diff options
| author | Sergey Poznyakoff <gray@gnu.org> | 2021-02-13 12:52:35 +0200 |
|---|---|---|
| committer | Sergey Poznyakoff <gray@gnu.org> | 2021-02-13 12:52:35 +0200 |
| commit | d247e3c2809a37b6d0c3067251d96bb7f12555e7 (patch) | |
| tree | 21c24398dd1287342c972cbcdf7bd73b8ceb9050 | |
| parent | 56939847bfa9dbfacb7aebd26f48ea8a64dd8b1d (diff) | |
| download | paxutils-d247e3c2809a37b6d0c3067251d96bb7f12555e7.tar.gz | |
Fix sys_reset_uid_gid; minor changes in genfile.c
* lib/system.h (ERRNO_IS_EACCES): Remove. Not used anymore.
(sys_reset_uid_gid): Re-initialize supplementary groups when
switching privileges. Fix ordering of setgid and setuid calls.
* tests/genfile.c (EXIT_USAGE)
(EXIT_UNAVAILABLE): New exit codes.
Use them as appropriate.
| -rw-r--r-- | lib/system.h | 32 | ||||
| -rw-r--r-- | tests/genfile.c | 24 |
2 files changed, 38 insertions, 18 deletions
diff --git a/lib/system.h b/lib/system.h index e7f531c..dffab86 100644 --- a/lib/system.h +++ b/lib/system.h @@ -470,19 +470,37 @@ char *getenv (); #if MSDOS # include <process.h> # define SET_BINARY_MODE(arc) setmode(arc, O_BINARY) -# define ERRNO_IS_EACCES errno == EACCES # define mkdir(file, mode) (mkdir) (file) # define TTY_NAME "con" # define sys_reset_uid_gid() #else # define SET_BINARY_MODE(arc) -# define ERRNO_IS_EACCES 0 # define TTY_NAME "/dev/tty" -# define sys_reset_uid_gid() \ - do { \ - if (! (setuid (getuid ()) == 0 && setgid (getgid ()) == 0)) \ - abort (); \ - } while (0) +# include <paxlib.h> +static inline void +sys_reset_uid_gid (void) +{ + struct passwd *pw; + uid_t uid = getuid (); + gid_t gid = getgid (); + + if ((pw = getpwuid (uid)) == NULL) + { + FATAL_ERROR ((0, errno, "%s(%ld)", "getpwuid", (unsigned long)uid)); + } + if (initgroups (pw->pw_name, getgid ())) + { + FATAL_ERROR ((0, errno, "%s", "initgroups")); + } + if (gid != getegid () && setgid (gid) && errno != EPERM) + { + FATAL_ERROR ((0, errno, "%s", "setgid")); + } + if (uid != geteuid () && setuid (uid) && errno != EPERM) + { + FATAL_ERROR ((0, errno, "%s", "setuid")); + } +} #endif #if XENIX diff --git a/tests/genfile.c b/tests/genfile.c index dc822c7..284d762 100644 --- a/tests/genfile.c +++ b/tests/genfile.c @@ -40,6 +40,8 @@ #ifndef EXIT_FAILURE # define EXIT_FAILURE 1 #endif +#define EXIT_USAGE 2 +#define EXIT_UNAVAILABLE 3 #if ! defined SIGCHLD && defined SIGCLD # define SIGCHLD SIGCLD @@ -242,15 +244,15 @@ get_size (const char *str, int allow_zero) if (9 < (unsigned) digit) { if (xlat_suffix (&v, p)) - error (EXIT_FAILURE, 0, _("Invalid size: %s"), str); + error (EXIT_USAGE, 0, _("Invalid size: %s"), str); else break; } else if (x / 10 != v) - error (EXIT_FAILURE, 0, _("Number out of allowed range: %s"), str); + error (EXIT_USAGE, 0, _("Number out of allowed range: %s"), str); v = x + digit; if (v < 0) - error (EXIT_FAILURE, 0, _("Negative size: %s"), str); + error (EXIT_USAGE, 0, _("Negative size: %s"), str); } return v; } @@ -270,7 +272,7 @@ verify_file (char *file_name) (unsigned long)st.st_size, (unsigned long)file_length); if (!quiet && mode == mode_sparse && !ST_IS_SPARSE (st)) - error (EXIT_FAILURE, 0, _("created file is not sparse")); + error (EXIT_UNAVAILABLE, 0, _("created file is not sparse")); } } @@ -565,7 +567,7 @@ generate_sparse_file (int argc, char **argv) int flags = O_CREAT | O_RDWR | O_BINARY; if (!file_name) - error (EXIT_FAILURE, 0, + error (EXIT_USAGE, 0, _("cannot generate sparse files on standard output, use --file option")); if (!seek_offset) flags |= O_TRUNC; @@ -657,13 +659,13 @@ print_stat (const char *name) if (*q) { printf ("\n"); - error (EXIT_FAILURE, 0, _("incorrect mask (near `%s')"), q); + error (EXIT_USAGE, 0, _("incorrect mask (near `%s')"), q); } } else if (p[4]) { printf ("\n"); - error (EXIT_FAILURE, 0, _("Unknown field `%s'"), p); + error (EXIT_USAGE, 0, _("Unknown field `%s'"), p); } printf ("%0o", val); } @@ -696,7 +698,7 @@ print_stat (const char *name) else { printf ("\n"); - error (EXIT_FAILURE, 0, _("Unknown field `%s'"), p); + error (EXIT_USAGE, 0, _("Unknown field `%s'"), p); } p = strtok (NULL, ","); if (p) @@ -952,7 +954,7 @@ main (int argc, char **argv) /* Decode command options. */ if (argp_parse (&argp, argc, argv, 0, &index, NULL)) - exit (EXIT_FAILURE); + exit (EXIT_USAGE); argc -= index; argv += index; @@ -961,7 +963,7 @@ main (int argc, char **argv) { case mode_stat: if (argc == 0) - error (EXIT_FAILURE, 0, _("--stat requires file names")); + error (EXIT_USAGE, 0, _("--stat requires file names")); while (argc--) print_stat (*argv++); @@ -974,7 +976,7 @@ main (int argc, char **argv) case mode_generate: if (argc) - error (EXIT_FAILURE, 0, _("too many arguments")); + error (EXIT_USAGE, 0, _("too many arguments")); if (files_from) generate_files_from_list (); else |