Index: appl/gssftp/ftpd/ftpd.c
===================================================================
*** appl/gssftp/ftpd/ftpd.c (revision 18440)
--- appl/gssftp/ftpd/ftpd.c (working copy)
***************
*** 1367,1373 ****
goto bad;
sleep(tries);
}
! (void) krb5_seteuid((uid_t)pw->pw_uid);
#ifdef IP_TOS
#ifdef IPTOS_THROUGHPUT
on = IPTOS_THROUGHPUT;
--- 1367,1375 ----
goto bad;
sleep(tries);
}
! if (krb5_seteuid((uid_t)pw->pw_uid)) {
! fatal("seteuid user");
! }
#ifdef IP_TOS
#ifdef IPTOS_THROUGHPUT
on = IPTOS_THROUGHPUT;
***************
*** 1377,1383 ****
#endif
return (fdopen(s, fmode));
bad:
! (void) krb5_seteuid((uid_t)pw->pw_uid);
(void) close(s);
return (NULL);
}
--- 1379,1387 ----
#endif
return (fdopen(s, fmode));
bad:
! if (krb5_seteuid((uid_t)pw->pw_uid)) {
! fatal("seteuid user");
! }
(void) close(s);
return (NULL);
}
***************
*** 2186,2192 ****
(void) krb5_seteuid((uid_t)pw->pw_uid);
goto pasv_error;
}
! (void) krb5_seteuid((uid_t)pw->pw_uid);
len = sizeof(pasv_addr);
if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
goto pasv_error;
--- 2190,2198 ----
(void) krb5_seteuid((uid_t)pw->pw_uid);
goto pasv_error;
}
! if (krb5_seteuid((uid_t)pw->pw_uid)) {
! fatal("seteuid user");
! }
len = sizeof(pasv_addr);
if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
goto pasv_error;
Index: appl/bsd/v4rcp.c
===================================================================
*** appl/bsd/v4rcp.c (revision 18440)
--- appl/bsd/v4rcp.c (working copy)
***************
*** 436,442 ****
kstream_set_buffer_mode (krem, 0);
#endif /* KERBEROS && !NOENCRYPTION */
(void) response();
! (void) setuid(userid);
source(--argc, ++argv);
exit(errs);
--- 436,445 ----
kstream_set_buffer_mode (krem, 0);
#endif /* KERBEROS && !NOENCRYPTION */
(void) response();
! if (setuid(userid)) {
! error("rcp: can't setuid(user)\n");
! exit(1);
! }
source(--argc, ++argv);
exit(errs);
***************
*** 452,458 ****
krem = kstream_create_from_fd (rem, 0, 0);
kstream_set_buffer_mode (krem, 0);
#endif /* KERBEROS && !NOENCRYPTION */
! (void) setuid(userid);
sink(--argc, ++argv);
exit(errs);
--- 455,464 ----
krem = kstream_create_from_fd (rem, 0, 0);
kstream_set_buffer_mode (krem, 0);
#endif /* KERBEROS && !NOENCRYPTION */
! if (setuid(userid)) {
! error("rcp: can't setuid(user)\n");
! exit(1);
! }
sink(--argc, ++argv);
exit(errs);
Index: appl/bsd/krcp.c
===================================================================
*** appl/bsd/krcp.c (revision 18440)
--- appl/bsd/krcp.c (working copy)
***************
*** 620,626 ****
euid = geteuid();
if (euid == 0) {
! (void) setuid(0);
if(krb5_seteuid(userid)) {
perror("rcp seteuid user"); errs++; exit(errs);
}
--- 620,628 ----
euid = geteuid();
if (euid == 0) {
! if (setuid(0)) {
! perror("rcp setuid 0"); errs++; exit(errs);
! }
if(krb5_seteuid(userid)) {
perror("rcp seteuid user"); errs++; exit(errs);
}
***************
*** 638,648 ****
continue;
rcmd_stream_init_normal();
#ifdef HAVE_SETREUID
! (void) setreuid(0, userid);
sink(1, argv+argc-1);
! (void) setreuid(userid, 0);
#else
! (void) setuid(0);
