Attachment #102465 for bug #155317

View | Details | Raw Unified | Return to bug 155317
Collapse All | Expand All

Lines 169-176 Link Here

(-)linux-ftpd-0.17/ftpd/popen.c.bak (-2 / +7 lines)
169	* XXX: this doesn't seem right... and shouldn't	169	* XXX: this doesn't seem right... and shouldn't
170	* we initgroups, or at least setgroups(0,0)?	170	* we initgroups, or at least setgroups(0,0)?
171	*/	171	*/
172	setgid(getegid());	172
173	setuid(i);	173	/*
		174	* PSz 25 Aug 06 Must check the return status of these setgid/setuid calls,
		175	* see http://www.bress.net/blog/archives/34-setuid-madness.html
		176	*/
		177	if ( setgid(getegid()) != 0 ) _exit(1);
		178	if ( setuid(i) != 0 ) _exit(1);
174		179
175	#ifndef __linux__	180	#ifndef __linux__
176	/*	181	/*

Lines 1159-1164 Link Here

(-)linux-ftpd-0.17/ftpd/ftpd.c.bak (-6 / +12 lines)
1159	}	1159	}
1160	strcpy(pw->pw_dir, "/");	1160	strcpy(pw->pw_dir, "/");
1161	setenv("HOME", "/", 1);	1161	setenv("HOME", "/", 1);
		1162	}
		1163	/* PSz 25 Aug 06 chdir for real users done after setting UID */
		1164	if (seteuid((uid_t)pw->pw_uid) < 0) {
		1165	reply(550, "Can't set uid.");
		1166	goto bad;
		1167	}
		1168	if (guest \|\| dochroot) { /* do nothing, handled above */
1162	} else if (chdir(pw->pw_dir) < 0) {	1169	} else if (chdir(pw->pw_dir) < 0) {
1163	if (chdir("/") < 0) {	1170	if (chdir("/") < 0) {
1164	reply(530, "User %s: can't change directory to %s.",	1171	reply(530, "User %s: can't change directory to %s.",
Lines 1167-1176 Link Here
1167	} else	1174	} else
1168	lreply(230, "No directory! Logging in with home=/");	1175	lreply(230, "No directory! Logging in with home=/");
1169	}	1176	}
1170	if (seteuid((uid_t)pw->pw_uid) < 0) {	1177
1171	reply(550, "Can't set uid.");
1172	goto bad;
1173	}
1174	sigfillset(&allsigs);	1178	sigfillset(&allsigs);
1175	sigprocmask(SIG_UNBLOCK,&allsigs,NULL);	1179	sigprocmask(SIG_UNBLOCK,&allsigs,NULL);
1176		1180
Lines 1408-1414 Link Here
1408	goto bad;	1412	goto bad;
1409	sleep(tries);	1413	sleep(tries);
1410	}	1414	}
1411	(void) seteuid((uid_t)pw->pw_uid);	1415	/* PSz 25 Aug 06 Check return status */
		1416	if (seteuid((uid_t)pw->pw_uid) != 0) _exit(1);
1412	sigfillset(&allsigs);	1417	sigfillset(&allsigs);
1413	sigprocmask (SIG_UNBLOCK, &allsigs, NULL);	1418	sigprocmask (SIG_UNBLOCK, &allsigs, NULL);
1414		1419
Lines 1440-1446 Link Here
1440	bad:	1445	bad:
1441	/* Return the real value of errno (close may change it) */	1446	/* Return the real value of errno (close may change it) */
1442	t = errno;	1447	t = errno;
1443	(void) seteuid((uid_t)pw->pw_uid);	1448	/* PSz 25 Aug 06 Check return status */
		1449	if (seteuid((uid_t)pw->pw_uid) != 0) _exit(1);
1444	sigfillset (&allsigs);	1450	sigfillset (&allsigs);
1445	sigprocmask (SIG_UNBLOCK, &allsigs, NULL);	1451	sigprocmask (SIG_UNBLOCK, &allsigs, NULL);
1446	(void) close(s);	1452	(void) close(s);

Return to bug 155317