Subject: Re: Fix for PR security/8069: man(1) vulnerability
To: Matthias Scheler <tron@zhadum.de>
From: Jason Thorpe <thorpej@nas.nasa.gov>
List: tech-security
Date: 07/25/1999 14:53:42
On 25 Jul 1999 21:38:12 GMT 
 tron@zhadum.de (Matthias Scheler) wrote:

 > here is my suggestion for a fix for PR security/8069:

Looks great!

 > 
 > Index: man.c
 > ===================================================================
 > RCS file: /cvsroot/basesrc/usr.bin/man/man.c,v
 > retrieving revision 1.19
 > diff -r1.19 man.c
 > 59a60
 > > #include <pwd.h>
 > 84a86
 > > static void	 drop_priv __P((void));
 > 98a101,102
 > > 	drop_priv();
 > > 
 > 769a774
 > > 
 > 773a779,804
 > > }
 > > 
 > > /*
 > >  * drop_priv --
 > >  *	Drop root privileges
 > >  */
 > > 
 > > static void
 > > drop_priv()
 > > {
 > > 	struct passwd *nobody;
 > > 
 > > 	if (geteuid() != 0) return;
 > > 
 > > 	if (((nobody = getpwnam("nobody")) == NULL)||
 > > 	    setgid(nobody->pw_gid)||
 > > 	    setegid(nobody->pw_gid)||
 > > 	    setuid(nobody->pw_uid)||
 > > 	    seteuid(nobody->pw_uid)) {
 > > 		extern char *__progname;
 > > 
 > > 		(void)fprintf(stderr,
 > > 			      "%s: can't drop root privileges.\n",
 > > 			      __progname);
 > > 		exit (1);
 > > 	}
 > 
 > Opinions?
 > 
 > 	Kind regards
 > 
 > -- 
 > Matthias Scheler                                http://home.owl.de/~tron/

        -- Jason R. Thorpe <thorpej@nas.nasa.gov>