if(seteuid(userid)) {
perror("rcp seteuid user"); errs++; exit(errs);
}
--- 640,656 ----
continue;
rcmd_stream_init_normal();
#ifdef HAVE_SETREUID
! if (setreuid(0, userid)) {
! perror("rcp setreuid 0,user"); errs++; exit(errs);
! }
sink(1, argv+argc-1);
! if (setreuid(userid, 0)) {
! perror("rcp setreuid user,0"); errs++; exit(errs);
! }
#else
! if (setuid(0)) {
! perror("rcp setuid 0"); errs++; exit(errs);
! }
if(seteuid(userid)) {
perror("rcp seteuid user"); errs++; exit(errs);
}
Index: appl/bsd/login.c
===================================================================
*** appl/bsd/login.c (revision 18440)
--- appl/bsd/login.c (working copy)
***************
*** 1648,1654 ****
}
#endif /* HAVE_SETLUID */
#ifdef _IBMR2
! setuidx(ID_LOGIN, pwd->pw_uid);
#endif
/* This call MUST succeed */
--- 1648,1657 ----
}
#endif /* HAVE_SETLUID */
#ifdef _IBMR2
! if (setuidx(ID_LOGIN, pwd->pw_uid) < 0) {
! perror("setuidx");
! sleepexit(1);
! };
#endif
/* This call MUST succeed */
Index: appl/bsd/krshd.c
===================================================================
*** appl/bsd/krshd.c (revision 18440)
--- appl/bsd/krshd.c (working copy)
***************
*** 1403,1411 ****
* If we're on a system which keeps track of login uids, then
* set the login uid.
*/
! setluid((uid_t) pwd->pw_uid);
#endif /* HAVE_SETLUID */
! (void) setuid((uid_t)pwd->pw_uid);
/* if TZ is set in the parent, drag it in */
{
char **findtz = environ;
--- 1403,1417 ----
* If we're on a system which keeps track of login uids, then
* set the login uid.
*/
! if (setluid((uid_t) pwd->pw_uid) < 0) {
! perror("setluid");
! _exit(1);
! }
#endif /* HAVE_SETLUID */
! if (setuid((uid_t)pwd->pw_uid) < 0) {
! perror("setuid");
! _exit(1);
! }
/* if TZ is set in the parent, drag it in */
{
char **findtz = environ;
Index: clients/ksu/main.c
===================================================================
*** clients/ksu/main.c (revision 18440)
--- clients/ksu/main.c (working copy)
***************
*** 893,900 ****
struct stat st_temp;
krb5_seteuid(0);
! krb5_seteuid(target_uid);
!
cc_name = krb5_cc_get_name(context, cc);
if ( ! stat(cc_name, &st_temp)){
if ((retval = krb5_cc_destroy(context, cc))){
--- 893,904 ----
struct stat st_temp;
krb5_seteuid(0);
! if (krb5_seteuid(target_uid) < 0) {
! com_err(prog_name, errno,
! "while changing to target uid for destroying ccache");
! exit(1);
! }
!
cc_name = krb5_cc_get_name(context, cc);
if ( ! stat(cc_name, &st_temp)){
if ((retval = krb5_cc_destroy(context, cc))){
Index: lib/krb4/kuserok.c
===================================================================
*** lib/krb4/kuserok.c (revision 18440)
--- lib/krb4/kuserok.c (working copy)
***************
*** 159,167 ****
*/
if(getuid() == 0) {
uid_t old_euid = geteuid();
! seteuid(pwd->pw_uid);
fp = fopen(pbuf, "r");
! seteuid(old_euid);
if ((fp) == NULL) {
return(NOTOK);
}
--- 159,169 ----
*/
if(getuid() == 0) {
uid_t old_euid = geteuid();
! if (seteuid(pwd->pw_uid) < 0)
! return NOTOK;
fp = fopen(pbuf, "r");
! if (seteuid(old_euid) < 0)
! return NOTOK;
if ((fp) == NULL) {
return(NOTOK);
}