- (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.

Based on patch from Tim Rice <tim@multitalents.net>
author: Damien Miller <djm@mindrot.org> 2001-02-26 20:49:58 +1100
committer: Damien Miller <djm@mindrot.org> 2001-02-26 20:49:58 +1100
commit: bb7c97620278ae97f52bbd50948734b6b355bcc2 (patch)
tree: e1413fd72348ea50aaf57e9b9705f4e394b690f1 /entropy.c
parent: 63941f9631b8316d57d54e0ef7484c66bb1c1b7d (diff)
1 files changed, 22 insertions, 1 deletions
diff --git a/entropy.c b/entropy.c
index 5a85009c6..daff1e64a 100644
--- a/entropy.c
+++ b/entropy.c
@@ -39,7 +39,7 @@
 #include "pathnames.h"
 #include "log.h"
-RCSID("$Id: entropy.c,v 1.29 2001/02/18 11:34:32 stevesk Exp $");
+RCSID("$Id: entropy.c,v 1.30 2001/02/26 09:49:59 djm Exp $");
 #ifndef offsetof
 # define offsetof(type, member) ((size_t) &((type *)0)->member)
@@ -825,13 +825,34 @@ void init_rng(void)
        prng_seed_saved = 0;
        /* Give up privs while reading seed file */
+#ifdef SAVED_IDS_WORK_WITH_SETEUID
        if ((original_uid != original_euid) && (seteuid(original_uid) == -1))
                fatal("Couldn't give up privileges");
+#else /* SAVED_IDS_WORK_WITH_SETEUID */
+        /*
+         * Propagate the privileged uid to all of our uids.
+         * Set the effective uid to the given (unprivileged) uid. 
+         */
+        if (original_uid != original_euid && setuid(original_euid) == -1 || 
+            seteuid(original_uid) == -1)
+                fatal("Couldn't give up privileges");
+#endif /* SAVED_IDS_WORK_WITH_SETEUID */
        prng_read_seedfile();
+#ifdef SAVED_IDS_WORK_WITH_SETEUID
        if ((original_uid != original_euid) && (seteuid(original_euid) == -1))
                fatal("Couldn't restore privileges");
+#else /* SAVED_IDS_WORK_WITH_SETEUID */
+        /*
+         * We are unable to restore the real uid to its unprivileged value.
+         * Propagate the real uid (usually more privileged) to effective uid
+         * as well.
+         */
+        if (original_uid != original_euid && seteuid(original_euid) == -1 || 
+            setuid(original_uid) == -1)
+                fatal("Couldn't restore privileges");
+#endif /* SAVED_IDS_WORK_WITH_SETEUID */
        fatal_add_cleanup(prng_seed_cleanup, NULL);
        atexit(prng_write_seedfile);
author	Damien Miller <djm@mindrot.org>	2001-02-26 20:49:58 +1100
committer	Damien Miller <djm@mindrot.org>	2001-02-26 20:49:58 +1100
commit	bb7c97620278ae97f52bbd50948734b6b355bcc2 (patch)
tree	e1413fd72348ea50aaf57e9b9705f4e394b690f1 /entropy.c
parent	63941f9631b8316d57d54e0ef7484c66bb1c1b7d (diff)

diff --git a/entropy.c b/entropy.c index 5a85009c6..daff1e64a 100644 --- a/entropy.c +++ b/entropy.c
@@ -39,7 +39,7 @@
39	#include "pathnames.h"	39	#include "pathnames.h"
40	#include "log.h"	40	#include "log.h"
41		41
42	RCSID("$Id: entropy.c,v 1.29 2001/02/18 11:34:32 stevesk Exp $");	42	RCSID("$Id: entropy.c,v 1.30 2001/02/26 09:49:59 djm Exp $");
43		43
44	#ifndef offsetof	44	#ifndef offsetof
45	# define offsetof(type, member) ((size_t) &((type *)0)->member)	45	# define offsetof(type, member) ((size_t) &((type *)0)->member)
@@ -825,13 +825,34 @@ void init_rng(void)
825	prng_seed_saved = 0;	825	prng_seed_saved = 0;
826		826
827	/* Give up privs while reading seed file */	827	/* Give up privs while reading seed file */
		828	#ifdef SAVED_IDS_WORK_WITH_SETEUID
828	if ((original_uid != original_euid) && (seteuid(original_uid) == -1))	829	if ((original_uid != original_euid) && (seteuid(original_uid) == -1))
829	fatal("Couldn't give up privileges");	830	fatal("Couldn't give up privileges");
		831	#else /* SAVED_IDS_WORK_WITH_SETEUID */
		832	/*
		833	* Propagate the privileged uid to all of our uids.
		834	* Set the effective uid to the given (unprivileged) uid.
		835	*/
		836	if (original_uid != original_euid && setuid(original_euid) == -1 \|\|
		837	seteuid(original_uid) == -1)
		838	fatal("Couldn't give up privileges");
		839	#endif /* SAVED_IDS_WORK_WITH_SETEUID */
830		840
831	prng_read_seedfile();	841	prng_read_seedfile();
832		842
		843	#ifdef SAVED_IDS_WORK_WITH_SETEUID
833	if ((original_uid != original_euid) && (seteuid(original_euid) == -1))	844	if ((original_uid != original_euid) && (seteuid(original_euid) == -1))
834	fatal("Couldn't restore privileges");	845	fatal("Couldn't restore privileges");
		846	#else /* SAVED_IDS_WORK_WITH_SETEUID */
		847	/*
		848	* We are unable to restore the real uid to its unprivileged value.
		849	* Propagate the real uid (usually more privileged) to effective uid
		850	* as well.
		851	*/
		852	if (original_uid != original_euid && seteuid(original_euid) == -1 \|\|
		853	setuid(original_uid) == -1)
		854	fatal("Couldn't restore privileges");
		855	#endif /* SAVED_IDS_WORK_WITH_SETEUID */
835		856
836	fatal_add_cleanup(prng_seed_cleanup, NULL);	857	fatal_add_cleanup(prng_seed_cleanup, NULL);
837	atexit(prng_write_seedfile);	858	atexit(prng_write_seedfile);