1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
/*++
/* NAME
/* set_eugid 3
/* SUMMARY
/* set effective user and group attributes
/* SYNOPSIS
/* #include <set_eugid.h>
/*
/* void set_eugid(euid, egid)
/* uid_t euid;
/* gid_t egid;
/*
/* void SAVE_AND_SET_EUGID(uid, gid)
/* uid_t uid;
/* gid_t gid;
/*
/* void RESTORE_SAVED_EUGID()
/* DESCRIPTION
/* set_eugid() sets the effective user and group process attributes
/* and updates the process group access list to be just the specified
/* effective group id.
/*
/* SAVE_AND_SET_EUGID() opens a block that executes with the
/* specified privilege. RESTORE_SAVED_EUGID() closes the block.
/* DIAGNOSTICS
/* All system call errors are fatal.
/* SEE ALSO
/* seteuid(2), setegid(2), setgroups(2)
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
/* System library. */
#include <sys_defs.h>
#include <unistd.h>
#include <grp.h>
#include <errno.h>
/* Utility library. */
#include "msg.h"
#include "set_eugid.h"
/* set_eugid - set effective user and group attributes */
void set_eugid(uid_t euid, gid_t egid)
{
int saved_errno = errno;
if (geteuid() != 0)
if (seteuid(0))
msg_fatal("set_eugid: seteuid(0): %m");
if (setegid(egid) < 0)
msg_fatal("set_eugid: setegid(%ld): %m", (long) egid);
if (setgroups(1, &egid) < 0)
msg_fatal("set_eugid: setgroups(%ld): %m", (long) egid);
if (euid != 0 && seteuid(euid) < 0)
msg_fatal("set_eugid: seteuid(%ld): %m", (long) euid);
if (msg_verbose)
msg_info("set_eugid: euid %ld egid %ld", (long) euid, (long) egid);
errno = saved_errno;
}
|
