mirror of
https://git.savannah.gnu.org/git/inetutils.git
synced 2026-01-12 00:19:39 +08:00
ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check set*id() return values
Several setuid(), setgid(), seteuid() and setguid() return values were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially leading to potential security issues. Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com> Signed-off-by: Simon Josefsson <simon@josefsson.org>
This commit is contained in:
Jeffrey Bencteux
committed by
Simon Josefsson
Simon Josefsson
parent
2d8a4aa6b7
commit
e4e65c03f4
10
ftpd/ftpd.c
10
ftpd/ftpd.c
@@ -863,7 +863,9 @@ end_login (struct credentials *pcred)
|
||||
char *remotehost = pcred->remotehost;
|
||||
int atype = pcred->auth_type;
|
||||
|
||||
seteuid ((uid_t) 0);
|
||||
if (seteuid ((uid_t) 0) == -1)
|
||||
_exit (EXIT_FAILURE);
|
||||
|
||||
if (pcred->logged_in)
|
||||
{
|
||||
logwtmp_keep_open (ttyline, "", "");
|
||||
@@ -1152,7 +1154,8 @@ getdatasock (const char *mode)
|
||||
|
||||
if (data >= 0)
|
||||
return fdopen (data, mode);
|
||||
seteuid ((uid_t) 0);
|
||||
if (seteuid ((uid_t) 0) == -1)
|
||||
_exit (EXIT_FAILURE);
|
||||
s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
|
||||
if (s < 0)
|
||||
goto bad;
|
||||
@@ -1977,7 +1980,8 @@ passive (int epsv, int af)
|
||||
else /* !AF_INET6 */
|
||||
((struct sockaddr_in *) &pasv_addr)->sin_port = 0;
|
||||
|
||||
seteuid ((uid_t) 0);
|
||||
if (seteuid ((uid_t) 0) == -1)
|
||||
_exit (EXIT_FAILURE);
|
||||
if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0)
|
||||
{
|
||||
if (seteuid ((uid_t) cred.uid))
|
||||
|
||||
39
src/rcp.c
39
src/rcp.c
@@ -347,14 +347,23 @@ main (int argc, char *argv[])
|
||||
if (from_option)
|
||||
{ /* Follow "protocol", send data. */
|
||||
response ();
|
||||
setuid (userid);
|
||||
|
||||
if (setuid (userid) == -1)
|
||||
{
|
||||
error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
|
||||
}
|
||||
|
||||
source (argc, argv);
|
||||
exit (errs);
|
||||
}
|
||||
|
||||
if (to_option)
|
||||
{ /* Receive data. */
|
||||
setuid (userid);
|
||||
if (setuid (userid) == -1)
|
||||
{
|
||||
error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
|
||||
}
|
||||
|
||||
sink (argc, argv);
|
||||
exit (errs);
|
||||
}
|
||||
@@ -536,7 +545,11 @@ toremote (char *targ, int argc, char *argv[])
|
||||
if (response () < 0)
|
||||
exit (EXIT_FAILURE);
|
||||
free (bp);
|
||||
setuid (userid);
|
||||
|
||||
if (setuid (userid) == -1)
|
||||
{
|
||||
error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
|
||||
}
|
||||
}
|
||||
source (1, argv + i);
|
||||
close (rem);
|
||||
@@ -628,7 +641,12 @@ tolocal (int argc, char *argv[])
|
||||
++errs;
|
||||
continue;
|
||||
}
|
||||
seteuid (userid);
|
||||
|
||||
if (seteuid (userid) == -1)
|
||||
{
|
||||
error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
|
||||
}
|
||||
|
||||
#if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
|
||||
sslen = sizeof (ss);
|
||||
(void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
|
||||
@@ -641,7 +659,12 @@ tolocal (int argc, char *argv[])
|
||||
#endif
|
||||
vect[0] = target;
|
||||
sink (1, vect);
|
||||
seteuid (effuid);
|
||||
|
||||
if (seteuid (effuid) == -1)
|
||||
{
|
||||
error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
|
||||
}
|
||||
|
||||
close (rem);
|
||||
rem = -1;
|
||||
#ifdef SHISHI
|
||||
@@ -1443,7 +1466,11 @@ susystem (char *s, int userid)
|
||||
return (127);
|
||||
|
||||
case 0:
|
||||
setuid (userid);
|
||||
if (setuid (userid) == -1)
|
||||
{
|
||||
error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
|
||||
}
|
||||
|
||||
execl (PATH_BSHELL, "sh", "-c", s, NULL);
|
||||
_exit (127);
|
||||
}
|
||||
|
||||
11
src/rlogin.c
11
src/rlogin.c
@@ -650,8 +650,15 @@ try_connect:
