]>
Commit | Line | Data |
---|---|---|
8c29990a JK |
1 | diff -durN inn-2.4.0.orig/expire/expire.c inn-2.4.0/expire/expire.c |
2 | --- inn-2.4.0.orig/expire/expire.c Fri May 9 06:25:27 2003 | |
3 | +++ inn-2.4.0/expire/expire.c Fri Dec 5 09:50:12 2003 | |
4 | @@ -8,6 +8,7 @@ | |
5 | #include <ctype.h> | |
6 | #include <errno.h> | |
7 | #include <pwd.h> | |
8 | +#include <grp.h> | |
9 | #include <sys/stat.h> | |
10 | #include <syslog.h> | |
11 | #include <time.h> | |
12 | @@ -496,12 +497,19 @@ | |
13 | setuid_news(void) | |
14 | { | |
15 | struct passwd *pwd; | |
16 | + struct group *grp; | |
17 | ||
18 | pwd = getpwnam(NEWSUSER); | |
19 | if (pwd == NULL) | |
20 | die("can't resolve %s to a UID (account doesn't exist?)", NEWSUSER); | |
21 | - if (getuid() == 0) | |
22 | + grp = getgrnam(NEWSGRP); | |
23 | + if (grp == NULL) | |
24 | + die("can't resolve %s to a GID (account doesn't exist?)", NEWSGRP); | |
25 | + if (getuid() == 0) { | |
26 | + setgid(grp->gr_gid); | |
27 | + initgroups(pwd->pw_name,grp->gr_gid); | |
28 | setuid(pwd->pw_uid); | |
29 | + } | |
30 | if (getuid() != pwd->pw_uid) | |
31 | die("must be run as %s", NEWSUSER); | |
32 | } | |
33 | diff -durN inn-2.4.0.orig/expire/expireover.c inn-2.4.0/expire/expireover.c | |
34 | --- inn-2.4.0.orig/expire/expireover.c Fri May 9 06:25:27 2003 | |
35 | +++ inn-2.4.0/expire/expireover.c Fri Dec 5 09:50:22 2003 | |
36 | @@ -12,6 +12,7 @@ | |
37 | #include "clibrary.h" | |
38 | #include <errno.h> | |
39 | #include <pwd.h> | |
40 | +#include <grp.h> | |
41 | #include <signal.h> | |
42 | #include <syslog.h> | |
43 | ||
44 | @@ -53,12 +54,19 @@ | |
45 | setuid_news(void) | |
46 | { | |
47 | struct passwd *pwd; | |
48 | + struct group *grp; | |
49 | ||
50 | pwd = getpwnam(NEWSUSER); | |
51 | if (pwd == NULL) | |
52 | die("can't resolve %s to a UID (account doesn't exist?)", NEWSUSER); | |
53 | - if (getuid() == 0) | |
54 | + grp = getgrnam(NEWSGRP); | |
55 | + if (grp == NULL) | |
56 | + die("can't resolve %s to a GID (account doesn't exist?)", NEWSGRP); | |
57 | + if (getuid() == 0) { | |
58 | + setgid(grp->gr_gid); | |
59 | + initgroups(pwd->pw_name,grp->gr_gid); | |
60 | setuid(pwd->pw_uid); | |
61 | + } | |
62 | if (getuid() != pwd->pw_uid) | |
63 | die("must be run as %s", NEWSUSER); | |
64 | } | |
65 | diff -durN inn-2.4.0.orig/expire/makedbz.c inn-2.4.0/expire/makedbz.c | |
66 | --- inn-2.4.0.orig/expire/makedbz.c Fri May 9 06:25:27 2003 | |
67 | +++ inn-2.4.0/expire/makedbz.c Fri Dec 5 09:50:35 2003 | |
68 | @@ -7,6 +7,7 @@ | |
69 | #include "clibrary.h" | |
70 | #include <errno.h> | |
71 | #include <pwd.h> | |
72 | +#include <grp.h> | |
73 | #include <syslog.h> | |
74 | ||
75 | #include "dbz.h" | |
76 | @@ -238,17 +239,23 @@ | |
77 | setuid_news(void) | |
78 | { | |
79 | struct passwd *pwd; | |
80 | + struct group *grp; | |
81 | ||
82 | pwd = getpwnam(NEWSUSER); | |
83 | if (pwd == NULL) | |
84 | die("can't resolve %s to a UID (account doesn't exist?)", NEWSUSER); | |
85 | - if (getuid() == 0) | |
