diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-06-15 07:01:11 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-06-15 17:07:49 +1000 |
| commit | 26f96ca10ad0ec5da9b05b99de1e1ccea15a11be (patch) | |
| tree | 16a5922385ed8acd3a46130b21430ab313e0fde8 /uidswap.c | |
| parent | 89a85d724765b6b82e0135ee5a1181fdcccea9c6 (diff) | |
upstream: invalidate supplemental group cache used by
temporarily_use_uid() when the target uid differs; could cause failure to
read authorized_keys under some configurations. patch by Jakub Jelen via
bz2873; ok dtucker, markus
OpenBSD-Commit-ID: 48a345f0ee90f6c465a078eb5e89566b23abd8a1
Diffstat (limited to 'uidswap.c')
| -rw-r--r-- | uidswap.c | 8 |
1 files changed, 6 insertions, 2 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: uidswap.c,v 1.39 2015/06/24 01:49:19 dtucker Exp $ */ | 1 | /* $OpenBSD: uidswap.c,v 1.40 2018/06/15 07:01:11 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -49,6 +49,7 @@ static gid_t saved_egid = 0; | |||
| 49 | /* Saved effective uid. */ | 49 | /* Saved effective uid. */ |
| 50 | static int privileged = 0; | 50 | static int privileged = 0; |
| 51 | static int temporarily_use_uid_effective = 0; | 51 | static int temporarily_use_uid_effective = 0; |
| 52 | static uid_t user_groups_uid; | ||
| 52 | static gid_t *saved_egroups = NULL, *user_groups = NULL; | 53 | static gid_t *saved_egroups = NULL, *user_groups = NULL; |
| 53 | static int saved_egroupslen = -1, user_groupslen = -1; | 54 | static int saved_egroupslen = -1, user_groupslen = -1; |
| 54 | 55 | ||
| @@ -92,10 +93,11 @@ temporarily_use_uid(struct passwd *pw) | |||
| 92 | fatal("getgroups: %.100s", strerror(errno)); | 93 | fatal("getgroups: %.100s", strerror(errno)); |
| 93 | } else { /* saved_egroupslen == 0 */ | 94 | } else { /* saved_egroupslen == 0 */ |
| 94 | free(saved_egroups); | 95 | free(saved_egroups); |
| 96 | saved_egroups = NULL; | ||
| 95 | } | 97 | } |
| 96 | 98 | ||
| 97 | /* set and save the user's groups */ | 99 | /* set and save the user's groups */ |
| 98 | if (user_groupslen == -1) { | 100 | if (user_groupslen == -1 || user_groups_uid != pw->pw_uid) { |
| 99 | if (initgroups(pw->pw_name, pw->pw_gid) < 0) | 101 | if (initgroups(pw->pw_name, pw->pw_gid) < 0) |
| 100 | fatal("initgroups: %s: %.100s", pw->pw_name, | 102 | fatal("initgroups: %s: %.100s", pw->pw_name, |
| 101 | strerror(errno)); | 103 | strerror(errno)); |
| @@ -110,7 +112,9 @@ temporarily_use_uid(struct passwd *pw) | |||
| 110 | fatal("getgroups: %.100s", strerror(errno)); | 112 | fatal("getgroups: %.100s", strerror(errno)); |
| 111 | } else { /* user_groupslen == 0 */ | 113 | } else { /* user_groupslen == 0 */ |
| 112 | free(user_groups); | 114 | free(user_groups); |
| 115 | user_groups = NULL; | ||
| 113 | } | 116 | } |
| 117 | user_groups_uid = pw->pw_uid; | ||
| 114 | } | 118 | } |
| 115 | /* Set the effective uid to the given (unprivileged) uid. */ | 119 | /* Set the effective uid to the given (unprivileged) uid. */ |
| 116 | if (setgroups(user_groupslen, user_groups) < 0) | 120 | if (setgroups(user_groupslen, user_groups) < 0) |