|
||||
/* Now change to the real user ID. We have to be set-user-ID root
|
||||
to get the privileged port that rcmd () uses. We now want, however,
|
||||
to run as the real user who invoked us. */
|
||||
seteuid (uid);
|
||||
setuid (uid);
|
||||
if (seteuid (uid) == -1)
|
||||
{
|
||||
error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
|
||||
}
|
||||
|
||||
if (setuid (uid) == -1)
|
||||
{
|
||||
error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
|
||||
}
|
||||
|
||||
doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */
|
||||
|
||||
|
||||
25
src/rsh.c
25
src/rsh.c
@@ -275,8 +275,17 @@ main (int argc, char **argv)
|
||||
{
|
||||
if (asrsh)
|
||||
*argv = (char *) "rlogin";
|
||||
seteuid (getuid ());
|
||||
setuid (getuid ());
|
||||
|
||||
if (seteuid (getuid ()) == -1)
|
||||
{
|
||||
error (EXIT_FAILURE, errno, "seteuid() failed");
|
||||
}
|
||||
|
||||
if (setuid (getuid ()) == -1)
|
||||
{
|
||||
error (EXIT_FAILURE, errno, "setuid() failed");
|
||||
}
|
||||
|
||||
execv (PATH_RLOGIN, argv);
|
||||
error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
|
||||
}
|
||||
@@ -545,8 +554,16 @@ try_connect:
|
||||
error (0, errno, "setsockopt DEBUG (ignored)");
|
||||
}
|
||||
|
||||
seteuid (uid);
|
||||
setuid (uid);
|
||||
if (seteuid (uid) == -1)
|
||||
{
|
||||
error (EXIT_FAILURE, errno, "seteuid() failed");
|
||||
}
|
||||
|
||||
if (setuid (uid) == -1)
|
||||
{
|
||||
error (EXIT_FAILURE, errno, "setuid() failed");
|
||||
}
|
||||
|
||||
#ifdef HAVE_SIGACTION
|
||||
sigemptyset (&sigs);
|
||||
sigaddset (&sigs, SIGINT);
|
||||
|
||||
20
src/rshd.c
20
src/rshd.c
@@ -1858,8 +1858,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
|
||||
pwd->pw_shell = PATH_BSHELL;
|
||||
|
||||
/* Set the gid, then uid to become the user specified by "locuser" */
|
||||
setegid ((gid_t) pwd->pw_gid);
|
||||
setgid ((gid_t) pwd->pw_gid);
|
||||
if (setegid ((gid_t) pwd->pw_gid) == -1)
|
||||
{
|
||||
rshd_error ("Cannot drop privileges (setegid() failed)\n");
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
if (setgid ((gid_t) pwd->pw_gid) == -1)
|
||||
{
|
||||
rshd_error ("Cannot drop privileges (setgid() failed)\n");
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
#ifdef HAVE_INITGROUPS
|
||||
initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */
|
||||
#endif
|
||||
@@ -1881,7 +1891,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
|
||||
}
|
||||
#endif /* WITH_PAM */
|
||||
|
||||
setuid ((uid_t) pwd->pw_uid);
|
||||
if (setuid ((uid_t) pwd->pw_uid) == -1)
|
||||
{
|
||||
rshd_error ("Cannot drop privileges (setuid() failed)\n");
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
/* We'll execute the client's command in the home directory
|
||||
* of locuser. Note, that the chdir must be executed after
|
||||
|
||||
15
src/uucpd.c
15
src/uucpd.c
@@ -250,7 +250,12 @@ doit (struct sockaddr *sap, socklen_t salen)
|
||||
snprintf (Username, sizeof (Username), "USER=%s", user);
|
||||
snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user);
|
||||
dologin (pw, sap, salen);
|
||||
setgid (pw->pw_gid);
|
||||
|
||||
if (setgid (pw->pw_gid) == -1)
|
||||
{
|
||||
fprintf (stderr, "setgid() failed");
|
||||
return;
|
||||
}
|
||||
#ifdef HAVE_INITGROUPS
|
||||
initgroups (pw->pw_name, pw->pw_gid);
|
||||
#endif
|
||||
@@ -259,7 +264,13 @@ doit (struct sockaddr *sap, socklen_t salen)
|
||||
fprintf (stderr, "Login incorrect.");
|
||||
return;
|
||||
}
|
||||
setuid (pw->pw_uid);
|
||||
|
||||
if (setuid (pw->pw_uid) == -1)
|
||||
{
|
||||
fprintf (stderr, "setuid() failed");
|
||||
return;
|
||||
}
|
||||
|
||||
execl (uucico_location, "uucico", NULL);
|
||||
perror ("uucico server: execl");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user