86 | + grp = getgrnam(NEWSGRP); | |
87 | + if (grp == NULL) | |
88 | + die("can't resolve %s to a GID (account doesn't exist?)", NEWSGRP); | |
89 | + if (getuid() == 0) { | |
90 | + setgid(grp->gr_gid); | |
91 | + initgroups(pwd->pw_name,grp->gr_gid); | |
92 | setuid(pwd->pw_uid); | |
93 | + } | |
94 | if (getuid() != pwd->pw_uid) | |
95 | die("must be run as %s", NEWSUSER); | |
96 | } | |
97 | ||
98 | - | |
99 | int | |
100 | main(int argc, char **argv) | |
101 | { | |
102 | diff -durN inn-2.4.0.orig/expire/makehistory.c inn-2.4.0/expire/makehistory.c | |
103 | --- inn-2.4.0.orig/expire/makehistory.c Fri May 9 06:25:27 2003 | |
104 | +++ inn-2.4.0/expire/makehistory.c Fri Dec 5 09:50:52 2003 | |
105 | @@ -9,6 +9,7 @@ | |
106 | #include <assert.h> | |
107 | #include <errno.h> | |
108 | #include <pwd.h> | |
109 | +#include <grp.h> | |
110 | #include <syslog.h> | |
111 | ||
112 | #include "inn/buffer.h" | |
113 | @@ -714,17 +715,23 @@ | |
114 | setuid_news(void) | |
115 | { | |
116 | struct passwd *pwd; | |
117 | + struct group *grp; | |
118 | ||
119 | pwd = getpwnam(NEWSUSER); | |
120 | if (pwd == NULL) | |
121 | die("can't resolve %s to a UID (account doesn't exist?)", NEWSUSER); | |
122 | - if (getuid() == 0) | |
123 | + grp = getgrnam(NEWSGRP); | |
124 | + if (grp == NULL) | |
125 | + die("can't resolve %s to a GID (account doesn't exist?)", NEWSGRP); | |
126 | + if (getuid() == 0) { | |
127 | + setgid(grp->gr_gid); | |
128 | + initgroups(pwd->pw_name,grp->gr_gid); | |
129 | setuid(pwd->pw_uid); | |
130 | + } | |
131 | if (getuid() != pwd->pw_uid) | |
132 | die("must be run as %s", NEWSUSER); | |
133 | } | |
134 | ||
135 | - | |
136 | int | |
137 | main(int argc, char **argv) | |
138 | { | |
139 | diff -durN inn-2.4.0.orig/innd/inndstart.c inn-2.4.0/innd/inndstart.c | |
140 | --- inn-2.4.0.orig/innd/inndstart.c Fri May 9 06:25:27 2003 | |
141 | +++ inn-2.4.0/innd/inndstart.c Fri Dec 5 09:49:45 2003 | |
142 | @@ -308,6 +308,7 @@ | |
143 | /* Now, permanently drop privileges. */ | |
144 | if (setgid(news_gid) < 0 || getgid() != news_gid) | |
145 | sysdie("can't setgid to %lu", (unsigned long)news_gid); | |
146 | + initgroups(NEWSUSER,news_gid); | |
147 | if (setuid(news_uid) < 0 || getuid() != news_uid) | |
148 | sysdie("can't setuid to %lu", (unsigned long)news_uid); | |
149 | ||
150 | diff -durN inn-2.4.0.orig/innfeed/startinnfeed.c inn-2.4.0/innfeed/startinnfeed.c | |
151 | --- inn-2.4.0.orig/innfeed/startinnfeed.c Fri May 9 06:25:27 2003 | |
152 | +++ inn-2.4.0/innfeed/startinnfeed.c Fri Dec 5 09:49:45 2003 | |
153 | @@ -97,6 +97,9 @@ | |
154 | #endif /* HAVE_SETRLIMIT */ | |
155 | ||
156 | /* Permanently drop privileges. */ | |
157 | + if (setgid(news_gid) < 0 || getgid() != news_gid) | |
158 | + sysdie("can't setgid to %lu", (unsigned long) news_gid); | |
159 | + initgroups(NEWSUSER,news_gid); | |
160 | if (setuid(news_uid) < 0 || getuid() != news_uid) | |
161 | sysdie("can't setuid to %lu", (unsigned long) news_uid); | |
162 |