commit: aec8612a21a3dde2f466b084675a06f6b364a6d4
parent: d79764eb05ff8dbd83a6b536713984330c66a5df
author: Brian Callahan <bcallah@openbsd.org>
date: Sun, 1 Nov 2020 10:06:47 -0500
Linux has a getauxval(AT_SECURE) function, which is equivalent to
OpenBSD's issetugid. Let's use it.
4 files changed, 67 insertions(+), 4 deletions(-)
diff --git a/configure b/configure
@@ -31,7 +31,7 @@ OBJS = alloc.o asprintf.o c_ksh.o c_sh.o c_test.o c_ulimit.o edit.o \\
emacs.o eval.o exec.o expr.o history.o io.o jobs.o lex.o mail.o \\
main.o misc.o path.o shf.o syn.o table.o trap.o tree.o tty.o var.o \\
version.o vi.o confstr.o reallocarray.o siglist.o signame.o \\
- strlcat.o strlcpy.o strtonum.o unvis.o vis.o
+ strlcat.o strlcpy.o strtonum.o unvis.o vis.o issetugid.o
all: \${PROG}
@@ -279,6 +279,22 @@ EOF
fi
}
+getauxvalcheck() {
+ cat << EOF > conftest.c
+#include <sys/auxv.h>
+int main(void){getauxval(AT_SECURE);return 0;}
+EOF
+ $cc $cflags -o conftest.o -c conftest.c > /dev/null 2>&1
+ $cc $ldflags -o conftest conftest.o > /dev/null 2>&1
+ if [ $? -eq 0 ] ; then
+ rm -f conftest conftest.o conftest.c
+ return 0
+ else
+ rm -f conftest conftest.o conftest.c
+ return 1
+ fi
+}
+
issetugidcheck() {
cat << EOF > conftest.c
#include <unistd.h>
@@ -814,7 +830,8 @@ if [ $doconfigure -eq 0 ] ; then
/* #define HAVE_ASPRINTF */
/* #define HAVE_CONFSTR */
#define NO_CURSES
-#define issetugid(x) 0
+/* #define HAVE_ISSETUGID */
+/* #define HAVE_GETAUXVAL */
/* #define HAVE_PLEDGE */
/* #define HAVE_REALLOCARRAY */
/* #define HAVE_SETRESGID */
@@ -1019,10 +1036,18 @@ fi
printf "checking for issetugid... "
issetugidcheck
if [ $? -eq 0 ] ; then
+ echo "#define HAVE_ISSETUGID" >> pconfig.h
echo "yes"
else
- echo "#define issetugid(x) 0" >> pconfig.h
echo "no"
+ printf "checking for getauxval(AT_SECURE)... "
+ getauxvalcheck
+ if [ $? -eq 0 ] ; then
+ echo "#define HAVE_GETAUXVAL" >> pconfig.h
+ echo "yes"
+ else
+ echo "no"
+ fi
fi
printf "checking for pledge... "
diff --git a/issetugid.c b/issetugid.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2020 Brian Callahan <bcallah@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "pconfig.h"
+
+#ifdef HAVE_ISSETUGID
+#include <unistd.h>
+#elif defined(HAVE_GETAUXVAL)
+#include <sys/auxv.h>
+#endif
+
+int
+oksh_issetugid(void)
+{
+
+#ifdef HAVE_ISSETUGID
+ return issetugid();
+#elif defined(HAVE_GETAUXVAL)
+ return (int) getauxval(AT_SECURE);
+#else
+ return 0;
+#endif
+}
diff --git a/misc.c b/misc.c
@@ -292,7 +292,7 @@ change_flag(enum sh_flag f,
}
} else
/* Turning off -p? */
- if (f == FPRIVILEGED && oldval && !newval && issetugid() &&
+ if (f == FPRIVILEGED && oldval && !newval && oksh_issetugid() &&
!dropped_privileges) {
gid_t gid = getgid();
diff --git a/portable.h b/portable.h
@@ -231,6 +231,8 @@ long long strtonum(const char *numstr, long long minval, long long maxval,
int strunvis(char *, const char *);
#endif /* !HAVE_STRUNVIS */
+int oksh_issetugid(void);
+
/*
* Externs
*/
