tech-security: Fix for PR security/8069: man(1) vulnerability

Subject: Fix for PR security/8069: man(1) vulnerability
To: None <tech-security@netbsd.org>
From: Matthias Scheler <tron@zhadum.de>
List: tech-security
Date: 07/25/1999 21:38:12

	Hello,

here is my suggestion for a fix for PR security/8069:

Index: man.c
===================================================================
RCS file: /cvsroot/basesrc/usr.bin/man/man.c,v
retrieving revision 1.19
diff -r1.19 man.c
59a60
> #include <pwd.h>
84a86
> static void	 drop_priv __P((void));
98a101,102
> 	drop_priv();
> 
769a774
> 
773a779,804
> }
> 
> /*
>  * drop_priv --
>  *	Drop root privileges
>  */
> 
> static void
> drop_priv()
> {
> 	struct passwd *nobody;
> 
> 	if (geteuid() != 0) return;
> 
> 	if (((nobody = getpwnam("nobody")) == NULL)||
> 	    setgid(nobody->pw_gid)||
> 	    setegid(nobody->pw_gid)||
> 	    setuid(nobody->pw_uid)||
> 	    seteuid(nobody->pw_uid)) {
> 		extern char *__progname;
> 
> 		(void)fprintf(stderr,
> 			      "%s: can't drop root privileges.\n",
> 			      __progname);
> 		exit (1);
> 	}

Opinions?

	Kind regards

-- 
Matthias Scheler                                http://home.owl.de/~tron/