resolve conflicts. (mainly due to $Id$ mistake in past import)

This commit is contained in:
itojun 2000-06-13 17:18:26 +00:00
parent a297ccd8ed
commit 6bbde2ae91
21 changed files with 221 additions and 55 deletions

View File

@ -1,11 +1,22 @@
SENDMAIL RELEASE NOTES SENDMAIL RELEASE NOTES
Id: RELEASE_NOTES,v 8.561 2000/04/06 23:51:49 gshapiro Exp Id: RELEASE_NOTES,v 8.561.4.6 2000/06/07 07:39:53 gshapiro Exp
This listing shows the version of the sendmail binary, the version This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a of the sendmail configuration files, the date of release, and a
summary of the changes in that release. summary of the changes in that release.
8.10.2/8.10.2 2000/06/07
SECURITY: Work around broken Linux setuid() implementation.
On Linux, a normal user process has the ability to subvert
the setuid() call such that it is impossible for a root
process to drop its privileges. Problem noted by Wojciech
Purczynski of elzabsoft.pl.
SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(),
initgroups(), and chroot() calls.
Added Files:
test/t_setuid.c
8.10.1/8.10.1 2000/04/06 8.10.1/8.10.1 2000/04/06
SECURITY: Limit the choice of outgoing (client-side) SMTP SECURITY: Limit the choice of outgoing (client-side) SMTP
Authentication mechanisms to those specified in Authentication mechanisms to those specified in

View File

@ -16,8 +16,8 @@
##### #####
##### SENDMAIL CONFIGURATION FILE ##### SENDMAIL CONFIGURATION FILE
##### #####
##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:11 PDT 2000 ##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:00:54 PDT 2000
##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf ##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
##### using ../ as configuration include directory ##### using ../ as configuration include directory
##### #####
###################################################################### ######################################################################
@ -113,7 +113,7 @@ DnMAILER-DAEMON
CPREDIRECT CPREDIRECT
# Configuration version number # Configuration version number
DZ8.10.1 DZ8.10.2
############### ###############

View File

@ -16,8 +16,8 @@
##### #####
##### SENDMAIL CONFIGURATION FILE ##### SENDMAIL CONFIGURATION FILE
##### #####
##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:13 PDT 2000 ##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:00:57 PDT 2000
##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf ##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
##### using ../ as configuration include directory ##### using ../ as configuration include directory
##### #####
###################################################################### ######################################################################
@ -114,7 +114,7 @@ DnMAILER-DAEMON
CPREDIRECT CPREDIRECT
# Configuration version number # Configuration version number
DZ8.10.1 DZ8.10.2
############### ###############

View File

@ -16,8 +16,8 @@
##### #####
##### SENDMAIL CONFIGURATION FILE ##### SENDMAIL CONFIGURATION FILE
##### #####
##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:13 PDT 2000 ##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:00:57 PDT 2000
##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf ##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
##### using ../ as configuration include directory ##### using ../ as configuration include directory
##### #####
###################################################################### ######################################################################
@ -114,7 +114,7 @@ DnMAILER-DAEMON
CPREDIRECT CPREDIRECT
# Configuration version number # Configuration version number
DZ8.10.1 DZ8.10.2
############### ###############

View File

@ -16,8 +16,8 @@
##### #####
##### SENDMAIL CONFIGURATION FILE ##### SENDMAIL CONFIGURATION FILE
##### #####
##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:13 PDT 2000 ##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:00:58 PDT 2000
##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf ##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
##### using ../ as configuration include directory ##### using ../ as configuration include directory
##### #####
###################################################################### ######################################################################
@ -117,7 +117,7 @@ DnMAILER-DAEMON
CPREDIRECT CPREDIRECT
# Configuration version number # Configuration version number
DZ8.10.1 DZ8.10.2
############### ###############

View File

@ -16,8 +16,8 @@
##### #####
##### SENDMAIL CONFIGURATION FILE ##### SENDMAIL CONFIGURATION FILE
##### #####
##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:14 PDT 2000 ##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:00:58 PDT 2000
##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf ##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
##### using ../ as configuration include directory ##### using ../ as configuration include directory
##### #####
###################################################################### ######################################################################
@ -114,7 +114,7 @@ DnMAILER-DAEMON
CPREDIRECT CPREDIRECT
# Configuration version number # Configuration version number
DZ8.10.1 DZ8.10.2
############### ###############

