE *, char[], off_t);
 static void	mailfor(char *);
 static void	notify(struct utmpx *, char[], off_t, int);
 static void	reapchildren(int);
@@ -159,6 +159,7 @@ notify(struct utmpx *utp, char file[], off_t offset, int folder)
 	FILE *tp;
 	struct stat stb;
 	struct termios tio;
+	struct passwd *p;
 	char tty[20];
 	const char *s = utp->ut_line;
 
@@ -192,6 +193,14 @@ notify(struct utmpx *utp, char file[], off_t offset, int folder)
 	}
 	(void)tcgetattr(fileno(tp), &tio);
 	cr = ((tio.c_oflag & (OPOST|ONLCR)) == (OPOST|ONLCR)) ?  "\n" : "\n\r";
+
+	/* Set uid/gid/groups to user's in case mail drop is on nfs */
+	if ((p = getpwnam(utp->ut_user)) == NULL ||
+	    initgroups(p->pw_name, p->pw_gid) == -1 ||
+	    setgid(p->pw_gid) == -1 ||
+	    setuid(p->pw_uid) == -1)
+		return;
+
 	switch (stb.st_mode & (S_IXUSR | S_IXGRP)) {
 	case S_IXUSR:
 	case (S_IXUSR | S_IXGRP):
@@ -200,7 +209,7 @@ notify(struct utmpx *utp, char file[], off_t offset, int folder)
 		    cr, utp->ut_user, (int)sizeof(hostname), hostname,
 		    folder ? cr : "", folder ? "to " : "", folder ? file : "",
 		    cr, cr);
-		jkfprintf(tp, utp->ut_user, file, offset);
+		jkfprintf(tp, file, offset);
 		break;
 	case S_IXGRP:
 		(void)fprintf(tp, "\007");
@@ -216,18 +225,13 @@ notify(struct utmpx *utp, char file[], off_t offset, int folder)
 }
 
 static void
-jkfprintf(FILE *tp, char user[], char file[], off_t offset)
+jkfprintf(FILE *tp, char file[], off_t offset)
 {
 	unsigned char *cp, ch;
 	FILE *fi;
 	int linecnt, charcnt, inheader;
-	struct passwd *p;
 	unsigned char line[BUFSIZ];
 
-	/* Set effective uid to user in case mail drop is on nfs */
-	if ((p = getpwnam(user)) != NULL)
-		(void) setuid(p->pw_uid);
-
 	if ((fi = fopen(file, "r")) == NULL)
 		return;