Subject: some NetBSD and 4.4BSD set*id nits for C-Kermit 5a190 beta
To: None <fdc@columbia.edu>
From: John Kohl <jtk@kolvir.blrc.ma.us>
List: current-users
Date: 09/20/1994 20:38:41
Hi Frank,
You may recall I sent you some patches for BSD/386 C-Kermit. Well, I"m
now running NetBSD 1.0_BETA, and I have some more patches for you.
Primarily they're to use the proper set*id() function calls to actually
change the user ID's as intended. setreuid() on NetBSD no longer does
what you might think its name implies, due to POSIXifcation of the
set*id() stuff. You now have to use sete*id() or straight set*id().
So, there is a Makefile addition (what I used to build C-Kermit on my
NetBSD box), plus a bunch of changes for the set*id() changes.
Note that NOCOTFMC is now needed on NetBSD-1.0_BETA.
With these changes, I believe it's safe to install kermit set-uid or
set-gid on NetBSD 1.0_BETA.
These diffs are off a c-kermit 5a(190) from a couple months ago, so
hopefully they still fit the current stuff.
==John
===================================================================
RCS file: RCS/ckucon.c,v
retrieving revision 1.1
diff -c -r1.1 ckucon.c
*** 1.1 1994/07/31 14:08:06
--- ckucon.c 1994/07/31 14:16:04
***************
*** 1245,1253 ****
goto conret1;
} else { /* *** */ /* Inferior reads, prints port input */
!
! if (priv_can()) { /* Cancel all privs */
! printf("?setuid error - fatal\n");
doexit(BAD_EXIT,-1);
}
signal(SIGINT, SIG_IGN); /* In case these haven't been */
--- 1245,1253 ----
goto conret1;
} else { /* *** */ /* Inferior reads, prints port input */
! int xxxx;
! if (xxxx = priv_can()) { /* Cancel all privs */
! printf("?setuid error - fatal (%x)\n", xxxx);
doexit(BAD_EXIT,-1);
}
signal(SIGINT, SIG_IGN); /* In case these haven't been */
***************
*** 7163,7169 ****
#define switchgid(hidden,active) setregid(hidden,active)
#endif
! #else /* !SETREUID, !SAVEDUID */
/* On System V and POSIX, the only thing we can change is the effective UID
* (unless the current effective UID is "root", but initsuid() avoids that for
--- 7197,7207 ----
#define switchgid(hidden,active) setregid(hidden,active)
#endif
! #else /* !SETREUID */
! #if defined(SETEUID) && defined(SAVEDUID)
! #define switchuid(hidden,active) seteuid(active)
! #define switchgid(hidden,active) setegid(active)
! #else /* !SETREUID, !(SETEUID && SAVEDUID) */
/* On System V and POSIX, the only thing we can change is the effective UID
* (unless the current effective UID is "root", but initsuid() avoids that for
***************
*** 7178,7183 ****
--- 7216,7222 ----
*/
#define switchuid(hidden,active) setuid(active)
#define switchgid(hidden,active) setgid(active)
+ #endif /* SETEUID */
#endif /* SETREUID */
***************
*** 7245,7262 ****
#ifdef SETREUID
int err = 0;
if (privuid != (UID_T) -1)
! if (setreuid(realuid,realuid))
! err |= 1;
!
if (privgid != (GID_T) -1)
! if (setregid(realgid,realgid))
! err |= 2;
!
return(err);
#else
/* Easy way of using setuid()/setgid() instead of setreuid()/setregid().*/
return(priv_off());
#endif /* SETREUID */
}
--- 7284,7330 ----
#ifdef SETREUID
int err = 0;
if (privuid != (UID_T) -1)
! if (setreuid(realuid,realuid)) {
! debug(F101,"setreuid failed","",errno);
! err |= 1;
! debug(F101,"ruid","",getuid());
! debug(F101,"euid","",geteuid());
! }
! debug(F101,"setreuid","",realuid);
if (privgid != (GID_T) -1)
! if (setregid(realgid,realgid)) {
! debug(F101,"setregid failed","",errno);
! err |= 2;
! debug(F101,"rgid","",getgid());
! debug(F101,"egid","",getegid());
! }
! debug(F101,"setregid","",realgid);
return(err);
#else
+ #ifdef SETEUID
+ int err = 0;
+ if (privuid != (UID_T) -1)
+ if (setuid(realuid)) {
+ debug(F101,"setuid failed","",errno);
+ err |= 1;
+ debug(F101,"ruid","",getuid());
+ debug(F101,"euid","",geteuid());
+ }
+ debug(F101,"setuid","",realuid);
+ if (privgid != (GID_T) -1)
+ if (setgid(realgid)) {
+ debug(F101,"setgid failed","",errno);
+ err |= 2;
+ debug(F101,"rgid","",getgid());
+ debug(F101,"egid","",getegid());
+ }
+ debug(F101,"setgid","",realgid);
+ return(err);
+ #else
/* Easy way of using setuid()/setgid() instead of setreuid()/setregid().*/
return(priv_off());
+ #endif
#endif /* SETREUID */
}
===================================================================
RCS file: RCS/ckuuid.c,v
retrieving revision 1.1
diff -c -r1.1 ckuuid.c
*** 1.1 1994/07/31 14:27:27
--- ckuuid.c 1994/07/31 14:38:56
***************
*** 478,485 ****
/* On systems with setreXid() but without the saved-UID feature, notably
* BSD 4.2, we swap the real and effective UIDs each time. It's
! * the effective UID that we are interested in, but we have to retain the
! * unused UID somewhere to enable us to restore it later, and we do this
* in the real UID. The kernel only allows switching to either the current
* real or the effective UID, unless you're "root".
