Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mixing setreuid and seteuid can really screw you, in terms of security

This commit is contained in:
cgd 1994-01-23 06:31:35 +00:00
parent abf6a6bfdd
commit d0ffbae00c
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
usr.bin/rdist/docmd.c
View File

@ -33,7 +33,7 @@
#ifndef lint
/*static char sccsid[] = "from: @(#)docmd.c 5.8 (Berkeley) 3/1/91";*/
static char rcsid[] = "$Id: docmd.c,v 1.4 1993/12/04 02:11:29 jtc Exp $";
static char rcsid[] = "$Id: docmd.c,v 1.5 1994/01/23 06:31:35 cgd Exp $";
#endif /* not lint */
#include "defs.h"
@ -236,9 +236,9 @@ makeconn(rhost)
}
fflush(stdout);
setreuid(userid, 0);
seteuid(0);
rem = rcmd(&rhost, port, user, ruser, buf, 0);
setreuid(0, userid);
seteuid(userid);
if (rem < 0)
return(0);
cp = buf;

4
usr.bin/rdist/main.c
View File

@ -39,7 +39,7 @@ char copyright[] =
#ifndef lint
/*static char sccsid[] = "from: @(#)main.c 5.6 (Berkeley) 8/27/90";*/
static char rcsid[] = "$Id: main.c,v 1.2 1993/08/01 18:09:42 mycroft Exp $";
static char rcsid[] = "$Id: main.c,v 1.3 1994/01/23 06:31:38 cgd Exp $";
#endif /* not lint */
#include "defs.h"
@ -186,7 +186,7 @@ main(argc, argv)
}
*hp = NULL;
setreuid(0, userid);
seteuid(userid);
mktemp(tempfile);
if (iamremote) {