diff options
-rw-r--r-- | loginutils/passwd.c | 5 | ||||
-rw-r--r-- | networking/arping.c | 3 | ||||
-rw-r--r-- | networking/ether-wake.c | 2 | ||||
-rw-r--r-- | networking/fakeidentd.c | 4 | ||||
-rw-r--r-- | networking/inetd.c | 6 | ||||
-rw-r--r-- | networking/traceroute.c | 8 |
6 files changed, 12 insertions, 16 deletions
diff --git a/loginutils/passwd.c b/loginutils/passwd.c index 5b828dfee..7745444c0 100644 --- a/loginutils/passwd.c +++ b/loginutils/passwd.c @@ -227,10 +227,7 @@ int passwd_main(int argc, char **argv) signal(SIGINT, SIG_IGN); signal(SIGQUIT, SIG_IGN); umask(077); - if (setuid(0)) { - syslog(LOG_ERR, "can't setuid(0)"); - bb_error_msg_and_die( "Cannot change ID to root.\n"); - } + xsetuid(0); if (!update_passwd(pw, crypt_passwd)) { syslog(LOG_INFO, "password for `%s' changed by user `%s'", name, myname); diff --git a/networking/arping.c b/networking/arping.c index 6cb607612..5665ddb2b 100644 --- a/networking/arping.c +++ b/networking/arping.c @@ -262,7 +262,8 @@ int arping_main(int argc, char **argv) s = socket(PF_PACKET, SOCK_DGRAM, 0); ifindex = errno; - setuid(getuid()); + // Drop suid root privileges + xsetuid(getuid()); { unsigned long opt; diff --git a/networking/ether-wake.c b/networking/ether-wake.c index b4fb0c2d1..1803d2265 100644 --- a/networking/ether-wake.c +++ b/networking/ether-wake.c @@ -145,7 +145,7 @@ int etherwake_main(int argc, char *argv[]) s = make_socket(); /* now that we have a raw socket we can drop root */ - setuid(getuid()); + xsetuid(getuid()); /* look up the dest mac address */ get_dest_addr(argv[optind], &eaddr); diff --git a/networking/fakeidentd.c b/networking/fakeidentd.c index b5b70f516..9cdbc5725 100644 --- a/networking/fakeidentd.c +++ b/networking/fakeidentd.c @@ -159,8 +159,8 @@ static int godaemon(void) close(0); inetbind(); - if (setgid(nogrp)) bb_error_msg_and_die("Could not setgid()"); - if (setuid(nobody)) bb_error_msg_and_die("Could not setuid()"); + xsetgid(nogrp); + xsetuid(nobody); close(1); close(2); diff --git a/networking/inetd.c b/networking/inetd.c index d50bbd39a..54294b635 100644 --- a/networking/inetd.c +++ b/networking/inetd.c @@ -1513,11 +1513,11 @@ inetd_main (int argc, char *argv[]) if (sep->se_group) { pwd->pw_gid = grp->gr_gid; } - setgid ((gid_t) pwd->pw_gid); + xsetgid ((gid_t) pwd->pw_gid); initgroups (pwd->pw_name, pwd->pw_gid); - setuid ((uid_t) pwd->pw_uid); + xsetuid((uid_t) pwd->pw_uid); } else if (sep->se_group) { - setgid (grp->gr_gid); + xsetgid(grp->gr_gid); setgroups (1, &grp->gr_gid); } dup2 (ctrl, 0); diff --git a/networking/traceroute.c b/networking/traceroute.c index 79f3957a6..c2084fc1e 100644 --- a/networking/traceroute.c +++ b/networking/traceroute.c @@ -941,7 +941,6 @@ traceroute_main(int argc, char *argv[]) #endif u_short off = 0; struct IFADDRLIST *al; - int uid = getuid(); char *device = NULL; int max_ttl = 30; char *max_ttl_str = NULL; @@ -1010,8 +1009,7 @@ traceroute_main(int argc, char *argv[]) * set the ip source address of the outbound * probe (e.g., on a multi-homed host). */ - if (uid) - bb_error_msg_and_die("-s %s: Permission denied", source); + if (getuid()) bb_error_msg_and_die("-s %s: Permission denied", source); } if(waittime_str) waittime = str2val(waittime_str, "wait time", 2, 24 * 60 * 60); @@ -1160,8 +1158,8 @@ traceroute_main(int argc, char *argv[]) sizeof(on)); /* Revert to non-privileged user after opening sockets */ - setgid(getgid()); - setuid(uid); + xsetgid(getgid()); + xsetuid(getuid()); outip = (struct ip *)xcalloc(1, (unsigned)packlen); |