View File

@ -16,8 +16,8 @@
##### #####
##### SENDMAIL CONFIGURATION FILE ##### SENDMAIL CONFIGURATION FILE
##### #####
##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:14 PDT 2000 ##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:00:58 PDT 2000
##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf ##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
##### using ../ as configuration include directory ##### using ../ as configuration include directory
##### #####
###################################################################### ######################################################################
@ -113,7 +113,7 @@ DnMAILER-DAEMON
CPREDIRECT CPREDIRECT
# Configuration version number # Configuration version number
DZ8.10.1 DZ8.10.2
############### ###############

View File

@ -16,8 +16,8 @@
##### #####
##### SENDMAIL CONFIGURATION FILE ##### SENDMAIL CONFIGURATION FILE
##### #####
##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:14 PDT 2000 ##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:00:59 PDT 2000
##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf ##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
##### using ../ as configuration include directory ##### using ../ as configuration include directory
##### #####
###################################################################### ######################################################################
@ -114,7 +114,7 @@ DnMAILER-DAEMON
CPREDIRECT CPREDIRECT
# Configuration version number # Configuration version number
DZ8.10.1 DZ8.10.2
############### ###############

View File

@ -16,8 +16,8 @@
##### #####
##### SENDMAIL CONFIGURATION FILE ##### SENDMAIL CONFIGURATION FILE
##### #####
##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:14 PDT 2000 ##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:01:00 PDT 2000
##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf ##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
##### using ../ as configuration include directory ##### using ../ as configuration include directory
##### #####
###################################################################### ######################################################################
@ -114,7 +114,7 @@ DnMAILER-DAEMON
CPREDIRECT CPREDIRECT
# Configuration version number # Configuration version number
DZ8.10.1 DZ8.10.2
############### ###############

View File

@ -11,8 +11,8 @@ divert(-1)
# the sendmail distribution. # the sendmail distribution.
# #
# #
VERSIONID(`Id: version.m4,v 8.39 2000/04/06 20:30:53 gshapiro Exp') VERSIONID(`Id: version.m4,v 8.39.6.2 2000/06/07 07:39:55 gshapiro Exp')
# #
divert(0) divert(0)
# Configuration version number # Configuration version number
DZ8.10.1`'ifdef(`confCF_VERSION', `/confCF_VERSION') DZ8.10.2`'ifdef(`confCF_VERSION', `/confCF_VERSION')

View File

@ -17,7 +17,7 @@ divert(-1)
divert(0) divert(0)
VERSIONID(`Id: solaris2.pre5.m4,v 1.1 1999/09/25 01:17:44 ca Exp') VERSIONID(`Id: solaris2.pre5.m4,v 8.1 1999/09/25 08:17:44 ca Exp')
divert(-1) divert(-1)
_DEFIFNOT(`LOCAL_MAILER_FLAGS', `SnE9') _DEFIFNOT(`LOCAL_MAILER_FLAGS', `SnE9')

View File

@ -1,4 +1,4 @@
# Id: OSF1.V5.0,v 1.1 2000/03/23 00:14:01 gshapiro Exp # Id: OSF1.V5.0,v 8.1 2000/03/23 00:14:01 gshapiro Exp
define(`confCC', `cc -std1 -Olimit 1000') define(`confCC', `cc -std1 -Olimit 1000')
define(`confMAPDEF', `-DNDBM -DNIS -DMAP_REGEX') define(`confMAPDEF', `-DNDBM -DNIS -DMAP_REGEX')
define(`confENVDEF', `-DHASSNPRINTF=1') define(`confENVDEF', `-DHASSNPRINTF=1')

View File

@ -1,4 +1,4 @@
# Id: Makefile,v 1.1 1999/11/04 00:03:40 ca Exp # Id: Makefile,v 8.1 1999/11/04 00:03:40 ca Exp
SHELL= /bin/sh SHELL= /bin/sh
BUILD= ./Build BUILD= ./Build

