[packages/inn.git] / inn-setgid.patch

diff -durN inn-2.4.0.orig/expire/expire.c inn-2.4.0/expire/expire.c
--- inn-2.4.0.orig/expire/expire.c	Fri May  9 06:25:27 2003
+++ inn-2.4.0/expire/expire.c	Fri Dec  5 09:50:12 2003
@@ -8,6 +8,7 @@
 #include <ctype.h>
 #include <errno.h>
 #include <pwd.h>
+#include <grp.h>
 #include <sys/stat.h>
 #include <syslog.h>
 #include <time.h>
@@ -496,12 +497,19 @@
 setuid_news(void)
 {
     struct passwd *pwd;
+    struct group *grp;
 
     pwd = getpwnam(NEWSUSER);
     if (pwd == NULL)
         die("can't resolve %s to a UID (account doesn't exist?)", NEWSUSER);
-    if (getuid() == 0)
+    grp = getgrnam(NEWSGRP);
+    if (grp == NULL)
+        die("can't resolve %s to a GID (account doesn't exist?)", NEWSGRP);
+    if (getuid() == 0) {
+        setgid(grp->gr_gid);
+	initgroups(pwd->pw_name,grp->gr_gid);
         setuid(pwd->pw_uid);
+    }
     if (getuid() != pwd->pw_uid)
         die("must be run as %s", NEWSUSER);
 }
diff -durN inn-2.4.0.orig/expire/expireover.c inn-2.4.0/expire/expireover.c
--- inn-2.4.0.orig/expire/expireover.c	Fri May  9 06:25:27 2003
+++ inn-2.4.0/expire/expireover.c	Fri Dec  5 09:50:22 2003
@@ -12,6 +12,7 @@
 #include "clibrary.h"
 #include <errno.h>
 #include <pwd.h>
+#include <grp.h>
 #include <signal.h>
 #include <syslog.h>
 
@@ -53,12 +54,19 @@
 setuid_news(void)
 {
     struct passwd *pwd;
+    struct group *grp;
 
     pwd = getpwnam(NEWSUSER);
     if (pwd == NULL)
         die("can't resolve %s to a UID (account doesn't exist?)", NEWSUSER);
-    if (getuid() == 0)
+    grp = getgrnam(NEWSGRP);
+    if (grp == NULL)
+        die("can't resolve %s to a GID (account doesn't exist?)", NEWSGRP);
+    if (getuid() == 0) {
+        setgid(grp->gr_gid);
+	initgroups(pwd->pw_name,grp->gr_gid);
         setuid(pwd->pw_uid);
+    }
     if (getuid() != pwd->pw_uid)
         die("must be run as %s", NEWSUSER);
 }
diff -durN inn-2.4.0.orig/expire/makedbz.c inn-2.4.0/expire/makedbz.c
--- inn-2.4.0.orig/expire/makedbz.c	Fri May  9 06:25:27 2003
+++ inn-2.4.0/expire/makedbz.c	Fri Dec  5 09:50:35 2003
@@ -7,6 +7,7 @@
 #include "clibrary.h"
 #include <errno.h>
 #include <pwd.h>
+#include <grp.h>
 #include <syslog.h>  
 
 #include "dbz.h"
@@ -238,17 +239,23 @@
 setuid_news(void)
 {
     struct passwd *pwd;
+    struct group *grp;
 
     pwd = getpwnam(NEWSUSER);
     if (pwd == NULL)
         die("can't resolve %s to a UID (account doesn't exist?)", NEWSUSER);
-    if (getuid() == 0)
+    grp = getgrnam(NEWSGRP);
+    if (grp == NULL)
+        die("can't resolve %s to a GID (account doesn't exist?)", NEWSGRP);
+    if (getuid() == 0) {
+        setgid(grp->gr_gid);
+	initgroups(pwd->pw_name,grp->gr_gid);
         setuid(pwd->pw_uid);
+    }
     if (getuid() != pwd->pw_uid)
         die("must be run as %s", NEWSUSER);
 }
 
-
 int
 main(int argc, char **argv)
 {
diff -durN inn-2.4.0.orig/expire/makehistory.c inn-2.4.0/expire/makehistory.c
--- inn-2.4.0.orig/expire/makehistory.c	Fri May  9 06:25:27 2003
+++ inn-2.4.0/expire/makehistory.c	Fri Dec  5 09:50:52 2003
@@ -9,6 +9,7 @@
 #include <assert.h>
 #include <errno.h>
 #include <pwd.h>
+#include <grp.h>
 #include <syslog.h>  
 
