upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

comsat: Use initgroups and setgid not just setuid

Browse source 
PR:		270404
Reviewed by:	jlduran
Obtained from:	NetBSD
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47828
This commit is contained in:
Ed Maste 2024-11-28 11:54:48 -05:00
parent 4294f1cac1
commit d4dd9e22c1
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
libexec/comsat/comsat.c
View file

@ -212,10 +212,11 @@ jkfprintf(FILE *tp, char user[], char file[], off_t offset)
struct passwd *p;
unsigned char line[BUFSIZ];
/* Set effective uid to user in case mail drop is on nfs */
if ((p = getpwnam(user)) == NULL)
return;
if (setuid(p->pw_uid) != 0)
/* Set uid/gid/groups to user's in case mail drop is on nfs */
if ((p = getpwnam(user)) == NULL ||
initgroups(p->pw_name, p->pw_gid) == -1 ||
setgid(p->pw_gid) == -1 ||
setuid(p->pw_uid) == -1)
return;
if ((fi = fopen(file, "r")) == NULL)