View File

@ -1,4 +1,4 @@
# Id: Makefile,v 1.2 1999/09/23 22:36:29 ca Exp # Id: Makefile,v 8.2 1999/09/23 22:36:29 ca Exp
SHELL= /bin/sh SHELL= /bin/sh
BUILD= ./Build BUILD= ./Build

View File

@ -1,4 +1,4 @@
# Id: Makefile,v 1.2 1999/09/23 22:36:32 ca Exp # Id: Makefile,v 8.2 1999/09/23 22:36:32 ca Exp
SHELL= /bin/sh SHELL= /bin/sh
BUILD= ./Build BUILD= ./Build

View File

@ -12,7 +12,7 @@
*/ */
#ifndef lint #ifndef lint
static char id[] = "@(#)Id: deliver.c,v 8.600 2000/04/06 00:50:14 gshapiro Exp"; static char id[] = "@(#)Id: deliver.c,v 8.600.4.3 2000/05/28 17:47:08 gshapiro Exp";
#endif /* ! lint */ #endif /* ! lint */
#include <sendmail.h> #include <sendmail.h>
@ -1860,8 +1860,11 @@ tryhost:
u = ctladdr->q_user; u = ctladdr->q_user;
if (initgroups(u, ctladdr->q_gid) == -1 && suidwarn) if (initgroups(u, ctladdr->q_gid) == -1 && suidwarn)
{
syserr("openmailer: initgroups(%s, %d) failed", syserr("openmailer: initgroups(%s, %d) failed",
u, ctladdr->q_gid); u, ctladdr->q_gid);
exit(EX_TEMPFAIL);
}
} }
else else
{ {
@ -1869,7 +1872,10 @@ tryhost:
gidset[0] = ctladdr->q_gid; gidset[0] = ctladdr->q_gid;
if (setgroups(1, gidset) == -1 && suidwarn) if (setgroups(1, gidset) == -1 && suidwarn)
{
syserr("openmailer: setgroups() failed"); syserr("openmailer: setgroups() failed");
exit(EX_TEMPFAIL);
}
} }
new_gid = ctladdr->q_gid; new_gid = ctladdr->q_gid;
} }
@ -1878,8 +1884,11 @@ tryhost:
if (!DontInitGroups) if (!DontInitGroups)
{ {
if (initgroups(DefUser, DefGid) == -1 && suidwarn) if (initgroups(DefUser, DefGid) == -1 && suidwarn)
{
syserr("openmailer: initgroups(%s, %d) failed", syserr("openmailer: initgroups(%s, %d) failed",
DefUser, DefGid); DefUser, DefGid);
exit(EX_TEMPFAIL);
}
} }
else else
{ {
@ -1887,16 +1896,34 @@ tryhost:
gidset[0] = DefGid; gidset[0] = DefGid;
if (setgroups(1, gidset) == -1 && suidwarn) if (setgroups(1, gidset) == -1 && suidwarn)
{
syserr("openmailer: setgroups() failed"); syserr("openmailer: setgroups() failed");
exit(EX_TEMPFAIL);
}
} }
if (m->m_gid == 0) if (m->m_gid == 0)
new_gid = DefGid; new_gid = DefGid;
else else
new_gid = m->m_gid; new_gid = m->m_gid;
} }
if (new_gid != NO_GID && setgid(new_gid) < 0 && suidwarn) if (new_gid != NO_GID)
syserr("openmailer: setgid(%ld) failed", {
(long) new_gid); if (RunAsUid != 0 &&
(RealGid != getgid() ||
RealGid != getegid()))
{
/* Only root can change the gid */
syserr("openmailer: insufficient privileges to change gid");
exit(EX_TEMPFAIL);
}
if (setgid(new_gid) < 0 && suidwarn)
{
syserr("openmailer: setgid(%ld) failed",
(long) new_gid);
exit(EX_TEMPFAIL);
}
}
/* change root to some "safe" directory */ /* change root to some "safe" directory */
if (m->m_rootdir != NULL) if (m->m_rootdir != NULL)