 #include "inn/buffer.h"
@@ -714,17 +715,23 @@
 setuid_news(void)
 {
     struct passwd *pwd;
+    struct group *grp;
 
     pwd = getpwnam(NEWSUSER);
     if (pwd == NULL)
         die("can't resolve %s to a UID (account doesn't exist?)", NEWSUSER);
-    if (getuid() == 0)
+    grp = getgrnam(NEWSGRP);
+    if (grp == NULL)
+        die("can't resolve %s to a GID (account doesn't exist?)", NEWSGRP);
+    if (getuid() == 0) {
+        setgid(grp->gr_gid);
+	initgroups(pwd->pw_name,grp->gr_gid);
         setuid(pwd->pw_uid);
+    }
     if (getuid() != pwd->pw_uid)
         die("must be run as %s", NEWSUSER);
 }
 
-
 int
 main(int argc, char **argv)
 {
diff -durN inn-2.4.0.orig/innd/inndstart.c inn-2.4.0/innd/inndstart.c
--- inn-2.4.0.orig/innd/inndstart.c	Fri May  9 06:25:27 2003
+++ inn-2.4.0/innd/inndstart.c	Fri Dec  5 09:49:45 2003
@@ -308,6 +308,7 @@
     /* Now, permanently drop privileges. */
     if (setgid(news_gid) < 0 || getgid() != news_gid)
         sysdie("can't setgid to %lu", (unsigned long)news_gid);
+    initgroups(NEWSUSER,news_gid);
     if (setuid(news_uid) < 0 || getuid() != news_uid)
         sysdie("can't setuid to %lu", (unsigned long)news_uid);
 
diff -durN inn-2.4.0.orig/innfeed/startinnfeed.c inn-2.4.0/innfeed/startinnfeed.c
--- inn-2.4.0.orig/innfeed/startinnfeed.c	Fri May  9 06:25:27 2003
+++ inn-2.4.0/innfeed/startinnfeed.c	Fri Dec  5 09:49:45 2003
@@ -97,6 +97,9 @@
 #endif /* HAVE_SETRLIMIT */
 
