netbsd-bugs: bin/24919: atrun(8) uses setegid() against non-existent gid

Subject: bin/24919: atrun(8) uses setegid() against non-existent gid
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <jeffi@rcn.com>
List: netbsd-bugs
Date: 03/26/2004 04:32:33

>Number:         24919
>Category:       bin
>Synopsis:       atrun(8) uses setegid() against non-existent gid
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Mar 26 04:33:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Jeff Ito
>Release:        1.6ZK
>Organization:
>Environment:
NetBSD netbsd 1.6ZK NetBSD 1.6ZK (LAB) #2: Mon Mar 22 10:37:04 EST 2004  jeff@netbsd:/q/nbsd/src/sys/arch/i386/compile/LAB i386
>Description:
atrun(8) setegid()'s NOBODY_GID / 32767 which does not exist.
>How-To-Repeat:
n/a
>Fix:
Correct NOBODY_GID to 39 or perhaps rename for consistency sake and use NOGROUP_GID (32766)

Index: atrun.h
===================================================================
RCS file: /cvs/nbsd/src/libexec/atrun/atrun.h,v
retrieving revision 1.7
diff -u -r1.7 atrun.h
--- atrun.h     26 Jul 2003 19:32:06 -0000      1.7
+++ atrun.h     26 Mar 2004 03:23:19 -0000
@@ -38,4 +38,4 @@
 
 #define ATRUN_MAXLOAD  1.5
 #define NOBODY_UID     32767
-#define NOBODY_GID     32767
+#define NOBODY_GID     39

...

Index: atrun.c
===================================================================
RCS file: /cvs/nbsd/src/libexec/atrun/atrun.c,v
retrieving revision 1.13
diff -u -r1.13 atrun.c
--- atrun.c     17 May 2003 22:57:30 -0000      1.13
+++ atrun.c     26 Mar 2004 03:29:51 -0000
@@ -398,7 +398,7 @@
         * We don't need root privileges all the time; running under uid
         * and gid nobody is fine except for privileged operations.
         */
-       RELINQUISH_PRIVS_ROOT(NOBODY_UID, NOBODY_GID)
+       RELINQUISH_PRIVS_ROOT(NOBODY_UID, NOGROUP_GID);
 
        openlog("atrun", LOG_PID, LOG_CRON);
 
Index: atrun.h
===================================================================
RCS file: /cvs/nbsd/src/libexec/atrun/atrun.h,v
retrieving revision 1.7
diff -u -r1.7 atrun.h
--- atrun.h     26 Jul 2003 19:32:06 -0000      1.7
+++ atrun.h     26 Mar 2004 03:29:51 -0000
@@ -38,4 +38,4 @@
 
 #define ATRUN_MAXLOAD  1.5
 #define NOBODY_UID     32767
-#define NOBODY_GID     32767
+#define NOGROUP_GID    32766

>Release-Note:
>Audit-Trail:
>Unformatted: