|
 |
23cc51 |
diff -up tcp_wrappers_7.6/options.c.initgroups tcp_wrappers_7.6/options.c
|
|
|
23cc51 |
--- tcp_wrappers_7.6/options.c.initgroups 2011-08-11 23:10:43.610418714 +0200
|
|
|
23cc51 |
+++ tcp_wrappers_7.6/options.c 2011-08-12 05:51:17.748481294 +0200
|
|
|
23cc51 |
@@ -256,8 +256,12 @@ struct request_info *request;
|
|
|
23cc51 |
tcpd_jump("unknown group: \"%s\"", value);
|
|
|
23cc51 |
endgrent();
|
|
|
23cc51 |
|
|
|
23cc51 |
- if (dry_run == 0 && setgid(grp->gr_gid))
|
|
|
23cc51 |
- tcpd_jump("setgid(%s): %m", value);
|
|
|
23cc51 |
+ if (dry_run != 0) {
|
|
|
23cc51 |
+ if (setgid(grp->gr_gid))
|
|
|
23cc51 |
+ tcpd_jump("setgid(%s): %m", value);
|
|
|
23cc51 |
+ if (setgroups(0, NULL))
|
|
|
23cc51 |
+ tcpd_jump("setgroups(%s): %m", value);
|
|
|
23cc51 |
+ }
|
|
|
23cc51 |
}
|
|
|
23cc51 |
|
|
|
23cc51 |
/* user_option - switch user id */
|
|
|
23cc51 |
@@ -271,15 +275,26 @@ struct request_info *request;
|
|
|
23cc51 |
struct passwd *pwd;
|
|
|
23cc51 |
struct passwd *getpwnam();
|
|
|
23cc51 |
char *group;
|
|
|
23cc51 |
+ int defaultgroup = 0;
|
|
|
23cc51 |
|
|
|
23cc51 |
if ((group = split_at(value, '.')) != 0)
|
|
|
23cc51 |
group_option(group, request);
|
|
|
23cc51 |
+ else
|
|
|
23cc51 |
+ defaultgroup = 1;
|
|
|
23cc51 |
if ((pwd = getpwnam(value)) == 0)
|
|
|
23cc51 |
tcpd_jump("unknown user: \"%s\"", value);
|
|
|
23cc51 |
endpwent();
|
|
|
23cc51 |
|
|
|
23cc51 |
- if (dry_run == 0 && setuid(pwd->pw_uid))
|
|
|
23cc51 |
- tcpd_jump("setuid(%s): %m", value);
|
|
|
23cc51 |
+ if (dry_run != 0) {
|
|
|
23cc51 |
+ if (setuid(pwd->pw_uid))
|
|
|
23cc51 |
+ tcpd_jump("setuid(%s): %m", value);
|
|
|
23cc51 |
+ if (defaultgroup) {
|
|
|
23cc51 |
+ if (setgid(pwd->pw_gid))
|
|
|
23cc51 |
+ tcpd_jump("setgid(%s): %m", value);
|
|
|
23cc51 |
+ if (initgroups(value, pwd->pw_gid))
|
|
|
23cc51 |
+ tcpd_jump("initgroups(%s): %m", value);
|
|
|
23cc51 |
+ }
|
|
|
23cc51 |
+ }
|
|
|
23cc51 |
}
|
|
|
23cc51 |
|
|
|
23cc51 |
/* umask_option - set file creation mask */
|
|
|
23cc51 |
diff -up tcp_wrappers_7.6/safe_finger.c.initgroups tcp_wrappers_7.6/safe_finger.c
|
|
|
23cc51 |
--- tcp_wrappers_7.6/safe_finger.c.initgroups 2011-08-12 05:54:06.068606291 +0200
|
|
|
23cc51 |
+++ tcp_wrappers_7.6/safe_finger.c 2011-08-12 05:55:34.835483785 +0200
|
|
|
23cc51 |
@@ -66,9 +66,11 @@ char **argv;
|
|
|
23cc51 |
if (getuid() == 0 || geteuid() == 0) {
|
|
|
23cc51 |
if ((pwd = getpwnam(UNPRIV_NAME)) && pwd->pw_uid > 0) {
|
|
|
23cc51 |
setgid(pwd->pw_gid);
|
|
|
23cc51 |
+ initgroups(UNPRIV_NAME, pwd->pw_gid);
|
|
|
23cc51 |
setuid(pwd->pw_uid);
|
|
|
23cc51 |
} else {
|
|
|
23cc51 |
setgid(UNPRIV_UGID);
|
|
|
23cc51 |
+ setgroups(0, NULL);
|
|
|
23cc51 |
setuid(UNPRIV_UGID);
|
|
|
23cc51 |
}
|
|
|
23cc51 |
}
|