@ -1906,10 +1933,16 @@ tryhost:
dprintf("openmailer: chroot %s\n", dprintf("openmailer: chroot %s\n",
buf); buf);
if (chroot(buf) < 0) if (chroot(buf) < 0)
{
syserr("openmailer: Cannot chroot(%s)", syserr("openmailer: Cannot chroot(%s)",
buf); buf);
exit(EX_TEMPFAIL);
}
if (chdir("/") < 0) if (chdir("/") < 0)
{
syserr("openmailer: cannot chdir(/)"); syserr("openmailer: cannot chdir(/)");
exit(EX_TEMPFAIL);
}
} }
/* reset user id */ /* reset user id */
@ -1926,29 +1959,48 @@ tryhost:
new_ruid = DefUid; new_ruid = DefUid;
if (new_euid != NO_UID) if (new_euid != NO_UID)
{ {
if (RunAsUid != 0 && new_euid != RunAsUid)
{
/* Only root can change the uid */
syserr("openmailer: insufficient privileges to change uid");
exit(EX_TEMPFAIL);
}
vendor_set_uid(new_euid); vendor_set_uid(new_euid);
#if MAILER_SETUID_METHOD == USE_SETEUID #if MAILER_SETUID_METHOD == USE_SETEUID
if (seteuid(new_euid) < 0 && suidwarn) if (seteuid(new_euid) < 0 && suidwarn)
{
syserr("openmailer: seteuid(%ld) failed", syserr("openmailer: seteuid(%ld) failed",
(long) new_euid); (long) new_euid);
exit(EX_TEMPFAIL);
}
#endif /* MAILER_SETUID_METHOD == USE_SETEUID */ #endif /* MAILER_SETUID_METHOD == USE_SETEUID */
#if MAILER_SETUID_METHOD == USE_SETREUID #if MAILER_SETUID_METHOD == USE_SETREUID
if (setreuid(new_ruid, new_euid) < 0 && suidwarn) if (setreuid(new_ruid, new_euid) < 0 && suidwarn)
{
syserr("openmailer: setreuid(%ld, %ld) failed", syserr("openmailer: setreuid(%ld, %ld) failed",
(long) new_ruid, (long) new_euid); (long) new_ruid, (long) new_euid);
exit(EX_TEMPFAIL);
}
#endif /* MAILER_SETUID_METHOD == USE_SETREUID */ #endif /* MAILER_SETUID_METHOD == USE_SETREUID */
#if MAILER_SETUID_METHOD == USE_SETUID #if MAILER_SETUID_METHOD == USE_SETUID
if (new_euid != geteuid() && setuid(new_euid) < 0 && suidwarn) if (new_euid != geteuid() && setuid(new_euid) < 0 && suidwarn)
{
syserr("openmailer: setuid(%ld) failed", syserr("openmailer: setuid(%ld) failed",
(long) new_euid); (long) new_euid);
exit(EX_TEMPFAIL);
}
#endif /* MAILER_SETUID_METHOD == USE_SETUID */ #endif /* MAILER_SETUID_METHOD == USE_SETUID */
} }
else if (new_ruid != NO_UID) else if (new_ruid != NO_UID)
{ {
vendor_set_uid(new_ruid); vendor_set_uid(new_ruid);
if (setuid(new_ruid) < 0 && suidwarn) if (setuid(new_ruid) < 0 && suidwarn)
{
syserr("openmailer: setuid(%ld) failed", syserr("openmailer: setuid(%ld) failed",
(long) new_ruid); (long) new_ruid);
exit(EX_TEMPFAIL);
}
} }
if (tTd(11, 2)) if (tTd(11, 2))
@ -3884,6 +3936,12 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
{ {
RealUserName = NULL; RealUserName = NULL;
RealUid = mailer->m_uid; RealUid = mailer->m_uid;
if (RunAsUid != 0 && RealUid != RunAsUid)
