From ba6514e2a4d515c670a90390ec76d6d9d6649222 Mon Sep 17 00:00:00 2001 From: Eric Allman Date: Mon, 19 Jul 1993 18:30:40 -0800 Subject: [PATCH] HASSETEUID => HASSETREUID and changes to avoid having to do setuid(getuid()) in main. SCCS-vsn: usr.sbin/sendmail/src/READ_ME 8.4 SCCS-vsn: usr.sbin/sendmail/src/recipient.c 8.6 SCCS-vsn: usr.sbin/sendmail/src/main.c 8.6 SCCS-vsn: usr.sbin/sendmail/src/conf.h 8.5 SCCS-vsn: usr.sbin/sendmail/src/alias.c 8.5 --- usr/src/usr.sbin/sendmail/src/READ_ME | 26 ++++---- usr/src/usr.sbin/sendmail/src/alias.c | 18 ++--- usr/src/usr.sbin/sendmail/src/conf.h | 80 ++++++++++++++++------- usr/src/usr.sbin/sendmail/src/main.c | 5 +- usr/src/usr.sbin/sendmail/src/recipient.c | 9 ++- 5 files changed, 87 insertions(+), 51 deletions(-) diff --git a/usr/src/usr.sbin/sendmail/src/READ_ME b/usr/src/usr.sbin/sendmail/src/READ_ME index 4f7d1d598a..681cbfce57 100644 --- a/usr/src/usr.sbin/sendmail/src/READ_ME +++ b/usr/src/usr.sbin/sendmail/src/READ_ME @@ -4,7 +4,7 @@ # # %sccs.include.redist.sh% # -# @(#)READ_ME 8.3 (Berkeley) %G% +# @(#)READ_ME 8.4 (Berkeley) %G% # This directory contains the source files for sendmail. @@ -66,16 +66,18 @@ HASINITGROUPS Define this if you have the initgroups(3) routine. HASSETVBUF Define this if you have the setvbuf(3) library call. If you don't, setlinebuf will be used instead. This defaults on if your compiler defines __STDC__. -HASSETEUID Define this if you have seteuid(2) ***AND*** root can use - it to change to an arbitrary user. This second condition - is not satisfied on AIX 3.x. You may find that - your system has setreuid(2) or setresuid(2), in which - case you will also have to #define seteuid(uid) to be - the appropriate call. The important thing is that you - have a call that will set the effective uid and NOT - set the real or saved uid. Setting this improves the - security somewhat, since sendmail doesn't have to read - .forward and :include: files as root. +HASSETREUID Define this if you have setreuid(2) ***AND*** root can + use setreuid to change to an arbitrary user. This second + condition is not satisfied on AIX 3.x. You may find that + your system has setresuid(2), (for example, on HP-UX) in + which case you will also have to #define setreuid(r, e) + to be the appropriate call. Some systems (such as Solaris) + have a compatibility routine that doesn't work properly. + The important thing is that you have a call that will set + the effective uid independently of the real or saved uid. + Setting this improves the security somewhat, since + sendmail doesn't have to read .forward and :include: files + as root. LA_TYPE The type of load average your kernel supports. These can be LA_SUBR (4) if you have the getloadavg(3) routine, LA_FLOAT (3) if you read kmem and interpret the value @@ -214,4 +216,4 @@ version.c The version number and information about this Eric Allman -(Version 8.3, last update %G% 12:58:13) +(Version 8.4, last update %G% 11:30:32) diff --git a/usr/src/usr.sbin/sendmail/src/alias.c b/usr/src/usr.sbin/sendmail/src/alias.c index e459cef8ed..bf522fdd0f 100644 --- a/usr/src/usr.sbin/sendmail/src/alias.c +++ b/usr/src/usr.sbin/sendmail/src/alias.c @@ -11,7 +11,7 @@ # include #ifndef lint -static char sccsid[] = "@(#)alias.c 8.4 (Berkeley) %G%"; +static char sccsid[] = "@(#)alias.c 8.5 (Berkeley) %G%"; #endif /* not lint */ @@ -670,7 +670,7 @@ forward(user, sendq, e) { char *pp; char *ep; -#ifdef HASSETEUID +#ifdef HASSETREUID register ADDRESS *ca; uid_t saveduid, uid; #endif @@ -693,7 +693,7 @@ forward(user, sendq, e) if (ForwardPath == NULL) ForwardPath = newstr("\201z/.forward"); -#ifdef HASSETEUID +#ifdef HASSETREUID