aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--loginutils/passwd.c5
-rw-r--r--networking/arping.c3
-rw-r--r--networking/ether-wake.c2
-rw-r--r--networking/fakeidentd.c4
-rw-r--r--networking/inetd.c6
-rw-r--r--networking/traceroute.c8
6 files changed, 12 insertions, 16 deletions
diff --git a/loginutils/passwd.c b/loginutils/passwd.c
index 5b828dfee..7745444c0 100644
--- a/loginutils/passwd.c
+++ b/loginutils/passwd.c
@@ -227,10 +227,7 @@ int passwd_main(int argc, char **argv)
signal(SIGINT, SIG_IGN);
signal(SIGQUIT, SIG_IGN);
umask(077);
- if (setuid(0)) {
- syslog(LOG_ERR, "can't setuid(0)");
- bb_error_msg_and_die( "Cannot change ID to root.\n");
- }
+ xsetuid(0);
if (!update_passwd(pw, crypt_passwd)) {
syslog(LOG_INFO, "password for `%s' changed by user `%s'", name,
myname);
diff --git a/networking/arping.c b/networking/arping.c
index 6cb607612..5665ddb2b 100644
--- a/networking/arping.c
+++ b/networking/arping.c
@@ -262,7 +262,8 @@ int arping_main(int argc, char **argv)
s = socket(PF_PACKET, SOCK_DGRAM, 0);
ifindex = errno;
- setuid(getuid());
+ // Drop suid root privileges
+ xsetuid(getuid());
{
unsigned long opt;
diff --git a/networking/ether-wake.c b/networking/ether-wake.c
index b4fb0c2d1..1803d2265 100644
--- a/networking/ether-wake.c
+++ b/networking/ether-wake.c
@@ -145,7 +145,7 @@ int etherwake_main(int argc, char *argv[])
s = make_socket();
/* now that we have a raw socket we can drop root */
- setuid(getuid());
+ xsetuid(getuid());
/* look up the dest mac address */
get_dest_addr(argv[optind], &eaddr);
diff --git a/networking/fakeidentd.c b/networking/fakeidentd.c
index b5b70f516..9cdbc5725 100644
--- a/networking/fakeidentd.c
+++ b/networking/fakeidentd.c
@@ -159,8 +159,8 @@ static int godaemon(void)
close(0);
inetbind();
- if (setgid(nogrp)) bb_error_msg_and_die("Could not setgid()");
- if (setuid(nobody)) bb_error_msg_and_die("Could not setuid()");
+ xsetgid(nogrp);
+ xsetuid(nobody);
close(1);
close(2);
diff --git a/networking/inetd.c b/networking/inetd.c
index d50bbd39a..54294b635 100644
--- a/networking/inetd.c
+++ b/networking/inetd.c
@@ -1513,11 +1513,11 @@ inetd_main (int argc, char *argv[])
if (sep->se_group) {
pwd->pw_gid = grp->gr_gid;
}
- setgid ((gid_t) pwd->pw_gid);
+ xsetgid ((gid_t) pwd->pw_gid);
initgroups (pwd->pw_name, pwd->pw_gid);
- setuid ((uid_t) pwd->pw_uid);
+ xsetuid((uid_t) pwd->pw_uid);
} else if (sep->se_group) {
- setgid (grp->gr_gid);
+ xsetgid(grp->gr_gid);
setgroups (1, &grp->gr_gid);
}
dup2 (ctrl, 0);
diff --git a/networking/traceroute.c b/networking/traceroute.c
index 79f3957a6..c2084fc1e 100644
--- a/networking/traceroute.c
+++ b/networking/traceroute.c
@@ -941,7 +941,6 @@ traceroute_main(int argc, char *argv[])
#endif
u_short off = 0;
struct IFADDRLIST *al;
- int uid = getuid();
char *device = NULL;
int max_ttl = 30;
char *max_ttl_str = NULL;
@@ -1010,8 +1009,7 @@ traceroute_main(int argc, char *argv[])
* set the ip source address of the outbound
* probe (e.g., on a multi-homed host).
*/
- if (uid)
- bb_error_msg_and_die("-s %s: Permission denied", source);
+ if (getuid()) bb_error_msg_and_die("-s %s: Permission denied", source);
}
if(waittime_str)
waittime = str2val(waittime_str, "wait time", 2, 24 * 60 * 60);
@@ -1160,8 +1158,8 @@ traceroute_main(int argc, char *argv[])
sizeof(on));
/* Revert to non-privileged user after opening sockets */
- setgid(getgid());
- setuid(uid);
+ xsetgid(getgid());
+ xsetuid(getuid());
outip = (struct ip *)xcalloc(1, (unsigned)packlen);