{
/* Only root can change the uid */
syserr("mailfile: insufficient privileges to change uid");
exit(EX_TEMPFAIL);
}
} }
else if (bitset(S_ISUID, mode)) else if (bitset(S_ISUID, mode))
{ {
@ -3911,7 +3969,17 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
/* select a new group to run as */ /* select a new group to run as */
if (bitnset(M_SPECIFIC_UID, mailer->m_flags)) if (bitnset(M_SPECIFIC_UID, mailer->m_flags))
{
RealGid = mailer->m_gid; RealGid = mailer->m_gid;
if (RunAsUid != 0 &&
(RealGid != getgid() ||
RealGid != getegid()))
{
/* Only root can change the gid */
syserr("mailfile: insufficient privileges to change gid");
exit(EX_TEMPFAIL);
}
}
else if (bitset(S_ISGID, mode)) else if (bitset(S_ISGID, mode))
RealGid = stb.st_gid; RealGid = stb.st_gid;
else if (ctladdr != NULL && ctladdr->q_uid != 0) else if (ctladdr != NULL && ctladdr->q_uid != 0)
@ -3939,8 +4007,11 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
if (RealUserName != NULL && !DontInitGroups) if (RealUserName != NULL && !DontInitGroups)
{ {
if (initgroups(RealUserName, RealGid) == -1 && suidwarn) if (initgroups(RealUserName, RealGid) == -1 && suidwarn)
{
syserr("mailfile: initgroups(%s, %d) failed", syserr("mailfile: initgroups(%s, %d) failed",
RealUserName, RealGid); RealUserName, RealGid);
exit(EX_TEMPFAIL);
}
} }
else else
{ {
@ -3948,7 +4019,10 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
gidset[0] = RealGid; gidset[0] = RealGid;
if (setgroups(1, gidset) == -1 && suidwarn) if (setgroups(1, gidset) == -1 && suidwarn)
{
syserr("mailfile: setgroups() failed"); syserr("mailfile: setgroups() failed");
exit(EX_TEMPFAIL);
}
} }
/* /*
@ -3973,15 +4047,24 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
dprintf("mailfile: deliver to %s\n", realfile); dprintf("mailfile: deliver to %s\n", realfile);
if (chdir("/") < 0) if (chdir("/") < 0)
{
syserr("mailfile: cannot chdir(/)"); syserr("mailfile: cannot chdir(/)");
exit(EX_CANTCREAT);
}
/* now reset the group and user ids */ /* now reset the group and user ids */
endpwent(); endpwent();
if (setgid(RealGid) < 0 && suidwarn) if (setgid(RealGid) < 0 && suidwarn)
{
syserr("mailfile: setgid(%ld) failed", (long) RealGid); syserr("mailfile: setgid(%ld) failed", (long) RealGid);
exit(EX_TEMPFAIL);
}
vendor_set_uid(RealUid); vendor_set_uid(RealUid);
if (setuid(RealUid) < 0 && suidwarn) if (setuid(RealUid) < 0 && suidwarn)
{
syserr("mailfile: setuid(%ld) failed", (long) RealUid); syserr("mailfile: setuid(%ld) failed", (long) RealUid);
exit(EX_TEMPFAIL);
}
if (tTd(11, 2)) if (tTd(11, 2))
dprintf("mailfile: running as r/euid=%d/%d, r/egid=%d/%d\n", dprintf("mailfile: running as r/euid=%d/%d, r/egid=%d/%d\n",

