From: Peter Avalos Date: Sat, 2 Jul 2011 23:47:49 +0000 (-1000) Subject: sh: Remove duplicate code resetting uid/gid for set +p/+o privileged. X-Git-Tag: v2.12.0~183 X-Git-Url: https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff_plain/1bf9817349b98799b92b1e764d4d0855695ce4ea sh: Remove duplicate code resetting uid/gid for set +p/+o privileged. sh: Check setuid()/setgid() return values. If the -p option is turned off, privileges from a setuid or setgid binary are dropped. Make sure to check if this succeeds. If it fails, this is an error which will cause the shell to abort except in interactive mode or if 'command' was used to make 'set' or an outer 'eval' or '.' non-special. Obtained-from: FreeBSD SVN rev 221011 & 221012 --- diff --git a/bin/sh/options.c b/bin/sh/options.c index 3e1e36cf00..e720284ffb 100644 --- a/bin/sh/options.c +++ b/bin/sh/options.c @@ -34,7 +34,7 @@ * SUCH DAMAGE. * * @(#)options.c 8.2 (Berkeley) 5/4/95 - * $FreeBSD: src/bin/sh/options.c,v 1.33 2011/02/04 22:47:55 jilles Exp $ + * $FreeBSD: src/bin/sh/options.c,v 1.35 2011/04/25 10:14:29 jilles Exp $ */ #include @@ -199,13 +199,8 @@ options(int cmdline) minus_o(*argptr, val); if (*argptr) argptr++; - } else { - if (c == 'p' && !val && privileged) { - setuid(getuid()); - setgid(getgid()); - } + } else setoption(c, val); - } } } return; @@ -272,10 +267,6 @@ minus_o(char *name, int val) } else { for (i = 0; i < NOPTS; i++) if (equal(name, optlist[i].name)) { - if (!val && privileged && equal(name, "privileged")) { - setuid(getuid()); - setgid(getgid()); - } setoption(optlist[i].letter, val); return; } @@ -289,6 +280,12 @@ setoption(int flag, int val) { int i; + if (flag == 'p' && !val && privileged) { + if (setgid(getgid()) == -1) + error("setgid"); + if (setuid(getuid()) == -1) + error("setuid"); + } for (i = 0; i < NOPTS; i++) if (optlist[i].letter == flag) { optlist[i].val = val;