*/
--- 478,485 ----
/* On systems with setreXid() but without the saved-UID feature, notably
* BSD 4.2, we swap the real and effective UIDs each time. It's
! * the effective UID that we are interested in, but we have to retain the
! * unused UID somewhere to enable us to restore it later, and that we do this
* in the real UID. The kernel only allows switching to either the current
* real or the effective UID, unless you're "root".
*/
***************
*** 487,493 ****
#define switchgid(hidden,active) setregid(hidden,active)
#endif
! #else /* !SETREUID, !SAVEDUID */
/* On System V and POSIX, the only thing we can change is the effective UID
* (unless the current effective UID is "root", but initsuid() avoids that for
--- 487,497 ----
#define switchgid(hidden,active) setregid(hidden,active)
#endif
! #else /* !SETREUID */
! #if defined(SETEUID) && defined(SAVEDUID)
! #define switchuid(hidden,active) seteuid(active)
! #define switchgid(hidden,active) setegid(active)
! #else /* !SETREUID, !(SETEUID && SAVEDUID) */
/* On System V and POSIX, the only thing we can change is the effective UID
* (unless the current effective UID is "root", but initsuid() avoids that for
***************
*** 502,509 ****
*/
#define switchuid(hidden,active) setuid(active)
#define switchgid(hidden,active) setgid(active)
#endif /* SETREUID */
-
/* P R I V _ O N -- Turn on the setuid and/or setgid */
--- 506,513 ----
*/
#define switchuid(hidden,active) setuid(active)
#define switchgid(hidden,active) setgid(active)
+ #endif /* SETEUID */
#endif /* SETREUID */
/* P R I V _ O N -- Turn on the setuid and/or setgid */
***************
*** 579,586 ****
--- 583,602 ----
return(err);
#else
+ #ifdef SETEUID
+ int err = 0;
+ if (privuid != (UID_T) -1)
+ if (setuid(realuid))
+ err |= 1;
+
+ if (privgid != (GID_T) -1)
+ if (setgid(realgid))
+ err |= 2;
+ return(err);
+ #else
/* Easy way of using setuid()/setgid() instead of setreuid()/setregid().*/
return(priv_off());
+ #endif
#endif /* SETREUID */
}
===================================================================
RCS file: RCS/makefile,v
retrieving revision 1.1
diff -c -r1.1 makefile
*** 1.1 1994/07/31 14:08:06
--- makefile 1994/09/21 00:26:09
***************
*** 336,342 ****
# ln /usr/include/arpa/inet.h /usr/include/sys/inet.h
# ln /usr/include/sys/termiox.h /usr/include/termiox.h
# + for NCR System 3000, NCR UNIX 02.02.01, same as above.
! # + for NetBSD on PC 386/486, Amiga, Mac, etc, "make bsd44c"
# + for NeXT with NeXTSTEP 1.0 through 3.2, "make next" (on a NeXT)
# + for NeXTSTEP/486, "make next" (on a PC)
# + for NeXTSTEP portable binary (runs on Intel or Motorola), "make nextfat"
--- 336,342 ----
# ln /usr/include/arpa/inet.h /usr/include/sys/inet.h
# ln /usr/include/sys/termiox.h /usr/include/termiox.h
# + for NCR System 3000, NCR UNIX 02.02.01, same as above.
! # + for NetBSD on PC 386/486, Amiga, Mac, etc, "make netbsd"
# + for NeXT with NeXTSTEP 1.0 through 3.2, "make next" (on a NeXT)
# + for NeXTSTEP/486, "make next" (on a PC)
# + for NeXTSTEP portable binary (runs on Intel or Motorola), "make nextfat"
***************
*** 815,820 ****
--- 815,829 ----
@echo Making C-Kermit $(CKVER) for 4.4BSD with curses...
$(MAKE) wermit \
"CFLAGS= -DBSD44 -DCK_CURSES -DDYNAMIC -DTCPSOCKET \
+ $(KFLAGS) -O" "LIBS= -lcurses -ltermcap"
+
+ #NetBSD: like BSD UNIX 4.4, but needs defines for NOCOTFMC, SAVEDUID, SETEUID,
+ # NOSETREU, plus we add other goodies
+ netbsd:
+ @echo Making C-Kermit $(CKVER) for NetBSD...
+ $(MAKE) wermit \
+ "CFLAGS= -DFUNNEL -DUSLEEP -DSAVEDUID -DSETEUID -DNOSETREU \
+ -DBSD44 -DCK_CURSES -DDYNAMIC -DTCPSOCKET -DNOCOTFMC \
$(KFLAGS) -O" "LIBS= -lcurses -ltermcap"
#Tektronix 6130, 4319, 4301, etc, with UTek OS, /usr/spool/uucp/LCK./...