From: Tom Yu Date: Thu, 21 Jan 1999 02:44:00 +0000 (+0000) Subject: * login.c (main): Call setluid() X-Git-Tag: krb5-1.1-beta1~412 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=cf8408b6f975132f9b144a53b723c2210bc05348;p=krb5.git * login.c (main): Call setluid() * krshd.c (doit): Call setluid(). * configure.in: Check for setluid() rather than main() in libsecurity. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11111 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index 9ea3553af..fdea771fd 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,12 @@ +Wed Jan 20 21:42:41 1999 Tom Yu + + * login.c (main): Call setluid(). + + * krshd.c (doit): Call setluid(). + + * configure.in: Check for setluid() rather than main() in + libsecurity. + 1998-11-28 Sam Hartman * krshd.c krsh.c: Use RCMD_BUFSIZ not RSH_BUFSIZE [krb5-appl/678] diff --git a/src/appl/bsd/configure.in b/src/appl/bsd/configure.in index e9895225a..15db24fe6 100644 --- a/src/appl/bsd/configure.in +++ b/src/appl/bsd/configure.in @@ -30,7 +30,7 @@ case $krb5_cv_host in krb5_cv_has_streams=no ;; alpha-dec-osf*) - AC_CHECK_LIB(security,main, + AC_CHECK_LIB(security,setluid, AC_DEFINE(HAVE_SETLUID) LOGINLIBS="$LOGINLIBS -lsecurity" ) diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index e8a1b11c8..7e0555f00 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -1311,6 +1311,13 @@ if(port) initgroups(pwd->pw_name, pwd->pw_gid); } #endif +#ifdef HAVE_SETLUID + /* + * If we're on a system which keeps track of login uids, then + * set the login uid. + */ + setluid((uid_t) pwd->pw_uid); +#endif /* HAVE_SETLUID */ (void) setuid((uid_t)pwd->pw_uid); /* if TZ is set in the parent, drag it in */ { diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c index 6c651b006..97a230d01 100644 --- a/src/appl/bsd/login.c +++ b/src/appl/bsd/login.c @@ -1604,14 +1604,15 @@ int main(argc, argv) #endif #ifdef HAVE_SETLUID - /* - * If we're on a system which keeps track of login uids, then - * attempt to set the login uid, but don't get too unhappy when/if - * it doesn't succeed. - */ - if ((uid_t) getluid() < (uid_t) 0) { - setluid((uid_t) pwd->pw_uid); - } + /* + * If we're on a system which keeps track of login uids, then + * set the login uid. If this fails this opens up a problem on DEC OSF + * with C2 enabled. + */ + if (setluid((uid_t) pwd->pw_uid) < 0) { + perror("setuid"); + sleepexit(1); + } #endif /* HAVE_SETLUID */ #ifdef _IBMR2 setuidx(ID_LOGIN, pwd->pw_uid);