diff options
| author |   millert <millert@openbsd.org> | 1996-08-30 04:07:43 +0000 |
|---|---|---|
| committer | millert <millert@openbsd.org> | 1996-08-30 04:07:43 +0000 |
| commit | 1437b3ae521cb60c53bef1b5d8f44250adb12f80 (patch) | |
| tree | 9b6aa3f707ff62b237fe4a35193a80bc138c44ba /lib/libc | |
| parent | bail if euid != 0; keeps us from fork-bombing with rcmd that calls rsh(1). (diff) | |
| download | wireguard-openbsd-1437b3ae521cb60c53bef1b5d8f44250adb12f80.tar.xz wireguard-openbsd-1437b3ae521cb60c53bef1b5d8f44250adb12f80.zip | |
call rcmdsh() if euid != 0 and port is shell/tcp. This lets us
get away with fewer setuid binaries.
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/net/rcmd.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/libc/net/rcmd.c b/lib/libc/net/rcmd.c index ef98e882a2f..2530c9d5a28 100644 --- a/lib/libc/net/rcmd.c +++ b/lib/libc/net/rcmd.c @@ -32,7 +32,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: rcmd.c,v 1.11 1996/08/19 08:29:39 tholo Exp $"; +static char *rcsid = "$OpenBSD: rcmd.c,v 1.12 1996/08/30 04:07:43 millert Exp $"; #endif /* LIBC_SCCS and not lint */ #include <sys/param.h> @@ -72,6 +72,13 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p) int s, lport, timo; char c; + /* use rsh(1) if non-root and remote port is shell. */ + if (geteuid()) { + struct servent *sp = getservbyname("shell", "tcp"); + if (sp && sp->s_port == rport) + return(rcmdsh(ahost, rport, locuser, remuser, cmd, NULL)); + } + pid = getpid(); hp = gethostbyname(*ahost); if (hp == NULL) { @@ -79,6 +86,7 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p) return (-1); } *ahost = hp->h_name; + oldmask = sigblock(sigmask(SIGURG)); for (timo = 1, lport = IPPORT_RESERVED - 1;;) { s = rresvport(&lport); |