[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-inetutils] [PATCH] rexecd possible security problem
From: |
Giuseppe Scrivano |
Subject: |
[bug-inetutils] [PATCH] rexecd possible security problem |
Date: |
Thu, 09 Jul 2009 12:05:20 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.0.94 (gnu/linux) |
Hello,
looking at the rexecd.c code I found a possible security problem, if the
these calls fail the process keeps the original ones and contines its
execution.
The first patch solves this problem, the second fixes a compiler
warning.
Cheers,
Giuseppe
>From 40f3fab918f65aa1f4ac9ed69290d97c3340650b Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <address@hidden>
Date: Thu, 9 Jul 2009 11:35:43 +0200
Subject: [PATCH 1/2] rexecd: check for errors of
setegid/setuid/setgid/initgroups
2009-07-09 Giuseppe Scrivano <address@hidden>
* rexecd/rexecd.c (doit): Add return value check after
use setegid/setuid/setgid/initgroups.
---
rexecd/rexecd.c | 29 ++++++++++++++++++++++++-----
1 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/rexecd/rexecd.c b/rexecd/rexecd.c
index be8511b..f07e56e 100644
--- a/rexecd/rexecd.c
+++ b/rexecd/rexecd.c
@@ -27,7 +27,7 @@
* SUCH DAMAGE.
*/
-/* Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
+/* Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
Free Software Foundation, Inc.
This file is part of GNU Inetutils.
@@ -320,12 +320,31 @@ doit (int f, struct sockaddr_in *fromp)
pwd->pw_shell = PATH_BSHELL;
if (f > 2)
close (f);
- setegid ((gid_t) pwd->pw_gid);
- setgid ((gid_t) pwd->pw_gid);
+
+ if (setegid ((gid_t) pwd->pw_gid) < 0)
+ {
+ fprintf (stderr, "rexecd: setegid: %s\n", strerror (errno));
+ exit (1);
+ }
+
+ if (setgid ((gid_t) pwd->pw_gid) < 0)
+ {
+ fprintf (stderr, "rexecd: setgid: %s\n", strerror (errno));
+ exit (1);
+ }
#ifdef HAVE_INITGROUPS
- initgroups (pwd->pw_name, pwd->pw_gid);
+ if (initgroups (pwd->pw_name, pwd->pw_gid) < 0)
+ {
+ fprintf (stderr, "rexecd: initgroups: %s\n", strerror (errno));
+ exit (1);
+ }
#endif
- setuid ((uid_t) pwd->pw_uid);
+ if (setuid ((uid_t) pwd->pw_uid) < 0)
+ {
+ fprintf (stderr, "rexecd: setuid: %s\n", strerror (errno));
+ exit (1);
+ }
+
if (chdir (pwd->pw_dir) < 0)
{
error ("No remote directory.\n");
--
1.6.3.1
>From 35f1dba22e0d287b35115b8a7f4a19d6772d4f3b Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <address@hidden>
Date: Thu, 9 Jul 2009 11:41:02 +0200
Subject: [PATCH 2/2] rexecd: Fix a compiler warning.
2009-07-09 Giuseppe Scrivano <address@hidden>
* rexecd/rexecd.c: Add prototype for `doit'.
---
rexecd/rexecd.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/rexecd/rexecd.c b/rexecd/rexecd.c
index f07e56e..826f7b4 100644
--- a/rexecd/rexecd.c
+++ b/rexecd/rexecd.c
@@ -99,6 +99,7 @@
void error (const char *fmt, ...);
void usage (void);
+int doit (int, struct sockaddr_in *);
static const char *short_options = "hV";
static struct option long_options[] = {
--
1.6.3.1
- [bug-inetutils] [PATCH] rexecd possible security problem,
Giuseppe Scrivano <=
- Re: [bug-inetutils] [PATCH] rexecd possible security problem, Alfred M. Szmidt, 2009/07/10
- Re: [bug-inetutils] [PATCH] rexecd possible security problem, Sergey Poznyakoff, 2009/07/10
- Re: [bug-inetutils] [PATCH] rexecd possible security problem, Giuseppe Scrivano, 2009/07/10
- Re: [bug-inetutils] [PATCH] rexecd possible security problem, Sergey Poznyakoff, 2009/07/10
- Re: [bug-inetutils] [PATCH] rexecd possible security problem, Giuseppe Scrivano, 2009/07/10
- Re: [bug-inetutils] [PATCH] rexecd possible security problem, Sergey Poznyakoff, 2009/07/10
- Re: [bug-inetutils] [PATCH] rexecd possible security problem, Giuseppe Scrivano, 2009/07/10
- Re: [bug-inetutils] [PATCH] rexecd possible security problem, Sergey Poznyakoff, 2009/07/10
- Re: [bug-inetutils] [PATCH] rexecd possible security problem, Alfred M. Szmidt, 2009/07/10
- Re: [bug-inetutils] [PATCH] rexecd possible security problem, Sergey Poznyakoff, 2009/07/10