     /* Permanently drop privileges. */
+    if (setgid(news_gid) < 0 || getgid() != news_gid)
+        sysdie("can't setgid to %lu", (unsigned long) news_gid);
+    initgroups(NEWSUSER,news_gid);
     if (setuid(news_uid) < 0 || getuid() != news_uid)
         sysdie("can't setuid to %lu", (unsigned long) news_uid);
Commit	Line	Data
8c29990a JK	1	diff -durN inn-2.4.0.orig/expire/expire.c inn-2.4.0/expire/expire.c
	2	--- inn-2.4.0.orig/expire/expire.c Fri May 9 06:25:27 2003
	3	+++ inn-2.4.0/expire/expire.c Fri Dec 5 09:50:12 2003
	4	@@ -8,6 +8,7 @@
	5	#include <ctype.h>
	6	#include <errno.h>
	7	#include <pwd.h>
	8	+#include <grp.h>
	9	#include <sys/stat.h>
	10	#include <syslog.h>
	11	#include <time.h>
	12	@@ -496,12 +497,19 @@
	13	setuid_news(void)
	14	{
	15	struct passwd *pwd;
	16	+ struct group *grp;
	17
	18	pwd = getpwnam(NEWSUSER);
	19	if (pwd == NULL)
	20	die("can't resolve %s to a UID (account doesn't exist?)", NEWSUSER);
	21	- if (getuid() == 0)
	22	+ grp = getgrnam(NEWSGRP);
	23	+ if (grp == NULL)
	24	+ die("can't resolve %s to a GID (account doesn't exist?)", NEWSGRP);
	25	+ if (getuid() == 0) {
	26	+ setgid(grp->gr_gid);
	27	+ initgroups(pwd->pw_name,grp->gr_gid);
	28	setuid(pwd->pw_uid);
	29	+ }
	30	if (getuid() != pwd->pw_uid)
	31	die("must be run as %s", NEWSUSER);
	32	}
	33	diff -durN inn-2.4.0.orig/expire/expireover.c inn-2.4.0/expire/expireover.c
	34	--- inn-2.4.0.orig/expire/expireover.c Fri May 9 06:25:27 2003
	35	+++ inn-2.4.0/expire/expireover.c Fri Dec 5 09:50:22 2003
	36	@@ -12,6 +12,7 @@
	37	#include "clibrary.h"
	38	#include <errno.h>
	39	#include <pwd.h>
	40	+#include <grp.h>
	41	#include <signal.h>
	42	#include <syslog.h>
	43
	44	@@ -53,12 +54,19 @@
	45	setuid_news(void)
	46	{
	47	struct passwd *pwd;
	48	+ struct group *grp;
	49
	50	pwd = getpwnam(NEWSUSER);
	51	if (pwd == NULL)
	52	die("can't resolve %s to a UID (account doesn't exist?)", NEWSUSER);
	53	- if (getuid() == 0)
	54	+ grp = getgrnam(NEWSGRP);
	55	+ if (grp == NULL)
	56	+ die("can't resolve %s to a GID (account doesn't exist?)", NEWSGRP);
	57	+ if (getuid() == 0) {
	58	+ setgid(grp->gr_gid);
	59	+ initgroups(pwd->pw_name,grp->gr_gid);
	60	setuid(pwd->pw_uid);
	61	+ }
	62	if (getuid() != pwd->pw_uid)
	63	die("must be run as %s", NEWSUSER);
	64	}
65	diff -durN inn-2.4.0.orig/expire/makedbz.c inn-2.4.0/expire/makedbz.c
66	--- inn-2.4.0.orig/expire/makedbz.c Fri May 9 06:25:27 2003
67	+++ inn-2.4.0/expire/makedbz.c Fri Dec 5 09:50:35 2003
68	@@ -7,6 +7,7 @@
69	#include "clibrary.h"
70	#include <errno.h>
71	#include <pwd.h>
72	+#include <grp.h>
73	#include <syslog.h>
74
75	#include "dbz.h"
76	@@ -238,17 +239,23 @@
77	setuid_news(void)
78	{
79	struct passwd *pwd;
80	+ struct group *grp;
81
82	pwd = getpwnam(NEWSUSER);
83	if (pwd == NULL)
84	die("can't resolve %s to a UID (account doesn't exist?)", NEWSUSER);
85	- if (getuid() == 0)
86	+ grp = getgrnam(NEWSGRP);
87	+ if (grp == NULL)
88	+ die("can't resolve %s to a GID (account doesn't exist?)", NEWSGRP);
89	+ if (getuid() == 0) {
90	+ setgid(grp->gr_gid);
91	+ initgroups(pwd->pw_name,grp->gr_gid);
92	setuid(pwd->pw_uid);
93	+ }
94	if (getuid() != pwd->pw_uid)
95	die("must be run as %s", NEWSUSER);
96	}
97
98	-
99	int
100	main(int argc, char **argv)
101	{
102	diff -durN inn-2.4.0.orig/expire/makehistory.c inn-2.4.0/expire/makehistory.c
103	--- inn-2.4.0.orig/expire/makehistory.c Fri May 9 06:25:27 2003
104	+++ inn-2.4.0/expire/makehistory.c Fri Dec 5 09:50:52 2003
105	@@ -9,6 +9,7 @@
106	#include <assert.h>
107	#include <errno.h>
108	#include <pwd.h>
109	+#include <grp.h>
110	#include <syslog.h>
111
112	#include "inn/buffer.h"
113	@@ -714,17 +715,23 @@
114	setuid_news(void)
115	{
116	struct passwd *pwd;
117	+ struct group *grp;
118
119	pwd = getpwnam(NEWSUSER);
120	if (pwd == NULL)
121	die("can't resolve %s to a UID (account doesn't exist?)", NEWSUSER);
122	- if (getuid() == 0)
123	+ grp = getgrnam(NEWSGRP);
124	+ if (grp == NULL)
125	+ die("can't resolve %s to a GID (account doesn't exist?)", NEWSGRP);
126	+ if (getuid() == 0) {
127	+ setgid(grp->gr_gid);
128	+ initgroups(pwd->pw_name,grp->gr_gid);
129	setuid(pwd->pw_uid);
130	+ }
131	if (getuid() != pwd->pw_uid)
132	die("must be run as %s", NEWSUSER);
133	}
134
135	-
136	int
137	main(int argc, char **argv)
138	{
139	diff -durN inn-2.4.0.orig/innd/inndstart.c inn-2.4.0/innd/inndstart.c
140	--- inn-2.4.0.orig/innd/inndstart.c Fri May 9 06:25:27 2003
141	+++ inn-2.4.0/innd/inndstart.c Fri Dec 5 09:49:45 2003
142	@@ -308,6 +308,7 @@
143	/* Now, permanently drop privileges. */
144	if (setgid(news_gid) < 0 \|\| getgid() != news_gid)
145	sysdie("can't setgid to %lu", (unsigned long)news_gid);
146	+ initgroups(NEWSUSER,news_gid);
147	if (setuid(news_uid) < 0 \|\| getuid() != news_uid)
148	sysdie("can't setuid to %lu", (unsigned long)news_uid);
149
150	diff -durN inn-2.4.0.orig/innfeed/startinnfeed.c inn-2.4.0/innfeed/startinnfeed.c
151	--- inn-2.4.0.orig/innfeed/startinnfeed.c Fri May 9 06:25:27 2003
152	+++ inn-2.4.0/innfeed/startinnfeed.c Fri Dec 5 09:49:45 2003
153	@@ -97,6 +97,9 @@
154	#endif /* HAVE_SETRLIMIT */
155
156	/* Permanently drop privileges. */
157	+ if (setgid(news_gid) < 0 \|\| getgid() != news_gid)
158	+ sysdie("can't setgid to %lu", (unsigned long) news_gid);
159	+ initgroups(NEWSUSER,news_gid);
160	if (setuid(news_uid) < 0 \|\| getuid() != news_uid)
161	sysdie("can't setuid to %lu", (unsigned long) news_uid);
162