989d921f5d
I'm very pleased to announce the release of our new website and documentation using the new toolchain with Hugo and AsciiDoctor. To get more information about the new toolchain please read the FreeBSD Documentation Project Primer[1], Hugo docs[2] and AsciiDoctor docs[3]. Acknowledgment: Benedict Reuschling <bcr@> Glen Barber <gjb@> Hiroki Sato <hrs@> Li-Wen Hsu <lwhsu@> Sean Chittenden <seanc@> The FreeBSD Foundation [1] https://docs.FreeBSD.org/en/books/fdp-primer/ [2] https://gohugo.io/documentation/ [3] https://docs.asciidoctor.org/home/ Approved by: doceng, core
74 lines
2.4 KiB
Diff
74 lines
2.4 KiB
Diff
===================================================================
|
|
RCS file: /home/ncvs/src/usr.sbin/inetd/builtins.c,v
|
|
retrieving revision 1.19.2.2
|
|
retrieving revision 1.19.2.3
|
|
diff -u -p -r1.19.2.2 -r1.19.2.3
|
|
--- src/usr.sbin/inetd/builtins.c 2000/10/24 19:18:29 1.19.2.2
|
|
+++ src/usr.sbin/inetd/builtins.c 2000/11/25 04:14:14 1.19.2.3
|
|
@@ -40,6 +40,7 @@
|
|
#include <ctype.h>
|
|
#include <err.h>
|
|
#include <errno.h>
|
|
+#include <fcntl.h>
|
|
#include <limits.h>
|
|
#include <pwd.h>
|
|
#include <signal.h>
|
|
@@ -575,6 +576,7 @@ ident_stream(s, sep) /* Ident service (
|
|
*/
|
|
if (fflag && !usedfallback) {
|
|
FILE *fakeid = NULL;
|
|
+ int fakeid_fd;
|
|
|
|
if (asprintf(&p, "%s/.fakeid", pw->pw_dir) == -1)
|
|
iderror(lport, fport, s, errno);
|
|
@@ -583,8 +585,9 @@ ident_stream(s, sep) /* Ident service (
|
|
* open any files we have no permission to open, especially
|
|
* symbolic links to sensitive root-owned files or devices.
|
|
*/
|
|
+ if (initgroups(pw->pw_name, pw->pw_gid) == -1)
|
|
+ iderror(lport, fport, s, errno);
|
|
seteuid(pw->pw_uid);
|
|
- setegid(pw->pw_gid);
|
|
/*
|
|
* If we were to lstat() here, it would do no good, since it
|
|
* would introduce a race condition and could be defeated.
|
|
@@ -592,9 +595,9 @@ ident_stream(s, sep) /* Ident service (
|
|
* and if it's not a regular file, we close it and end up
|
|
* returning the user's real username.
|
|
*/
|
|
- fakeid = fopen(p, "r");
|
|
+ fakeid_fd = open(p, O_RDONLY | O_NONBLOCK);
|
|
free(p);
|
|
- if (fakeid != NULL &&
|
|
+ if ((fakeid = fdopen(fakeid_fd, "r")) != NULL &&
|
|
fstat(fileno(fakeid), &sb) != -1 && S_ISREG(sb.st_mode)) {
|
|
buf[sizeof(buf) - 1] = '\0';
|
|
if (fgets(buf, sizeof(buf), fakeid) == NULL) {
|
|
@@ -605,7 +608,7 @@ ident_stream(s, sep) /* Ident service (
|
|
fclose(fakeid);
|
|
/*
|
|
* Usually, the file will have the desired identity
|
|
- * in the form "identity\n", so we use strtok() to
|
|
+ * in the form "identity\n", so we use strcspn() to
|
|
* end the string (which fgets() doesn't do.)
|
|
*/
|
|
buf[strcspn(buf, "\r\n")] = '\0';
|
|
@@ -624,10 +627,16 @@ ident_stream(s, sep) /* Ident service (
|
|
* we will return their real identity instead.
|
|
*/
|
|
|
|
- if (!*cp || getpwnam(cp))
|
|
- cp = getpwuid(uc.cr_uid)->pw_name;
|
|
+ if (!*cp || getpwnam(cp)) {
|
|
+ pw = getpwuid(uc.cr_uid);
|
|
+ if (pw == NULL)
|
|
+ iderror(lport, fport, s, errno);
|
|
+ cp = pw->pw_name;
|
|
+ }
|
|
} else
|
|
cp = pw->pw_name;
|
|
+ if (fakeid_fd != -1)
|
|
+ close(fakeid_fd);
|
|
} else if (!usedfallback)
|
|
cp = pw->pw_name;
|
|
else
|