- (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.

   Based on patch from Tim Rice <tim@multitalents.net>

diff --git a/ChangeLog b/ChangeLog
index 61c779d241846853792fe06d8ea911e075946bed..c7280b47ece4cfb1e2e3c1473de3ed5c51d15b0f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 20010226
  - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
+ - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics. 
+   Based on patch from Tim Rice <tim@multitalents.net>
 
 20010225
  - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile

diff --git a/acconfig.h b/acconfig.h
index 0425e71cc4e59f7762a74004bccf3d2458dcbbde..0f1fc41bf70f000464c30676aebd9d59c816b6c7 100644 (file)
--- a/acconfig.h
+++ b/acconfig.h
@@ -296,6 +296,9 @@
 /* Define if X11 doesn't support AF_UNIX sockets on that system */
 #undef NO_X11_UNIX_SOCKETS
 
+/* Needed for SCO and NeXT */
+#undef SAVED_IDS_WORK_WITH_SETEUID
+
 @BOTTOM@
 
 /* ******************* Shouldn't need to edit below this line ************** */

diff --git a/configure.in b/configure.in
index 15c445b42913125f32b71e8eaac3549c05c26745..7857d293094d051af45a630cf49e95061713dce3 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -152,6 +152,7 @@ mips-sony-bsd|mips-sony-newsos4)
        AC_DEFINE(HAVE_NEXT)
        AC_DEFINE(BROKEN_REALPATH)
        AC_DEFINE(USE_PIPES)
+       AC_DEFINE(SAVED_IDS_WORK_WITH_SETEUID)
        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
        CFLAGS="$CFLAGS"
        ;;
@@ -238,6 +239,7 @@ mips-sony-bsd|mips-sony-newsos4)
        AC_DEFINE(HAVE_SCO_PROTECTED_PW)
        AC_DEFINE(DISABLE_SHADOW)
        AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
+       AC_DEFINE(SAVED_IDS_WORK_WITH_SETEUID)
        AC_CHECK_FUNCS(getluid setluid)
        ;;
 *-*-sco3.2v5*)
@@ -252,6 +254,7 @@ mips-sony-bsd|mips-sony-newsos4)
        AC_DEFINE(HAVE_SCO_PROTECTED_PW)
        AC_DEFINE(DISABLE_SHADOW)
        AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
+       AC_DEFINE(SAVED_IDS_WORK_WITH_SETEUID)
        AC_CHECK_FUNCS(getluid setluid)
        ;;
 *-dec-osf*)

diff --git a/entropy.c b/entropy.c
index 66cf75fbeb9259502f63d8b40abfa1b73b60983e..0d8d15a6231bbcb518fbed8a0b885111fe750d23 100644 (file)
--- a/entropy.c
+++ b/entropy.c
@@ -825,13 +825,34 @@ void init_rng(void)
        prng_seed_saved = 0;
 
        /* Give up privs while reading seed file */
+#ifdef SAVED_IDS_WORK_WITH_SETEUID
        if ((original_uid != original_euid) && (seteuid(original_uid) == -1))
                fatal("Couldn't give up privileges");
+#else /* SAVED_IDS_WORK_WITH_SETEUID */
+       /*
+        * Propagate the privileged uid to all of our uids.
+        * Set the effective uid to the given (unprivileged) uid. 
+        */
+       if (original_uid != original_euid && setuid(original_euid) == -1 || 
+           seteuid(original_uid) == -1)
+               fatal("Couldn't give up privileges");
+#endif /* SAVED_IDS_WORK_WITH_SETEUID */
 
        prng_read_seedfile();
 
+#ifdef SAVED_IDS_WORK_WITH_SETEUID
        if ((original_uid != original_euid) && (seteuid(original_euid) == -1))
                fatal("Couldn't restore privileges");
+#else /* SAVED_IDS_WORK_WITH_SETEUID */
+       /*
+        * We are unable to restore the real uid to its unprivileged value.
+        * Propagate the real uid (usually more privileged) to effective uid
+        * as well.
+        */
+       if (original_uid != original_euid && seteuid(original_euid) == -1 || 
+           setuid(original_uid) == -1)
+               fatal("Couldn't restore privileges");
+#endif /* SAVED_IDS_WORK_WITH_SETEUID */
 
        fatal_add_cleanup(prng_seed_cleanup, NULL);
        atexit(prng_write_seedfile);