Re: bin/59449: which(1) / whereis(1) fails if the euid/egid != uid/gid

["Jan Schaumann via gnats" <gnats-admin%NetBSD.org@localhost>]

The following reply was made to PR bin/59449; it has been noted by GNATS.

From: Jan Schaumann <jschauma%netmeister.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: bin/59449: which(1) / whereis(1) fails if the euid/egid !=
 uid/gid
Date: Sat, 31 May 2025 12:02:16 -0400

 Robert Elz via gnats <gnats-admin%NetBSD.org@localhost> wrote:
 
 >  I think your fix is the wrong one, a better fix is to replace
 >  the call to setuid(euid) with a call to setreuid(euid, euid)
 >  and setgid(egid) with a call to setregid(egid, egid).
 
 Hehe, yes, that would be a bit easier:
 
 Index: whereis.c
 ===================================================================
 RCS file: /cvsroot/src/usr.bin/whereis/whereis.c,v
 retrieving revision 1.21
 diff -u -p -r1.21 whereis.c
 --- whereis.c	17 Oct 2008 10:53:26 -0000	1.21
 +++ whereis.c	31 May 2025 16:00:27 -0000
 @@ -69,9 +69,9 @@ main(int argc, char *argv[])
  	uid_t euid = geteuid();
  
  	/* To make access(2) do what we want */
 -	if (setgid(egid) == -1)
 +	if (setregid(egid, egid) == -1)
  		err(1, "Can't set gid to %lu", (unsigned long)egid);
 -	if (setuid(euid) == -1)
 +	if (setreuid(euid, euid) == -1)
  		err(1, "Can't set uid to %lu", (unsigned long)euid);
  
  	while ((ch = getopt(argc, argv, "ap")) != -1)