3571e53040
patches for easier mirroring, to eliminate a special copy, to make www.freebsd.org/security a full copy of security.freebsd.org and be eventually be the same. For now files are just sitting there. The symlinks are missing. Discussed on: www (repository location) Discussed with: simon (so)
74 lines
2.4 KiB
Diff
74 lines
2.4 KiB
Diff
===================================================================
|
|
RCS file: /home/ncvs/src/usr.sbin/inetd/builtins.c,v
|
|
retrieving revision 1.19.2.2
|
|
retrieving revision 1.19.2.3
|
|
diff -u -p -r1.19.2.2 -r1.19.2.3
|
|
--- src/usr.sbin/inetd/builtins.c 2000/10/24 19:18:29 1.19.2.2
|
|
+++ src/usr.sbin/inetd/builtins.c 2000/11/25 04:14:14 1.19.2.3
|
|
@@ -40,6 +40,7 @@
|
|
#include <ctype.h>
|
|
#include <err.h>
|
|
#include <errno.h>
|
|
+#include <fcntl.h>
|
|
#include <limits.h>
|
|
#include <pwd.h>
|
|
#include <signal.h>
|
|
@@ -575,6 +576,7 @@ ident_stream(s, sep) /* Ident service (
|
|
*/
|
|
if (fflag && !usedfallback) {
|
|
FILE *fakeid = NULL;
|
|
+ int fakeid_fd;
|
|
|
|
if (asprintf(&p, "%s/.fakeid", pw->pw_dir) == -1)
|
|
iderror(lport, fport, s, errno);
|
|
@@ -583,8 +585,9 @@ ident_stream(s, sep) /* Ident service (
|
|
* open any files we have no permission to open, especially
|
|
* symbolic links to sensitive root-owned files or devices.
|
|
*/
|
|
+ if (initgroups(pw->pw_name, pw->pw_gid) == -1)
|
|
+ iderror(lport, fport, s, errno);
|
|
seteuid(pw->pw_uid);
|
|
- setegid(pw->pw_gid);
|
|
/*
|
|
* If we were to lstat() here, it would do no good, since it
|
|
* would introduce a race condition and could be defeated.
|
|
@@ -592,9 +595,9 @@ ident_stream(s, sep) /* Ident service (
|
|
* and if it's not a regular file, we close it and end up
|
|
* returning the user's real username.
|
|
*/
|
|
- fakeid = fopen(p, "r");
|
|
+ fakeid_fd = open(p, O_RDONLY | O_NONBLOCK);
|
|
free(p);
|
|
- if (fakeid != NULL &&
|
|
+ if ((fakeid = fdopen(fakeid_fd, "r")) != NULL &&
|
|
fstat(fileno(fakeid), &sb) != -1 && S_ISREG(sb.st_mode)) {
|
|
buf[sizeof(buf) - 1] = '\0';
|
|
if (fgets(buf, sizeof(buf), fakeid) == NULL) {
|
|
@@ -605,7 +608,7 @@ ident_stream(s, sep) /* Ident service (
|
|
fclose(fakeid);
|
|
/*
|
|
* Usually, the file will have the desired identity
|
|
- * in the form "identity\n", so we use strtok() to
|
|
+ * in the form "identity\n", so we use strcspn() to
|
|
* end the string (which fgets() doesn't do.)
|
|
*/
|
|
buf[strcspn(buf, "\r\n")] = '\0';
|
|
@@ -624,10 +627,16 @@ ident_stream(s, sep) /* Ident service (
|
|
* we will return their real identity instead.
|
|
*/
|
|
|
|
- if (!*cp || getpwnam(cp))
|
|
- cp = getpwuid(uc.cr_uid)->pw_name;
|
|
+ if (!*cp || getpwnam(cp)) {
|
|
+ pw = getpwuid(uc.cr_uid);
|
|
+ if (pw == NULL)
|
|
+ iderror(lport, fport, s, errno);
|
|
+ cp = pw->pw_name;
|
|
+ }
|
|
} else
|
|
cp = pw->pw_name;
|
|
+ if (fakeid_fd != -1)
|
|
+ close(fakeid_fd);
|
|
} else if (!usedfallback)
|
|
cp = pw->pw_name;
|
|
else
|