sh: Remove duplicate code resetting uid/gid for set +p/+o privileged.
authorPeter Avalos <pavalos@dragonflybsd.org>
Sat, 2 Jul 2011 23:47:49 +0000 (13:47 -1000)
committerPeter Avalos <pavalos@dragonflybsd.org>
Sun, 21 Aug 2011 19:10:24 +0000 (12:10 -0700)
sh: Check setuid()/setgid() return values.

If the -p option is turned off, privileges from a setuid or setgid
binary are dropped. Make sure to check if this succeeds. If it
fails, this is an error which will cause the shell to abort except
in interactive mode or if 'command' was used to make 'set' or an
outer 'eval' or '.' non-special.

Obtained-from:   FreeBSD SVN rev 221011 & 221012

bin/sh/options.c

index 3e1e36c..e720284 100644 (file)
@@ -34,7 +34,7 @@
  * SUCH DAMAGE.
  *
  * @(#)options.c       8.2 (Berkeley) 5/4/95
- * $FreeBSD: src/bin/sh/options.c,v 1.33 2011/02/04 22:47:55 jilles Exp $
+ * $FreeBSD: src/bin/sh/options.c,v 1.35 2011/04/25 10:14:29 jilles Exp $
  */
 
 #include <signal.h>
@@ -199,13 +199,8 @@ options(int cmdline)
                                minus_o(*argptr, val);
                                if (*argptr)
                                        argptr++;
-                       } else {
-                               if (c == 'p' && !val && privileged) {
-                                       setuid(getuid());
-                                       setgid(getgid());
-                               }
+                       } else
                                setoption(c, val);
-                       }
                }
        }
        return;
@@ -272,10 +267,6 @@ minus_o(char *name, int val)
        } else {
                for (i = 0; i < NOPTS; i++)
                        if (equal(name, optlist[i].name)) {
-                               if (!val && privileged && equal(name, "privileged")) {
-                                       setuid(getuid());
-                                       setgid(getgid());
-                               }
                                setoption(optlist[i].letter, val);
                                return;
                        }
@@ -289,6 +280,12 @@ setoption(int flag, int val)
 {
        int i;
 
+       if (flag == 'p' && !val && privileged) {
+               if (setgid(getgid()) == -1)
+                       error("setgid");
+               if (setuid(getuid()) == -1)
+                       error("setuid");
+       }
        for (i = 0; i < NOPTS; i++)
                if (optlist[i].letter == flag) {
                        optlist[i].val = val;