X-Git-Url: https://ruderich.org/simon/gitweb/?p=ptyas%2Fptyas.git;a=blobdiff_plain;f=ptyas.c;h=b88404cb844d2226b202a794c21d159e9614e9fb;hp=d650f1858f0843ac56747354cd8c4bef3291113b;hb=refs%2Fheads%2Fmaster;hpb=85cbaa83752955830f80daec2d801c551cb603b7
diff --git a/ptyas.c b/ptyas.c
index d650f18..b88404c 100644
--- a/ptyas.c
+++ b/ptyas.c
@@ -2,20 +2,20 @@
* Run the login shell or command as the given user in a new pty to prevent
* terminal injection attacks.
*
- * Copyright (C) 2016-2019 Simon Ruderich
+ * Copyright (C) 2016-2021 Simon Ruderich
*
* This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
+ * it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * GNU Affero General Public License for more details.
*
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
*/
#define _GNU_SOURCE
@@ -117,12 +117,29 @@ static int snprintf_or_assert(char *str, size_t size, const char *format, ...) {
static void drop_privileges_or_die(uid_t uid, gid_t gid) {
/* Drop all supplementary group IDs. */
+#ifdef __FreeBSD__
+ {
+ /* FreeBSD uses the first gid to set the egid of the process. */
+ gid_t egid = gid;
+ if (setgroups(1, &egid) != 0) {
+ die("setgroups");
+ }
+ if (getgroups(1, &egid) != 1) {
+ die_fmt("failed to drop all supplementary groups\n");
+ }
+ if (egid != gid) {
+ die_fmt("failed to drop all supplementary groups (egid): %d %d\n",
+ egid, gid);
+ }
+ }
+#else
if (setgroups(0, NULL) != 0) {
die("setgroups");
}
if (getgroups(0, NULL) != 0) {
- die_fmt("failed to drop all supplementary groups");
+ die_fmt("failed to drop all supplementary groups\n");
}
+#endif
/* Dropping groups may require privileges, do that first. */
if (setresgid(gid, gid, gid) != 0) {
@@ -145,12 +162,12 @@ static void drop_privileges_or_die(uid_t uid, gid_t gid) {
}
if ( uid != ruid || uid != euid || uid != suid
|| gid != rgid || gid != egid || gid != sgid) {
- die_fmt("failed to drop privileges");
+ die_fmt("failed to drop privileges\n");
}
}
/* Just to be safe. */
if (setuid(0) != -1) {
- die_fmt("failed to drop privileges (setuid)");
+ die_fmt("failed to drop privileges (setuid)\n");
}
}