[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-ports-bugs
Subject: ports/72634: port gnustep-base runs gdomap with UID=4294967294
From: Alex Semenyaka <alexs () semenyaka ! ru>
Date: 2004-09-30 23:12:42
Message-ID: 200409302312.i8UNCgB2013171 () stupid ! rinet ! ru
[Download RAW message or body]
> Number: 72634
> Category: ports
> Synopsis: port gnustep-base runs gdomap with UID=4294967294
> Confidential: no
> Severity: non-critical
> Priority: medium
> Responsible: freebsd-ports-bugs
> State: open
> Quarter:
> Keywords:
> Date-Required:
> Class: sw-bug
> Submitter-Id: current-users
> Arrival-Date: Wed Oct 13 12:20:23 GMT 2004
> Closed-Date:
> Last-Modified:
> Originator: Alex Semenyaka
> Release: FreeBSD 6.0-CURRENT i386
> Organization:
n/a
> Environment:
System: FreeBSD stupid.rinet.ru 6.0-CURRENT FreeBSD 6.0-CURRENT #5: Sun Sep 26 \
01:27:08 MSD 2004 root@stupid.rinet.ru:/usr/obj/usr/src/sys/STUPID i386
gnustep-base-1.8.0_2
> Description:
Gdomap is GNUstep Distributed Objects name server. It serves as networking server.
It does not need to have an access to the filesystem so it runs with low priveledges.
While starting it does chroot() to the directory /tmp and then changes effective
user ID from 0 to some unpriveledged value. The default value of new UID is -2,
but the program uses getpwnam("nobody") to determine the correct value for the
user ``nobody''.
Unfortunatelly instead of the correct value 65534 (user ``nobody'') UID becomes
equal to 4294967294 (unsigned int from -2). This happens because of getpwnam()
failure, and the cause of this failure is the error of ``/etc/pwd.db'' opening.
> How-To-Repeat:
cd /usr/ports/lang/gnustep-base
make install clean
sh /usr/local/etc/rc.d/GNUstep.sh start
ps awwux | grep gdomap
> Fix:
Just change the order of blocks with chroot() and setuid(). Here is the patch:
--- Tools/gdomap.c.old Tue Sep 23 03:06:51 2003
+++ Tools/gdomap.c Fri Oct 1 02:47:33 2004
@@ -4599,30 +4599,6 @@
#endif
}
-#if !defined(__svr4__)
- /*
- * As another level of paranoia - restrict this process to /tmp
- */
- if (chdir("/tmp") < 0)
- {
- sprintf(ebuf, "Unable to change directory to /tmp");
- gdomap_log(LOG_CRIT);
- exit(EXIT_FAILURE);
- }
-#ifndef __MINGW__
- if (geteuid() == 0)
- {
- if (chroot("/tmp") < 0)
- {
- sprintf(ebuf, "Unable to change root to /tmp");
- gdomap_log(LOG_CRIT);
- exit(EXIT_FAILURE);
- }
- chdir("/");
- }
-#endif /* __MINGW__ */
-#endif /* __svr4__ */
-
#ifndef __MINGW__
/*
* Try to become a 'safe' user now that we have
@@ -4663,6 +4639,30 @@
}
#endif /* __MINGW__ */
+
+#if !defined(__svr4__)
+ /*
+ * As another level of paranoia - restrict this process to /tmp
+ */
+ if (chdir("/tmp") < 0)
+ {
+ sprintf(ebuf, "Unable to change directory to /tmp");
+ gdomap_log(LOG_CRIT);
+ exit(EXIT_FAILURE);
+ }
+#ifndef __MINGW__
+ if (geteuid() == 0)
+ {
+ if (chroot("/tmp") < 0)
+ {
+ sprintf(ebuf, "Unable to change root to /tmp");
+ gdomap_log(LOG_CRIT);
+ exit(EXIT_FAILURE);
+ }
+ chdir("/");
+ }
+#endif /* __MINGW__ */
+#endif /* __svr4__ */
init_probe(); /* Probe other name servers on net. */
> Release-Note:
> Audit-Trail:
> Unformatted:
_______________________________________________
freebsd-ports-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs
To unsubscribe, send any mail to "freebsd-ports-bugs-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic