zsh-workers
 help / color / mirror / code / Atom feed
From: Jun T <takimoto-j@kba.biglobe.ne.jp>
To: zsh-workers@zsh.org
Subject: Re: Speaking of 5.8.1.3-test ...
Date: Tue, 10 May 2022 13:05:41 +0900	[thread overview]
Message-ID: <83D915BA-288A-4A60-AA32-964B78861D0E@kba.biglobe.ne.jp> (raw)
In-Reply-To: <CAH+w=7Z+EmB0Bg2rUdOtktkx-rQHFSu-+2CbeYdC20rYZ-Xq8Q@mail.gmail.com>


> 2022/05/07 11:59, Bart Schaefer <schaefer@brasslantern.com> wrote:
> 
> Has anyone tried this at all?  No reports +/- so far.

If there is anyone familiar with NetBSD please correct me if I'm wrong.

If I run P01privileged as a root on NetBSD-9.2, the following four test
chunks fail:
  EUID set to RUID after disabling PRIVILEGED
  not possible to regain EUID when unprivileged after disabling PRIVILEGED
  not possible to regain EGID when unprivileged after disabling PRIVILEGED
  getpwuid() fails with non-existent RUID and 0 EUID

In all of these cases, error output includes:
zsh:unsetopt:1: PRIVILEGED: can't drop privileges; was able to restore the e[ug]id

"unsetopt privileged" calls
  setresuid(getuid(), getuid(), getuid())
at line 853 in options.c. NetBSD does not have setresuid(), and the wrapper
in openssh_bsd_setres_id.c is used, which calls
  setreuid(ruid, ruid)
But man setreuid(2) (on NetBSD) says:
  "If the real user ID is changed, the saved user ID is
    changed to the new value of the effective user ID."
In the above setreuid(ruid, ruid), the real uid ruid=getuid() does not change,
so the saved uid is not changed (and euid can be restored to it later).

The same manpage also says that setreuid() "is made obsolete by the saved ID
functionality in setuid(2) and seteuid(2)". And man setuid(2) says:
  "The setuid() function sets the real and effective user IDs and the saved
   set-user-ID of the current process to the specified value."
So just calling setuid(getuid()) is enough for dropping the privilege.

A simple workaround would be the following.
Or we can define BROKEN_SETRE{U,G}ID in configure.ac if $host_os is netbsd.

PS
P01privileged passes on FreeBSD-13, Dragonfly-6 and OpenBSD-7.


diff --git a/Src/openssh_bsd_setres_id.c b/Src/openssh_bsd_setres_id.c
index 217a6d074..26c7d3958 100644
--- a/Src/openssh_bsd_setres_id.c
+++ b/Src/openssh_bsd_setres_id.c
@@ -55,6 +55,16 @@
 #include <unistd.h>
 #include <string.h>
 
+#ifdef __NetBSD__
+/*
+ * On NetBSD, setreuid() does not reset the saved uid if the real uid
+ * is not modified. Better to use setuid() that resets all of real,
+ * effective and saved uids to the specified value. Same for setregid().
+ */
+#define BROKEN_SETREUID
+#define BROKEN_SETREGID
+#endif
+
 #if defined(ZSH_IMPLEMENT_SETRESGID) || defined(BROKEN_SETRESGID)
 int
 setresgid(gid_t rgid, gid_t egid, gid_t sgid)





  parent reply	other threads:[~2022-05-10  4:08 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-07  2:59 Bart Schaefer
2022-05-07  3:50 ` dana
2022-05-07  4:06 ` Daniel Shahaf
2022-05-08 14:26   ` Axel Beckert
2022-05-09  7:07     ` Luna Jernberg
2022-05-09  9:58     ` Axel Beckert
2022-05-10 17:28       ` Axel Beckert
2022-05-10 17:55         ` Bart Schaefer
2022-05-11 10:06           ` Axel Beckert
2022-05-08  4:10 ` Matthew Martin
2022-05-09  6:52 ` Kamil Dudka
2022-05-10  4:05 ` Jun T [this message]
2022-05-10 16:41   ` Bart Schaefer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=83D915BA-288A-4A60-AA32-964B78861D0E@kba.biglobe.ne.jp \
    --to=takimoto-j@kba.biglobe.ne.jp \
    --cc=zsh-workers@zsh.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).