From: jca+dash@wxcvbn.org (Jérémie Courrèges-Anglas)
To: Tavis Ormandy <taviso@google.com>
Cc: Jilles Tjoelker <jilles@stack.nl>,
Harald van Dijk <harald@gigawatt.nl>,
dash@vger.kernel.org, oss-security@lists.openwall.com
Subject: Re: [PATCH] implement privmode support in dash
Date: Fri, 23 Aug 2013 13:40:31 +0200 [thread overview]
Message-ID: <87txig63f4.fsf@shannon.wxcvbn.org> (raw)
In-Reply-To: <CAJ_zFkJEb02d8Xs=RcWnRT7JbgDUYiAwMUUc3WFAfXr1ZN-0DQ@mail.gmail.com> (Tavis Ormandy's message of "Thu, 22 Aug 2013 13:42:32 -0700")
Also,
Tavis Ormandy <taviso@google.com> writes:
[...]
>> Apart from that, it is better to check the return value from setuid()
>> and similar functions. In particular, some versions of Linux may fail
>> setuid() for [EAGAIN], leaving the process running with the same
>> privileges.
>
> I don't think this is true anymore, but I have no strong objection to
> adding it, so long as it's noted that bash and pdksh do not do this.
Just for reference, from mksh:
[...]
#ifdef SETUID_CAN_FAIL_WITH_EAGAIN
/* we don't need to check for other codes, EPERM won't happen */
#define DO_SETUID(func, argvec) do { \
if ((func argvec) && errno == EAGAIN) \
errorf("%s failed with EAGAIN, probably due to a" \
" too low process limit; aborting", #func); \
} while (/* CONSTCOND */ 0)
#else
#define DO_SETUID(func, argvec) func argvec
#endif
[...]
if (f == FPRIVILEGED && oldval && !newval) {
/* Turning off -p? */
/*XXX this can probably be optimised */
kshegid = kshgid = getgid();
#if HAVE_SETRESUGID
DO_SETUID(setresgid, (kshegid, kshegid, kshegid));
#if HAVE_SETGROUPS
/* setgroups doesn't EAGAIN on Linux */
setgroups(1, &kshegid);
#endif
DO_SETUID(setresuid, (ksheuid, ksheuid, ksheuid));
#else
/* seteuid, setegid, setgid don't EAGAIN on Linux */
ksheuid = kshuid = getuid();
#ifndef MKSH__NO_SETEUGID
seteuid(ksheuid);
#endif
DO_SETUID(setuid, (ksheuid));
#ifndef MKSH__NO_SETEUGID
setegid(kshegid);
#endif
setgid(kshegid);
#endif
} [...]
> Tavis.
--
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
next prev parent reply other threads:[~2013-08-23 11:40 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-22 17:59 [PATCH] implement privmode support in dash Tavis Ormandy
2013-08-22 19:59 ` Harald van Dijk
2013-08-22 20:05 ` Tavis Ormandy
2013-08-22 20:35 ` Jilles Tjoelker
2013-08-22 20:42 ` Tavis Ormandy
[not found] ` <CAJ_zFkJEb02d8Xs=RcWnRT7JbgDUYiAwMUUc3WFAfXr1ZN-0DQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-08-23 11:13 ` Jérémie Courrèges-Anglas
2013-08-23 11:40 ` Jérémie Courrèges-Anglas [this message]
2013-08-23 14:23 ` Roy
2013-08-23 3:31 ` [oss-security] " Kurt Seifried
2013-08-23 8:36 ` Tavis Ormandy
2013-08-23 9:36 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87txig63f4.fsf@shannon.wxcvbn.org \
--to=jca+dash@wxcvbn.org \
--cc=dash@vger.kernel.org \
--cc=harald@gigawatt.nl \
--cc=jilles@stack.nl \
--cc=oss-security@lists.openwall.com \
--cc=taviso@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.