current-users: Re: some NetBSD and 4.4BSD set*id nits for C-Kermit 5a190 beta

Subject: Re: some NetBSD and 4.4BSD set*id nits for C-Kermit 5a190 beta
To: None <current-users@netbsd.org>
From: John Kohl <jtk@kolvir.blrc.ma.us>
List: current-users
Date: 09/20/1994 23:31:43
Well, I should have taken the latest stuff on kermit.columbia.edu before
sending earlier diffs.

Here are updated patches for the latest stuff on
kermit.columbia.edu:kermit/test/bin/cku190.tar.gz

===================================================================
RCS file: RCS/ckutio.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 ckutio.c
*** 1.1.1.1	1994/09/21 03:11:10
--- ckutio.c	1994/09/21 03:29:09
***************
*** 7779,7786 ****
  
  /* On systems with setreXid() but without the saved-UID feature, notably
   * BSD 4.2, we swap the real and effective UIDs each time.  It's
!  * the effective UID that we are interrested in, but we have to retain the
!  * unused UID somewhere to enable us to restore it later, and that we do this
   * in the real UID.  The kernel only allows switching to either the current 
   * real or the effective UID, unless you're "root".
   */
--- 7779,7786 ----
  
  /* On systems with setreXid() but without the saved-UID feature, notably
   * BSD 4.2, we swap the real and effective UIDs each time.  It's
!  * the effective UID that we are interested in, but we have to retain the
!  * unused UID somewhere to enable us to restore it later, and we do this
   * in the real UID.  The kernel only allows switching to either the current 
   * real or the effective UID, unless you're "root".
   */
***************
*** 7893,7901 ****
      return(err);
  
  #else
      /* Easy way of using setuid()/setgid() instead of setreuid()/setregid().*/
      return(priv_off());
! 
  #endif /* SETREUID */
  }
  
--- 7893,7921 ----
      return(err);
  
  #else
+ #ifdef SETEUID
+     int err = 0;
+     if (privuid != (UID_T) -1)
+ 	if (setuid(realuid)) {
+ 	    debug(F101,"setuid failed","",errno);
+ 	    err |= 1;
+ 	    debug(F101,"ruid","",getuid());
+ 	    debug(F101,"euid","",geteuid());
+ 	}
+     debug(F101,"setuid","",realuid);
+     if (privgid != (GID_T) -1)
+         if (setgid(realgid)) {
+ 	    debug(F101,"setgid failed","",errno);
+ 	    err |= 2;
+ 	    debug(F101,"rgid","",getgid());
+ 	    debug(F101,"egid","",getegid());
+ 	}
+     debug(F101,"setgid","",realgid);
+     return(err);
+ #else
      /* Easy way of using setuid()/setgid() instead of setreuid()/setregid().*/
      return(priv_off());
! #endif /* SETEUID */
  #endif /* SETREUID */
  }
  
===================================================================
RCS file: RCS/makefile,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 makefile
*** 1.1.1.1	1994/09/21 03:11:52
--- makefile	1994/09/21 03:13:17
***************
*** 830,836 ****
  	"LIBS= -lcurses -ltermcap"
  
  netbsd:
! 	$(MAKE) bsd44c "KFLAGS=$(KFLAGS)"
  
  #Tektronix 6130, 4319, 4301, etc, with UTek OS, /usr/spool/uucp/LCK./...
  #The models that support hardware flow control.
--- 830,836 ----
  	"LIBS= -lcurses -ltermcap"
  
  netbsd:
! 	$(MAKE) bsd44c "KFLAGS=$(KFLAGS) -DNOCOTFMC"
  
  #Tektronix 6130, 4319, 4301, etc, with UTek OS, /usr/spool/uucp/LCK./...
  #The models that support hardware flow control.
***************
*** 3435,3440 ****
--- 3435,3450 ----
  	@echo 'Running lint on C-Kermit $(CKVER) sources for MIPS version...'
  	lint -DMIPS -DDIRENT -DPID_T=int -DGID_T=gid_t \
  	-DUID_T=uid_t -DNOJC ck[cu]*.c > ckuker.lint.mips
+ 
+ ckuuid:
+ 	@echo 'building C-Kermit $(CKVER) set-UID/set-GID test programs'
+ 	$(CC) -DANYBSD -DSAVEDUID -o ckuuid1 ckuuid.c
+ 	$(CC) -DANYBSD -o ckuuid2 ckuuid.c
+ 	$(CC) -DANYBSD -DNOSETREU -o ckuuid3 ckuuid.c
+ 	$(CC) -DANYBSD -DSETEUID -DNOSETREU -o ckuuid4 ckuuid.c
+ 	$(CC) -o ckuuid5 ckuuid.c
+ 	@echo 'Read the top of ckuuid.c for directions...for testing'
+ 	@echo 'you must make these programs setuid and setgid'
  
  #Anybody remember TECO?
  love:
===================================================================
RCS file: RCS/ckuuid.c,v
retrieving revision 1.1
diff -c -r1.1 ckuuid.c
*** 1.1	1994/09/21 02:30:54
--- ckuuid.c	1994/09/21 03:11:35
***************
*** 5,15 ****
  /* Modified ske, fdc, 6-10-90 */
  /* Modified to check access() and state conclusions, fdc, 12-29-92 */
  
- /*
-   NOTE: This program is now somewhat obsolete since it does not include
-   the 4.4BSD method, in which sete[ug]id are used like System V set[ug]id.
-   Easy to fix.  See ckutio.c, comments around definition of SETEUID symbol.
- */
  
