Re: [PATCH] implement privmode support in dash

[jca+dash () wxcvbn org (Jérémie Courrèges-Anglas)]

Also,

Tavis Ormandy <taviso () google com> writes:

[...]

> > Apart from that, it is better to check the return value from setuid()
> > and similar functions. In particular, some versions of Linux may fail
> > setuid() for [EAGAIN], leaving the process running with the same
> > privileges.
>
> I don't think this is true anymore, but I have no strong objection to
> adding it, so long as it's noted that bash and pdksh do not do this.

Just for reference, from mksh:

[...]

#ifdef SETUID_CAN_FAIL_WITH_EAGAIN
/* we don't need to check for other codes, EPERM won't happen */
#define DO_SETUID(func, argvec) do {                                    \
        if ((func argvec) && errno == EAGAIN)                           \
                errorf("%s failed with EAGAIN, probably due to a"       \
                    " too low process limit; aborting", #func);         \
} while (/* CONSTCOND */ 0)
#else
#define DO_SETUID(func, argvec) func argvec
#endif

[...]

          if (f == FPRIVILEGED && oldval && !newval) {
                /* Turning off -p? */

                /*XXX this can probably be optimised */
                kshegid = kshgid = getgid();
#if HAVE_SETRESUGID
                DO_SETUID(setresgid, (kshegid, kshegid, kshegid));
#if HAVE_SETGROUPS
                /* setgroups doesn't EAGAIN on Linux */
                setgroups(1, &kshegid);
#endif
                DO_SETUID(setresuid, (ksheuid, ksheuid, ksheuid));
#else
                /* seteuid, setegid, setgid don't EAGAIN on Linux */
                ksheuid = kshuid = getuid();
#ifndef MKSH__NO_SETEUGID
                seteuid(ksheuid);
#endif
                DO_SETUID(setuid, (ksheuid));
#ifndef MKSH__NO_SETEUGID
                setegid(kshegid);
#endif
                setgid(kshegid);
#endif
        } [...]


> Tavis.

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494