ca = getctladdr(user); if (ca != NULL) uid = ca->q_uid; @@ -718,10 +718,10 @@ forward(user, sendq, e) if (tTd(27, 9)) printf("forward: old uid = %d/%d\n", getuid(), geteuid()); -#ifdef HASSETEUID +#ifdef HASSETREUID saveduid = geteuid(); if (saveduid == 0 && uid != 0) - (void) seteuid(uid); + (void) setreuid(0, uid); #endif if (tTd(27, 9)) @@ -729,11 +729,11 @@ forward(user, sendq, e) err = include(buf, TRUE, user, sendq, e); -#ifdef HASSETEUID +#ifdef HASSETREUID if (saveduid == 0 && uid != 0) - if (seteuid(saveduid) < 0) - syserr("seteuid(%d) failure (real=%d, eff=%d)", - saveduid, getuid(), geteuid()); + if (setreuid(-1, 0) < 0 || setreuid(RealUid, 0) < 0) + syserr("setreuid(%d, 0) failure (real=%d, eff=%d)", + RealUid, getuid(), geteuid()); #endif if (tTd(27, 9)) diff --git a/usr/src/usr.sbin/sendmail/src/conf.h b/usr/src/usr.sbin/sendmail/src/conf.h index 89f1c548e0..e7fd6ea4d2 100644 --- a/usr/src/usr.sbin/sendmail/src/conf.h +++ b/usr/src/usr.sbin/sendmail/src/conf.h @@ -5,7 +5,7 @@ * * %sccs.include.redist.c% * - * @(#)conf.h 8.4 (Berkeley) %G% + * @(#)conf.h 8.5 (Berkeley) %G% */ /* @@ -16,10 +16,10 @@ # include # include -/* +/********************************************************************** ** Table sizes, etc.... ** There shouldn't be much need to change these.... -*/ +**********************************************************************/ # define MAXLINE 2048 /* max line length */ # define MAXNAME 256 /* max length of a name */ @@ -41,11 +41,11 @@ # define QUEUESIZE 1000 /* max # of jobs per queue run */ # endif -/* +/********************************************************************** ** Compilation options. ** ** #define these if they are available; comment them out otherwise. -*/ +**********************************************************************/ # define LOG 1 /* enable logging */ # define UGLYUUCP 1 /* output ugly UUCP From lines */ @@ -59,12 +59,12 @@ # define USERDB 1 /* look in user database (requires NEWDB) */ # endif -/* +/********************************************************************** ** Operating system configuration. ** ** Unless you are porting to a new OS, you shouldn't have to ** change these. -*/ +**********************************************************************/ /* general "standard C" defines */ #ifdef __STDC__ @@ -80,18 +80,24 @@ ** Per-Operating System defines */ -/* HP-UX -- tested for 8.07 */ +/* +** HP-UX -- tested for 8.07 +*/ + # ifdef __hpux # define SYSTEM5 1 /* include all the System V defines */ # define UNSETENV 1 /* need unsetenv(3) support */ -# define HASSETEUID 1 /* we have seteuid call */ -# define seteuid(uid) setresuid(-1, uid, -1) +# define HASSETREUID 1 /* have setreuid(2) call */ +# define setreuid(r, e) setresuid(r, e, -1) # ifndef __STDC__ # define HASSETVBUF 1 /* we have setvbuf in libc (but not __STDC__) */ # endif # endif -/* IBM AIX 3.x -- actually tested for 3.2.3 */ +/* +** IBM AIX 3.x -- actually tested for 3.2.3 +*/ + # ifdef _AIX3 # define LOCKF 1 /* use System V lockf instead of flock */ # define FORK fork /* no vfork primitive available */ @@ -99,20 +105,29 @@ # define SYS5TZ 1 /* use System V style timezones */ # endif -/* Silicon Graphics IRIX */ +/* +** Silicon Graphics IRIX +** +** I haven't tested this yet myself. +*/ + # ifdef IRIX # define FORK fork /* no vfork primitive available */ # define UNSETENV 1 /* need unsetenv(3) support */ # define setpgrp BSDsetpgrp # endif -/* various systems from Sun Microsystems */ + +/* +** SunOS +*/ + #if defined(sun) && !defined(BSD) # define UNSETENV 1 /* need unsetenv(3) support */ # ifdef SOLARIS - /* Solaris 2.x */ + /* Solaris 2.x (a.k.a. SunOS 5.x) */ # define