View File

@ -21,7 +21,7 @@ static char copyright[] =
#endif /* ! lint */ #endif /* ! lint */
#ifndef lint #ifndef lint
static char id[] = "@(#)Id: main.c,v 8.485 2000/03/11 19:53:01 ca Exp"; static char id[] = "@(#)Id: main.c,v 8.485.6.2 2000/05/28 18:00:12 gshapiro Exp";
#endif /* ! lint */ #endif /* ! lint */
#define _DEFINE #define _DEFINE
@ -113,6 +113,7 @@ main(argc, argv, envp)
STAB *st; STAB *st;
register int i; register int i;
int j; int j;
int dp;
bool safecf = TRUE; bool safecf = TRUE;
BITMAP256 *p_flags = NULL; /* daemon flags */ BITMAP256 *p_flags = NULL; /* daemon flags */
bool warn_C_flag = FALSE; bool warn_C_flag = FALSE;
@ -229,7 +230,8 @@ main(argc, argv, envp)
#endif /* NGROUPS_MAX */ #endif /* NGROUPS_MAX */
/* drop group id privileges (RunAsUser not yet set) */ /* drop group id privileges (RunAsUser not yet set) */
(void) drop_privileges(FALSE); dp = drop_privileges(FALSE);
setstat(dp);
#ifdef SIGUSR1 #ifdef SIGUSR1
/* arrange to dump state on user-1 signal */ /* arrange to dump state on user-1 signal */
@ -687,7 +689,8 @@ main(argc, argv, envp)
if (RealUid != 0) if (RealUid != 0)
warn_C_flag = TRUE; warn_C_flag = TRUE;
ConfFile = optarg; ConfFile = optarg;
(void) drop_privileges(TRUE); dp = drop_privileges(TRUE);
setstat(dp);
safecf = FALSE; safecf = FALSE;
break; break;
@ -885,7 +888,8 @@ main(argc, argv, envp)
break; break;
case 'X': /* traffic log file */ case 'X': /* traffic log file */
(void) drop_privileges(TRUE); dp = drop_privileges(TRUE);
setstat(dp);
if (stat(optarg, &traf_st) == 0 && if (stat(optarg, &traf_st) == 0 &&
S_ISFIFO(traf_st.st_mode)) S_ISFIFO(traf_st.st_mode))
TrafficLogFile = fopen(optarg, "w"); TrafficLogFile = fopen(optarg, "w");
@ -1014,7 +1018,8 @@ main(argc, argv, envp)
if (OpMode != MD_DAEMON && OpMode != MD_FGDAEMON) if (OpMode != MD_DAEMON && OpMode != MD_FGDAEMON)
{ {
/* drop privileges -- daemon mode done after socket/bind */ /* drop privileges -- daemon mode done after socket/bind */
(void) drop_privileges(FALSE); dp = drop_privileges(FALSE);
setstat(dp);
} }
#if NAMED_BIND #if NAMED_BIND
@ -2555,7 +2560,8 @@ drop_privileges(to_real_uid)
if (tTd(47, 1)) if (tTd(47, 1))
dprintf("drop_privileges(%d): Real[UG]id=%d:%d, RunAs[UG]id=%d:%d\n", dprintf("drop_privileges(%d): Real[UG]id=%d:%d, RunAs[UG]id=%d:%d\n",
(int)to_real_uid, (int)RealUid, (int)RealGid, (int)RunAsUid, (int)RunAsGid); (int)to_real_uid, (int)RealUid,
(int)RealGid, (int)RunAsUid, (int)RunAsGid);
if (to_real_uid) if (to_real_uid)
{ {
@ -2570,19 +2576,48 @@ drop_privileges(to_real_uid)
/* reset group permissions; these can be set later */ /* reset group permissions; these can be set later */
emptygidset[0] = (to_real_uid || RunAsGid != 0) ? RunAsGid : getegid(); emptygidset[0] = (to_real_uid || RunAsGid != 0) ? RunAsGid : getegid();
if (setgroups(1, emptygidset) == -1 && geteuid() == 0) if (setgroups(1, emptygidset) == -1 && geteuid() == 0)
{
syserr("drop_privileges: setgroups(1, %d) failed",
(int)emptygidset[0]);
rval = EX_OSERR; rval = EX_OSERR;
}
/* reset primary group and user id */ /* reset primary group and user id */
if ((to_real_uid || RunAsGid != 0) && setgid(RunAsGid) < 0) if ((to_real_uid || RunAsGid != 0) && setgid(RunAsGid) < 0)
{
syserr("drop_privileges: setgid(%d) failed", (int)RunAsGid);
rval = EX_OSERR; rval = EX_OSERR;
if ((to_real_uid || RunAsUid != 0) && setuid(RunAsUid) < 0) }
rval = EX_OSERR; if (to_real_uid || RunAsUid != 0)
{
if (setuid(RunAsUid) < 0)
{
syserr("drop_privileges: setuid(%d) failed",
(int)RunAsUid);
rval = EX_OSERR;
}
else if (RunAsUid != 0 && setuid(0) == 0)
{
/*
** Believe it or not, the Linux capability model
** allows a non-root process to override setuid()
** on a process running as root and prevent that
** process from dropping privileges.
*/
syserr("drop_privileges: setuid(0) succeeded (when it should not)");
rval = EX_OSERR;
}
}
if (tTd(47, 5)) if (tTd(47, 5))
{ {
dprintf("drop_privileges: e/ruid = %d/%d e/rgid = %d/%d\n", dprintf("drop_privileges: e/ruid = %d/%d e/rgid = %d/%d\n",
(int)geteuid(), (int)getuid(), (int)getegid(), (int)getgid()); (int)geteuid(), (int)getuid(),
(int)getegid(), (int)getgid());
dprintf("drop_privileges: RunAsUser = %d:%d\n", dprintf("drop_privileges: RunAsUser = %d:%d\n",
(int)RunAsUid, (int)RunAsGid); (int)RunAsUid, (int)RunAsGid);
if (tTd(47, 10))
dprintf("drop_privileges: rval = %d\n", rval);
} }
return rval; return rval;
} }

