[src/trunk]: src/external/bsd/ntp/dist/ntpd Don't try to drop privileges twic...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/external/bsd/ntp/dist/ntpd Don't try to drop privileges twic...
From: christos <christos%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 11:01:58 +0000

details:   https://anonhg.NetBSD.org/src/rev/aecb2ff5c860
branches:  trunk
changeset: 836492:aecb2ff5c860
user:      christos <christos%NetBSD.org@localhost>
date:      Sat Oct 20 02:30:43 2018 +0000

description:
Don't try to drop privileges twice, it produces a spurious error message
in the forked child.

diffstat:

 external/bsd/ntp/dist/ntpd/ntpd.c |  52 +++++++++++++++++++++++++-------------
 1 files changed, 34 insertions(+), 18 deletions(-)

diffs (81 lines):

diff -r 5a159b570fe7 -r aecb2ff5c860 external/bsd/ntp/dist/ntpd/ntpd.c
--- a/external/bsd/ntp/dist/ntpd/ntpd.c Fri Oct 19 23:07:31 2018 +0000
+++ b/external/bsd/ntp/dist/ntpd/ntpd.c Sat Oct 20 02:30:43 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ntpd.c,v 1.16 2018/09/29 21:52:33 christos Exp $       */
+/*     $NetBSD: ntpd.c,v 1.17 2018/10/20 02:30:43 christos Exp $       */
 
 /*
  * ntpd.c - main program for the fixed point NTP daemon
@@ -688,24 +688,9 @@
        return 1;
 }
 
-/*
- * Change (effective) user and group IDs, also initialize the supplementary group access list
- */
-int set_user_group_ids(void);
-int
-set_user_group_ids(void)
+static int
+set_group_ids(void)
 {
-       /* If the the user was already mapped, no need to map it again */
-       if ((NULL != user) && (0 == sw_uid)) {
-               if (0 == map_user())
-                       exit (-1);
-       }
-       /* same applies for the group */
-       if ((NULL != group) && (0 == sw_gid)) {
-               if (0 == map_group())
-                       exit (-1);
-       }
-
        if (user && initgroups(user, sw_gid)) {
                msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user);
                return 0;
@@ -729,6 +714,12 @@
                        msyslog(LOG_ERR, "initgroups(<%s>, %d) filed: %m", pw->pw_name, pw->pw_gid);
                        return 0;
                }
+       return 1;
+}
+
+static int
+set_user_ids(void)
+{
        if (user && setuid(sw_uid)) {
                msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user);
                return 0;
@@ -737,6 +728,31 @@
                msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user);
                return 0;
        }
+       return 1;
+}
+
+/*
+ * Change (effective) user and group IDs, also initialize the supplementary group access list
+ */
+int set_user_group_ids(void);
+int
+set_user_group_ids(void)
+{
+       /* If the the user was already mapped, no need to map it again */
+       if ((NULL != user) && (0 == sw_uid)) {
+               if (0 == map_user())
+                       exit (-1);
+       }
+       /* same applies for the group */
+       if ((NULL != group) && (0 == sw_gid)) {
+               if (0 == map_group())
+                       exit (-1);
+       }
+
+       if (getegid() != sw_gid && 0 == set_group_ids())
+               return 0;
+       if (geteuid() != sw_uid && 0 == set_user_ids())
+               return 0;
 
        return 1;
 }

Prev by Date: [src/trunk]: src/lib/libc/time Update to 2018f:
Next by Date: [src/trunk]: src/sys/dev/i2c match "i2c-at34c02", found in various sparc64 boxes
Previous by Thread: [src/trunk]: src/lib/libc/time Update to 2018f:
Next by Thread: [src/trunk]: src/sys/dev/i2c match "i2c-at34c02", found in various sparc64 boxes
Indexes:

Home | Main Index | Thread Index | Old Index