sh: Remove duplicate code resetting uid/gid for set +p/+o privileged.

sh: Check setuid()/setgid() return values.

If the -p option is turned off, privileges from a setuid or setgid
binary are dropped. Make sure to check if this succeeds. If it
fails, this is an error which will cause the shell to abort except
in interactive mode or if 'command' was used to make 'set' or an
outer 'eval' or '.' non-special.

Obtained-from:   FreeBSD SVN rev 221011 & 221012

diff --git a/bin/sh/options.c b/bin/sh/options.c
index 3e1e36c..e720284 100644 (file)
--- a/bin/sh/options.c
+++ b/bin/sh/options.c
@@ -34,7 +34,7 @@
  * SUCH DAMAGE.
  *
  * @(#)options.c       8.2 (Berkeley) 5/4/95
- * $FreeBSD: src/bin/sh/options.c,v 1.33 2011/02/04 22:47:55 jilles Exp $
+ * $FreeBSD: src/bin/sh/options.c,v 1.35 2011/04/25 10:14:29 jilles Exp $
  */
 
 #include <signal.h>
@@ -199,13 +199,8 @@ options(int cmdline)
                                minus_o(*argptr, val);
                                if (*argptr)
                                        argptr++;
-                       } else {
-                               if (c == 'p' && !val && privileged) {
-                                       setuid(getuid());
-                                       setgid(getgid());
-                               }
+                       } else
                                setoption(c, val);
-                       }
                }
        }
        return;
@@ -272,10 +267,6 @@ minus_o(char *name, int val)
        } else {
                for (i = 0; i < NOPTS; i++)
                        if (equal(name, optlist[i].name)) {
-                               if (!val && privileged && equal(name, "privileged")) {
-                                       setuid(getuid());
-                                       setgid(getgid());
-                               }
                                setoption(optlist[i].letter, val);
                                return;
                        }
@@ -289,6 +280,12 @@ setoption(int flag, int val)
 {
        int i;
 
+       if (flag == 'p' && !val && privileged) {
+               if (setgid(getgid()) == -1)
+                       error("setgid");
+               if (setuid(getuid()) == -1)
+                       error("setuid");
+       }
        for (i = 0; i < NOPTS; i++)
                if (optlist[i].letter == flag) {
                        optlist[i].val = val;