View File

@ -12,7 +12,7 @@
*/ */
#ifndef lint #ifndef lint
static char id[] = "@(#)Id: readcf.c,v 8.382 2000/04/06 18:02:33 gshapiro Exp"; static char id[] = "@(#)Id: readcf.c,v 8.382.6.1 2000/05/27 19:56:01 gshapiro Exp";
#endif /* ! lint */ #endif /* ! lint */
#include <sendmail.h> #include <sendmail.h>
@ -1915,9 +1915,12 @@ setoption(opt, val, safe, sticky, e)
{ {
if (opt != 'M' || (val[0] != 'r' && val[0] != 's')) if (opt != 'M' || (val[0] != 'r' && val[0] != 's'))
{ {
int dp;
if (tTd(37, 1)) if (tTd(37, 1))
dprintf(" (unsafe)"); dprintf(" (unsafe)");
(void) drop_privileges(TRUE); dp = drop_privileges(TRUE);
setstat(dp);
} }
} }
if (tTd(37, 1)) if (tTd(37, 1))

View File

@ -12,7 +12,7 @@
*/ */
#ifndef lint #ifndef lint
static char id[] = "@(#)Id: recipient.c,v 8.231 2000/01/05 01:40:53 gshapiro Exp"; static char id[] = "@(#)Id: recipient.c,v 8.231.16.1 2000/05/27 19:56:01 gshapiro Exp";
#endif /* ! lint */ #endif /* ! lint */
#include <sendmail.h> #include <sendmail.h>
@ -1158,8 +1158,12 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
if (!DontInitGroups) if (!DontInitGroups)
{ {
if (initgroups(user, gid) == -1) if (initgroups(user, gid) == -1)
{
rval = EAGAIN;
syserr("include: initgroups(%s, %d) failed", syserr("include: initgroups(%s, %d) failed",
user, gid); user, gid);
goto resetuid;
}
} }
else else
{ {
@ -1167,22 +1171,38 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
gidset[0] = gid; gidset[0] = gid;
if (setgroups(1, gidset) == -1) if (setgroups(1, gidset) == -1)
{
rval = EAGAIN;
syserr("include: setgroups() failed"); syserr("include: setgroups() failed");
goto resetuid;
}
} }
if (gid != 0 && setgid(gid) < -1) if (gid != 0 && setgid(gid) < -1)
{
rval = EAGAIN;
syserr("setgid(%d) failure", gid); syserr("setgid(%d) failure", gid);
goto resetuid;
}
if (uid != 0) if (uid != 0)
{ {
# if MAILER_SETUID_METHOD == USE_SETEUID # if MAILER_SETUID_METHOD == USE_SETEUID
if (seteuid(uid) < 0) if (seteuid(uid) < 0)
{
rval = EAGAIN;
syserr("seteuid(%d) failure (real=%d, eff=%d)", syserr("seteuid(%d) failure (real=%d, eff=%d)",
uid, getuid(), geteuid()); uid, getuid(), geteuid());
goto resetuid;
}
# endif /* MAILER_SETUID_METHOD == USE_SETEUID */ # endif /* MAILER_SETUID_METHOD == USE_SETEUID */
# if MAILER_SETUID_METHOD == USE_SETREUID # if MAILER_SETUID_METHOD == USE_SETREUID
if (setreuid(0, uid) < 0) if (setreuid(0, uid) < 0)
{
rval = EAGAIN;
syserr("setreuid(0, %d) failure (real=%d, eff=%d)", syserr("setreuid(0, %d) failure (real=%d, eff=%d)",
uid, getuid(), geteuid()); uid, getuid(), geteuid());
goto resetuid;
}
# endif /* MAILER_SETUID_METHOD == USE_SETREUID */ # endif /* MAILER_SETUID_METHOD == USE_SETREUID */
} }
} }
@ -1309,18 +1329,20 @@ resetuid:
{ {
# if USESETEUID # if USESETEUID
if (seteuid(0) < 0) if (seteuid(0) < 0)
syserr("seteuid(0) failure (real=%d, eff=%d)", syserr("!seteuid(0) failure (real=%d, eff=%d)",
getuid(), geteuid()); getuid(), geteuid());
# else /* USESETEUID */ # else /* USESETEUID */
if (setreuid(-1, 0) < 0) if (setreuid(-1, 0) < 0)
syserr("setreuid(-1, 0) failure (real=%d, eff=%d)", syserr("!setreuid(-1, 0) failure (real=%d, eff=%d)",
getuid(), geteuid()); getuid(), geteuid());
if (setreuid(RealUid, 0) < 0) if (setreuid(RealUid, 0) < 0)
syserr("setreuid(%d, 0) failure (real=%d, eff=%d)", syserr("!setreuid(%d, 0) failure (real=%d, eff=%d)",
RealUid, getuid(), geteuid()); RealUid, getuid(), geteuid());
# endif /* USESETEUID */ # endif /* USESETEUID */
} }
(void) setgid(savedgid); if (setgid(savedgid) < 0)
syserr("!setgid(%d) failure (real=%d eff=%d)",
savedgid, getgid(), getegid());
} }
#endif /* HASSETREUID || USESETEUID */ #endif /* HASSETREUID || USESETEUID */