  /*
  INSTRUCTIONS
--- 5,10 ----
***************
*** 19,25 ****
     $ cc -DANYBSD -DSAVEDUID -o ckuuid1 ckuuid.c     (1)
     $ cc -DANYBSD -o ckuuid2 ckuuid.c                (2)
     $ cc -DANYBSD -DNOSETREU -o ckuuid3 ckuuid.c     (3)
!    $ cc -o ckuuid4 ckuuid.c                         (4)
  
  (1) is for Berkeley-based systems that have setregid() and setreuid() and that
      have the saved-original-effective-uid feature, similar to AT&T System V.
--- 14,21 ----
     $ cc -DANYBSD -DSAVEDUID -o ckuuid1 ckuuid.c     (1)
     $ cc -DANYBSD -o ckuuid2 ckuuid.c                (2)
     $ cc -DANYBSD -DNOSETREU -o ckuuid3 ckuuid.c     (3)
!    $ cc -DANYBSD -DSETEUID -DNOSETREU -o ckuuid5 ckuuid.c     (4)
!    $ cc -o ckuuid4 ckuuid.c                         (5)
  
  (1) is for Berkeley-based systems that have setregid() and setreuid() and that
      have the saved-original-effective-uid feature, similar to AT&T System V.
***************
*** 29,35 ****
  
  (3) is for Berkeley-based systems that don't have setregid() and setreuid().
  
! (4) is for all others, including all AT&T-based versions, Xenix, etc.
  
  After building the program, run it to make sure that the uid's don't change
  (they shouldn't if the program is not setuid'd).
--- 25,34 ----
  
  (3) is for Berkeley-based systems that don't have setregid() and setreuid().
  
! (4) is for BSD4.4 and others that have seteuid()/setegid() and
!     saved-original-effective-uid feature.
! 
! (5) is for all others, including all AT&T-based versions, Xenix, etc.
  
  After building the program, run it to make sure that the uid's don't change
  (they shouldn't if the program is not setuid'd).
***************
*** 187,193 ****
      x = priv_on();
      printf("   priv_on returns %d\n",x);
      chuid();
! #ifdef SAVEDUID
      printf("   saved-original-effective-uid feature %s present\n",
  	   (uidb == euid) ? "IS" : "is NOT");
      printf("   saved-original-effective-gid feature %s present\n",
--- 186,192 ----
      x = priv_on();
      printf("   priv_on returns %d\n",x);
      chuid();
! #if defined(SAVEDUID) || defined(SETEUID)
      printf("   saved-original-effective-uid feature %s present\n",
  	   (uidb == euid) ? "IS" : "is NOT");
      printf("   saved-original-effective-gid feature %s present\n",
***************
*** 282,287 ****
--- 281,291 ----
  #else
      printf("   -DSW_ACC_ID omitted\n");
  #endif
+ #ifdef SETEUID
+     printf("   -DSETEUID included\n");
+ #else
+     printf("   -DSETEUID omitted\n");
+ #endif
  #else
      printf("...when built in the System V or POSIX environment\n");
  #endif /* ANYBSD */
***************
*** 495,500 ****
--- 499,515 ----
  
  #else /* !SETREUID, !SAVEDUID */
  
+ #ifdef SETEUID
+ /*
+   BSD 4.4 works similarly to System V and POSIX (see below), but uses
+   seteXid() instead of setXid() to change effective IDs.  In addition, the
+   seteXid() functions work the same for "root" as for other users.
+ */
+ #define switchuid(hidden,active)	seteuid(active)
+ #define switchgid(hidden,active)	setegid(active)
+ 
+ #else /* !SETEUID */
+ 
  /* On System V and POSIX, the only thing we can change is the effective UID
   * (unless the current effective UID is "root", but initsuid() avoids that for
   * us).  The kernel allows switching to the current real UID or to the saved
***************
*** 503,515 ****
   * the current effective UID is "root", though, because for "root" setuid/gid
   * becomes more powerful, which is why initsuid() treats "root" specially.
   * Note: That special treatment maybe could be ignored for BSD?  Note: For
!  * systems that don't fit any of these three cases, we simply can't support
   * set-UID.
   */
  #define switchuid(hidden,active)	setuid(active)
  #define switchgid(hidden,active)	setgid(active)
  #endif /* SETREUID */
-   
  
  /* P R I V _ O N  --  Turn on the setuid and/or setgid */
  
--- 518,530 ----
   * the current effective UID is "root", though, because for "root" setuid/gid
   * becomes more powerful, which is why initsuid() treats "root" specially.
   * Note: That special treatment maybe could be ignored for BSD?  Note: For
!  * systems that don't fit any of these four cases, we simply can't support
   * set-UID.
   */
  #define switchuid(hidden,active)	setuid(active)
  #define switchgid(hidden,active)	setgid(active)
+ #endif /* SETEUID */
  #endif /* SETREUID */
  
  /* P R I V _ O N  --  Turn on the setuid and/or setgid */
  
***************
*** 585,593 ****
      return(err);
  
  #else
      /* Easy way of using setuid()/setgid() instead of setreuid()/setregid().*/
      return(priv_off());
! 
  #endif /* SETREUID */
  }
  
--- 600,619 ----
      return(err);
  
  #else
+ #ifdef SETEUID
+     int err = 0;
+     if (privuid != (UID_T) -1)
+        if (setuid(realuid))
+ 	  err |= 1;
+ 
+     if (privgid != (GID_T) -1)
+         if (setgid(realgid))
+  	  err |= 2;
+     return(err);
+ #else
      /* Easy way of using setuid()/setgid() instead of setreuid()/setregid().*/
      return(priv_off());
! #endif /* SETEUID */
  #endif /* SETREUID */
  }