LOCKF 1 /* use System V lockf instead of flock */ # define HASUSTAT 1 /* has the ustat(2) syscall */ # define bcopy(s, d, l) (memmove((d), (s), (l))) @@ -123,31 +138,43 @@ # else /* SunOS 4.1.x */ # define HASSTATFS 1 /* has the statfs(2) syscall */ -# define HASSETEUID 1 /* we have seteuid call */ +# define HASSETREUID 1 /* have setreuid(2) call */ # include # endif #endif -/* Digital Ultrix 4.2A or 4.3 */ +/* +** Digital Ultrix 4.2A or 4.3 +*/ + #ifdef ultrix # define HASSTATFS 1 /* has the statfs(2) syscall */ -# define HASSETEUID 1 /* we have seteuid call */ +# define HASSETREUID 1 /* have setreuid(2) call */ #endif -/* OSF/1 (tested on Alpha) */ +/* +** OSF/1 (tested on Alpha) +*/ + #ifdef __osf__ -# define HASSETEUID 1 /* we have seteuid call */ +# define HASSETREUID 1 /* have setreuid(2) call */ # define seteuid(uid) setreuid(-1, uid) #endif -/* NeXTstep */ +/* +** NeXTstep +*/ + #ifdef __NeXT__ # define sleep sleepX # define UNSETENV 1 /* need unsetenv(3) support */ #endif -/* various flavors of BSD */ +/* +** BSD +*/ + #ifdef BSD # define HASGETDTABLESIZE 1 /* we have getdtablesize(2) call */ #endif @@ -155,11 +182,14 @@ /* 4.4BSD */ #ifdef BSD4_4 # include -# define HASSETEUID 1 /* we have seteuid(2) call */ +# define HASSETREUID 1 /* have setreuid(2) call */ # define ERRLIST_PREDEFINED /* don't declare sys_errlist */ #endif -/* SCO Unix */ +/* +** SCO Unix +*/ + #ifdef _SCO_unix_ # define SYSTEM5 1 /* include all the System V defines */ # define UNSETENV 1 /* need unsetenv(3) support */ @@ -167,9 +197,9 @@ # define MAXPATHLEN PATHSIZE #endif -/* +/********************************************************************** ** End of Per-Operating System defines -*/ +**********************************************************************/ /* general System V defines */ # ifdef SYSTEM5 diff --git a/usr/src/usr.sbin/sendmail/src/main.c b/usr/src/usr.sbin/sendmail/src/main.c index 3b23c32d9e..15d5fc52f5 100644 --- a/usr/src/usr.sbin/sendmail/src/main.c +++ b/usr/src/usr.sbin/sendmail/src/main.c @@ -13,7 +13,7 @@ static char copyright[] = #endif /* not lint */ #ifndef lint -static char sccsid[] = "@(#)main.c 8.5 (Berkeley) %G%"; +static char sccsid[] = "@(#)main.c 8.6 (Berkeley) %G%"; #endif /* not lint */ #define _DEFINE @@ -210,9 +210,6 @@ main(argc, argv, envp) else (void) sprintf(RealUserName, "Unknown UID %d", RealUid); - /* our real uid will have to be root -- we will trash this later */ - setuid((uid_t) 0); - /* save command line arguments */ i = 0; for (av = argv; *av != NULL; ) diff --git a/usr/src/usr.sbin/sendmail/src/recipient.c b/usr/src/usr.sbin/sendmail/src/recipient.c index 5de86fadbf..ccb334ef1d 100644 --- a/usr/src/usr.sbin/sendmail/src/recipient.c +++ b/usr/src/usr.sbin/sendmail/src/recipient.c @@ -7,7 +7,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)recipient.c 8.5 (Berkeley) %G%"; +static char sccsid[] = "@(#)recipient.c 8.6 (Berkeley) %G%"; #endif /* not lint */ # include "sendmail.h" @@ -669,6 +669,8 @@ include(fname, forwarding, ctladdr, sendq, e) if (tTd(27, 2)) printf("include(%s)\n", fname); + if (tTd(27, 4)) + printf(" ruid=%d euid=%d\n", getuid(), geteuid()); if (tTd(27, 14)) { printf("ctladdr "); @@ -712,6 +714,8 @@ include(fname, forwarding, ctladdr, sendq, e) int ret = errno; clrevent(ev); + if (tTd(27, 4)) + printf("include: open: %s\n", errstring(ret)); return ret; } @@ -770,6 +774,9 @@ include(fname, forwarding, ctladdr, sendq, e) sendto(buf, 1, ctladdr, 0); AliasLevel--; } + + if (ferror(fp) && tTd(27, 3)) + printf("include: read error: %s\n", errstring(errno)); if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags)) { if (tTd(27, 5)) -- 2.20.1