View File

@ -12,7 +12,7 @@
*/ */
#ifndef lint #ifndef lint
static char id[] = "@(#)Id: util.c,v 8.225 2000/03/28 21:55:22 ca Exp"; static char id[] = "@(#)Id: util.c,v 8.225.4.1 2000/05/27 19:56:01 gshapiro Exp";
#endif /* ! lint */ #endif /* ! lint */
#include <sendmail.h> #include <sendmail.h>
@ -1856,17 +1856,29 @@ prog_open(argv, pfd, e)
{ {
expand(ProgMailer->m_rootdir, buf, sizeof buf, e); expand(ProgMailer->m_rootdir, buf, sizeof buf, e);
if (chroot(buf) < 0) if (chroot(buf) < 0)
{
syserr("prog_open: cannot chroot(%s)", buf); syserr("prog_open: cannot chroot(%s)", buf);
exit(EX_TEMPFAIL);
}
if (chdir("/") < 0) if (chdir("/") < 0)
{
syserr("prog_open: cannot chdir(/)"); syserr("prog_open: cannot chdir(/)");
exit(EX_TEMPFAIL);
}
} }
/* run as default user */ /* run as default user */
endpwent(); endpwent();
if (setgid(DefGid) < 0 && geteuid() == 0) if (setgid(DefGid) < 0 && geteuid() == 0)
{
syserr("prog_open: setgid(%ld) failed", (long) DefGid); syserr("prog_open: setgid(%ld) failed", (long) DefGid);
exit(EX_TEMPFAIL);
}
if (setuid(DefUid) < 0 && geteuid() == 0) if (setuid(DefUid) < 0 && geteuid() == 0)
{
syserr("prog_open: setuid(%ld) failed", (long) DefUid); syserr("prog_open: setuid(%ld) failed", (long) DefUid);
exit(EX_TEMPFAIL);
}
/* run in some directory */ /* run in some directory */
if (ProgMailer != NULL) if (ProgMailer != NULL)

View File

@ -12,7 +12,7 @@
*/ */
#ifndef lint #ifndef lint
static char id[] = "@(#)Id: version.c,v 8.43 2000/04/06 20:30:54 gshapiro Exp"; static char id[] = "@(#)Id: version.c,v 8.43.6.2 2000/06/07 07:39:56 gshapiro Exp";
#endif /* ! lint */ #endif /* ! lint */
char Version[] = "8.10.1"; char Version[] = "8.10.2";