D51510.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D51510.diff
View Options

	diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
	--- a/sbin/dhclient/dhclient.c
	+++ b/sbin/dhclient/dhclient.c
	@@ -539,7 +539,7 @@
	setproctitle("%s", ifi->name);

	/* setgroups(2) is not permitted in capability mode. */
	- if (setgroups(1, &pw->pw_gid) != 0)
	+ if (setgroups(0, NULL) != 0)
	error("can't restrict groups: %m");

	if (caph_enter_casper() < 0)
	diff --git a/usr.sbin/rwhod/rwhod.c b/usr.sbin/rwhod/rwhod.c
	--- a/usr.sbin/rwhod/rwhod.c
	+++ b/usr.sbin/rwhod/rwhod.c
	@@ -246,12 +246,12 @@
	syslog(LOG_ERR, "bind: %m");
	exit(1);
	}
	- if (setgid(unpriv_gid) != 0) {
	- syslog(LOG_ERR, "setgid: %m");
	+ if (setgroups(0, NULL) != 0) {
	+ syslog(LOG_ERR, "setgroups: %m");
	exit(1);
	}
	- if (setgroups(1, &unpriv_gid) != 0) { /* XXX BOGUS groups[0] = egid */
	- syslog(LOG_ERR, "setgroups: %m");
	+ if (setgid(unpriv_gid) != 0) {
	+ syslog(LOG_ERR, "setgid: %m");
	exit(1);
	}
	if (setuid(unpriv_uid) != 0) {
	diff --git a/usr.sbin/ypldap/ldapclient.c b/usr.sbin/ypldap/ldapclient.c
	--- a/usr.sbin/ypldap/ldapclient.c
	+++ b/usr.sbin/ypldap/ldapclient.c
	@@ -385,7 +385,7 @@
	ypldap_process = PROC_CLIENT;

	#ifndef DEBUG
	- if (setgroups(1, &pw->pw_gid) \|\|
	+ if (setgroups(0, NULL) \|\|
	setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) \|\|
	setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
	fatal("cannot drop privileges");
	diff --git a/usr.sbin/ypldap/ypldap.c b/usr.sbin/ypldap/ypldap.c
	--- a/usr.sbin/ypldap/ypldap.c
	+++ b/usr.sbin/ypldap/ypldap.c
	@@ -602,7 +602,7 @@
	fatal("getpwnam");

	#ifndef DEBUG
	- if (setgroups(1, &pw->pw_gid) \|\|
	+ if (setgroups(0, NULL) \|\|
	setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) \|\|
	setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
	fatal("cannot drop privileges");
	diff --git a/usr.sbin/ypldap/ypldap_dns.c b/usr.sbin/ypldap/ypldap_dns.c
	--- a/usr.sbin/ypldap/ypldap_dns.c
	+++ b/usr.sbin/ypldap/ypldap_dns.c
	@@ -91,7 +91,7 @@
	setproctitle("dns engine");
	close(pipe_ntp[0]);

	- if (setgroups(1, &pw->pw_gid) \|\|
	+ if (setgroups(0, NULL) \|\|
	setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) \|\|
	setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
	fatal("can't drop privileges");

File Metadata

Mime Type: text/plain
Expires: Tue, Jun 23, 3:34 AM (21 h, 9 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 34228388
Default Alt Text: D51510.diff (2 KB)

D51510.diffNo OneTemporaryActions

D51510.diffView Options

File Metadata

Event Timeline

D51510.diff
No OneTemporary
Actions

D51510.diff
View Options