bug-inetutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-inetutils] [PATCH] rexecd possible security problem


From: Giuseppe Scrivano
Subject: [bug-inetutils] [PATCH] rexecd possible security problem
Date: Thu, 09 Jul 2009 12:05:20 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.94 (gnu/linux)

Hello,

looking at the rexecd.c code I found a possible security problem, if the
these calls fail the process keeps the original ones and contines its
execution.

The first patch solves this problem, the second fixes a compiler
warning.

Cheers,
Giuseppe


>From 40f3fab918f65aa1f4ac9ed69290d97c3340650b Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <address@hidden>
Date: Thu, 9 Jul 2009 11:35:43 +0200
Subject: [PATCH 1/2] rexecd: check for errors of 
setegid/setuid/setgid/initgroups

2009-07-09  Giuseppe Scrivano <address@hidden>

        * rexecd/rexecd.c (doit): Add return value check after
        use setegid/setuid/setgid/initgroups.
---
 rexecd/rexecd.c |   29 ++++++++++++++++++++++++-----
 1 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/rexecd/rexecd.c b/rexecd/rexecd.c
index be8511b..f07e56e 100644
--- a/rexecd/rexecd.c
+++ b/rexecd/rexecd.c
@@ -27,7 +27,7 @@
  * SUCH DAMAGE.
  */
 
-/* Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
+/* Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
    Free Software Foundation, Inc.
 
    This file is part of GNU Inetutils.
@@ -320,12 +320,31 @@ doit (int f, struct sockaddr_in *fromp)
     pwd->pw_shell = PATH_BSHELL;
   if (f > 2)
     close (f);
-  setegid ((gid_t) pwd->pw_gid);
-  setgid ((gid_t) pwd->pw_gid);
+
+  if (setegid ((gid_t) pwd->pw_gid) < 0)
+    {
+      fprintf (stderr, "rexecd: setegid: %s\n", strerror (errno));
+      exit (1);
+    }
+
+  if (setgid ((gid_t) pwd->pw_gid) < 0)
+    {
+      fprintf (stderr, "rexecd: setgid: %s\n", strerror (errno));
+      exit (1);
+    }
 #ifdef HAVE_INITGROUPS
-  initgroups (pwd->pw_name, pwd->pw_gid);
+  if (initgroups (pwd->pw_name, pwd->pw_gid) < 0)
+    {
+      fprintf (stderr, "rexecd: initgroups: %s\n", strerror (errno));
+      exit (1);
+    }
 #endif
-  setuid ((uid_t) pwd->pw_uid);
+  if (setuid ((uid_t) pwd->pw_uid) < 0)
+    {
+      fprintf (stderr, "rexecd: setuid: %s\n", strerror (errno));
+      exit (1);
+    }
+
   if (chdir (pwd->pw_dir) < 0)
     {
       error ("No remote directory.\n");
-- 
1.6.3.1


>From 35f1dba22e0d287b35115b8a7f4a19d6772d4f3b Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <address@hidden>
Date: Thu, 9 Jul 2009 11:41:02 +0200
Subject: [PATCH 2/2] rexecd: Fix a compiler warning.

2009-07-09 Giuseppe Scrivano <address@hidden>

        * rexecd/rexecd.c: Add prototype for `doit'.
---
 rexecd/rexecd.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/rexecd/rexecd.c b/rexecd/rexecd.c
index f07e56e..826f7b4 100644
--- a/rexecd/rexecd.c
+++ b/rexecd/rexecd.c
@@ -99,6 +99,7 @@
 
 void error (const char *fmt, ...);
 void usage (void);
+int doit (int, struct sockaddr_in *);
 
 static const char *short_options = "hV";
 static struct option long_options[] = {
-- 
1.6.3.1





reply via email to

[Prev in Thread] Current Thread [Next in Thread]