--- src/cmd/ksh93/data/msg.c +++ src/cmd/ksh93/data/msg.c 2007-04-02 14:59:18.748709295 +0000 @@ -180,7 +180,11 @@ const char e_crondir[] = "/var/spool/cron"; const char e_prohibited[] = "login setuid/setgid shells prohibited"; #if SHOPT_SUID_EXEC +# ifdef THISPROG + const char e_suidexec[] = THISPROG; +# else const char e_suidexec[] = "/etc/suid_exec"; +# endif #endif /* SHOPT_SUID_EXEC */ const char hist_fname[] = "/.sh_history"; const char e_dot[] = "."; --- src/cmd/ksh93/sh/suid_exec.c +++ src/cmd/ksh93/sh/suid_exec.c 2007-04-02 11:35:09.627236300 +0000 @@ -62,8 +62,12 @@ #define FDVERIFY 12 /* used to validate /tmp process */ #undef BLKSIZE #define BLKSIZE sizeof(char*)*1024 -#define THISPROG "/etc/suid_exec" -#define DEFSHELL "/bin/sh" +#ifndef THISPROG +# define THISPROG "/etc/suid_exec" +#endif +#ifndef DEFSHELL +# define DEFSHELL "/bin/sh" +#endif #if defined(linux) static void error_exit(const char*) __attribute__ ((noreturn)); @@ -76,11 +80,14 @@ static int endsh(const char*); # undef _lib_setreuid #endif #ifndef _lib_setreuid +# ifdef __linux__ +# error Linux provides setreuid! +# endif static void setids(int,uid_t,gid_t); static int mycopy(int, int); static void maketemp(char*); #else - static void setids(int,int,int); + static void setids(int,uid_t,gid_t); #endif /* _lib_setreuid */ static const char version[] = "\n@(#)$Id: suid_exec "SH_RELEASE" $\n"; @@ -238,11 +245,14 @@ exec: #endif /* _lib_setreuid */ /* only use SHELL if file is in trusted directory and ends in sh */ shell = getenv("SHELL"); +#ifndef __linux__ if(shell == 0 || !endsh(shell) || ( !in_dir("/bin",shell) && !in_dir("/usr/bin",shell) && - !in_dir("/usr/lbin",shell) && !in_dir("/usr/local/bin",shell))) +#else + if(shell == 0 || !endsh(shell)) +#endif shell = DEFSHELL; argv[0] = command; argv[1] = (char*)devfd; @@ -253,7 +263,7 @@ exec: /* * return true of shell ends in sh of ksh */ - +#ifndef __linux__ static int endsh(register const char *shell) { while(*shell) @@ -266,7 +276,20 @@ static int endsh(register const char *sh return(1); return(0); } - +#else +static int endsh(const char *shell) +{ + char * shx; + while ((shx = getusershell())) { + if (strcmp(shx, shell) == 0) { + endusershell(); + return(1); + } + } + endusershell(); + return(0); +} +#endif /* * return true of shell is in directory @@ -345,16 +368,29 @@ int eaccess(register const char *name, r } #ifdef _lib_setreuid +#include +#include -static void setids(int mode,int owner,int group) +static void setids(int mode,uid_t owner,gid_t group) { - if(mode & S_ISGID) - setregid(rgroupid,group); + if(mode & S_ISGID) { + struct passwd *pwd; + + if (setregid(rgroupid,group)) + error_exit(badexec); + + if (((pwd = getpwuid(owner)) == (struct passwd*)0) || !(pwd->pw_name)) + error_exit(badexec); + + if (initgroups (pwd->pw_name, group)) + error_exit(badexec); + } /* set effective uid even if S_ISUID is not set. This is because * we are *really* executing EUID root at this point. Even if S_ISUID * is not set, the value for owner that is passsed should be correct. */ - setreuid(ruserid,owner); + if (setreuid(ruserid,owner)) + error_exit(badexec); } #else