Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 48674 Details for
Bug 78256
net-mail/cmd5checkpw is installed setuid, but does not drop euid
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
cmd5checkpw: set euid to uid of calling user
cmd5checkpw-0.22-seteuid.patch (text/plain), 931 bytes, created by
Florian Westphal
on 2005-01-16 11:37:10 UTC
(
hide
)
Description:
cmd5checkpw: set euid to uid of calling user
Filename:
MIME Type:
Creator:
Florian Westphal
Created:
2005-01-16 11:37:10 UTC
Size:
931 bytes
patch
obsolete
>--- main.c-orig 2004-11-23 11:34:05.757230992 +0100 >+++ main.c 2004-11-23 11:55:46.117546176 +0100 >@@ -6,6 +6,10 @@ > #include <stdio.h> > #include <unistd.h> > >+#include <sys/types.h> >+#include <unistd.h> >+ >+ > #define LINE_MAX 256 > #define SMTP_PASSWD_FILE "/etc/poppasswd" > char up[513]; >@@ -22,10 +26,26 @@ > unsigned char h; > FILE *fp; > int j; >- >+ uid_t uid; >+ gid_t gid; > char *linepnt; > > if ((fp = fopen(SMTP_PASSWD_FILE, "rt")) == NULL) _exit(2); >+ >+ uid = getuid(); >+ gid = getgid(); >+ >+ if (gid != getegid()) { >+ if (setegid(gid)) >+ _exit(2); >+ } >+ >+ >+ if (uid && (uid != geteuid())) { >+ if (seteuid(uid)) >+ _exit(2); >+ } >+ > while (fgets(line, LINE_MAX, fp) != NULL) { > if ((linepnt = strchr(line, '\n')) != NULL) { > *linepnt = 0; >@@ -38,7 +58,8 @@ > break; > } > } >- fclose(fp); >+ >+ if (EOF == fclose(fp)) _exit(2); > > if (!found_user) return(1); >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 78256
: 48674