leave the real user ID as the user's now

2024-11-23 18:33:24 +08:00 · 1999-03-06 11:28:11 +00:00 · 1999-03-06 11:28:11 +00:00 · a00baab063
commit a00baab063
parent 3c8882ac68
4 changed files with 25 additions and 12 deletions
--- a/pppd/auth.c
+++ b/pppd/auth.c
@ -33,7 +33,7 @@
 */

 #ifndef lint
-static char rcsid[] = "$Id: auth.c,v 1.42 1999/03/02 05:33:09 paulus Exp $";
+static char rcsid[] = "$Id: auth.c,v 1.43 1999/03/06 11:28:10 paulus Exp $";
 #endif

 #include <stdio.h>
@ -211,14 +211,19 @@ setupapfile(argv)
    lcp_allowoptions[0].neg_upap = 1;

    /* open user info file */
-    if ((ufile = fopen(*argv, "r")) == NULL) {
+    seteuid(getuid());
+    ufile = fopen(*argv, "r");
+    seteuid(0);
+    if (ufile == NULL) {
 	option_error("unable to open user login data file %s", *argv);
 	return 0;
    }
+#if 0	/* check done by setting effective UID above */
    if (!readable(fileno(ufile))) {
 	option_error("%s: access denied", *argv);
 	return 0;
    }
+#endif
    check_access(ufile, *argv);

    /* get username */
--- a/pppd/main.c
+++ b/pppd/main.c
@ -18,7 +18,7 @@
 */

 #ifndef lint
-static char rcsid[] = "$Id: main.c,v 1.55 1999/03/02 05:59:21 paulus Exp $";
+static char rcsid[] = "$Id: main.c,v 1.56 1999/03/06 11:28:10 paulus Exp $";
 #endif

 #include <stdio.h>
@ -77,6 +77,7 @@ char hostname[MAXNAMELEN];	/* Our hostname */
 static char pidfilename[MAXPATHLEN];	/* name of pid file */
 static char default_devnam[MAXPATHLEN];	/* name of default device */
 static pid_t pid;		/* Our pid */
+static uid_t uid;		/* Our real user-id */
 static int conn_running;	/* we have a [dis]connector running */

 int ttyfd = -1;			/* Serial port file descriptor */
@ -84,7 +85,6 @@ mode_t tty_mode = -1;		/* Original access permissions to tty */
 int baud_rate;			/* Actual bits/second for serial device */
 int hungup;			/* terminal has been hung up */
 int privileged;			/* we're running as real uid root */
-int uid;			/* real user ID of the user */
 int need_holdoff;		/* need holdoff period before restarting */
 int detached;			/* have detached from terminal */

@ -231,7 +231,6 @@ main(argc, argv)
 		     argv[0]);
 	exit(1);
    }
-    setuid(0);			/* make real uid = root */

    if (!ppp_available()) {
 	option_error(no_ppp_msg);
@ -1241,9 +1240,10 @@ run_program(prog, args, must_exist, done, arg)
 	int new_fd;

 	/* Leave the current location */
-	(void) setsid();    /* No controlling tty. */
+	(void) setsid();	/* No controlling tty. */
 	(void) umask (S_IRWXG|S_IRWXO);
-	(void) chdir ("/"); /* no current directory. */
+	(void) chdir ("/");	/* no current directory. */
+	setuid(0);		/* set real UID = root */
 	setgid(getegid());

 	/* Ensure that nothing of our device environment is inherited. */
--- a/pppd/options.c
+++ b/pppd/options.c
@ -18,7 +18,7 @@
 */

 #ifndef lint
-static char rcsid[] = "$Id: options.c,v 1.47 1999/03/02 05:59:21 paulus Exp $";
+static char rcsid[] = "$Id: options.c,v 1.48 1999/03/06 11:28:10 paulus Exp $";
 #endif

 #include <ctype.h>
@ -342,17 +342,24 @@ options_from_file(filename, must_exist, check_prot, priv)
    char args[MAXARGS][MAXWORDLEN];
    char cmd[MAXWORDLEN];

-    if ((f = fopen(filename, "r")) == NULL) {
+    if (check_prot)
+	seteuid(getuid());
+    f = fopen(filename, "r");
+    if (check_prot)
+	seteuid(0);
+    if (f == NULL) {
 	if (!must_exist && errno == ENOENT)
 	    return 1;
 	option_error("Can't open options file %s: %m", filename);
 	return 0;
    }
+#if 0	/* check done by setting effective UID above */
    if (check_prot && !readable(fileno(f))) {
 	option_error("Can't open options file %s: access denied", filename);
 	fclose(f);
 	return 0;
    }
+#endif

    oldpriv = privileged_option;
    privileged_option = priv;
@ -416,7 +423,7 @@ options_from_user()
    int ret;
    struct passwd *pw;

-    pw = getpwuid(uid);
+    pw = getpwuid(getuid());
    if (pw == NULL || (user = pw->pw_dir) == NULL || user[0] == 0)
 	return 1;
    file = _PATH_USEROPT;
@ -688,10 +695,12 @@ int
 readable(fd)
    int fd;
 {
+    uid_t uid;
    int ngroups, i;
    struct stat sbuf;
    GIDSET_TYPE groups[NGROUPS_MAX];

+    uid = getuid();
    if (uid == 0)
 	return 1;
    if (fstat(fd, &sbuf) != 0)
--- a/pppd/pppd.h
+++ b/pppd/pppd.h
@ -16,7 +16,7 @@
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 *
- * $Id: pppd.h,v 1.26 1999/03/02 05:59:22 paulus Exp $
+ * $Id: pppd.h,v 1.27 1999/03/06 11:28:11 paulus Exp $
 */

 /*
@ -116,7 +116,6 @@ extern int	privileged;	/* We were run by real-uid root */
 extern int	need_holdoff;	/* Need holdoff period after link terminates */
 extern char	**script_env;	/* Environment variables for scripts */
 extern int	detached;	/* Have detached from controlling tty */
-extern int	uid;		/* Real user ID of the user running pppd */

 /*
 * Variables set by command-line options.