You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
457 lines
11 KiB
457 lines
11 KiB
6 years ago
|
setuid(), setgid() and other similar calls trigger seccomp on
|
||
|
the Android 9 or higher.
|
||
|
|
||
|
diff -uNr screen-4.6.2/attacher.c screen-4.6.2.mod/attacher.c
|
||
|
--- screen-4.6.2/attacher.c 2017-10-23 14:32:41.000000000 +0300
|
||
|
+++ screen-4.6.2.mod/attacher.c 2018-12-28 13:36:35.969225142 +0200
|
||
|
@@ -191,8 +191,6 @@
|
||
|
if (ret == SIG_POWER_BYE)
|
||
|
{
|
||
|
int ppid;
|
||
|
- if (setgid(real_gid) || setuid(real_uid))
|
||
|
- Panic(errno, "setuid/gid");
|
||
|
if ((ppid = getppid()) > 1)
|
||
|
Kill(ppid, SIGHUP);
|
||
|
exit(0);
|
||
|
@@ -215,13 +213,6 @@
|
||
|
{
|
||
|
real_uid = multi_uid;
|
||
|
eff_uid = own_uid;
|
||
|
-#ifdef HAVE_SETRESUID
|
||
|
- if (setresuid(multi_uid, own_uid, multi_uid))
|
||
|
- Panic(errno, "setresuid");
|
||
|
-#else
|
||
|
- xseteuid(multi_uid);
|
||
|
- xseteuid(own_uid);
|
||
|
-#endif
|
||
|
if (chmod(attach_tty, 0666))
|
||
|
Panic(errno, "chmod %s", attach_tty);
|
||
|
tty_oldmode = tty_mode;
|
||
|
@@ -288,27 +279,7 @@
|
||
|
/* NOTREACHED */
|
||
|
}
|
||
|
}
|
||
|
- /*
|
||
|
- * Go in UserContext. Advantage is, you can kill your attacher
|
||
|
- * when things go wrong. Any disadvantages? jw.
|
||
|
- * Do this before the attach to prevent races!
|
||
|
- */
|
||
|
-#ifdef MULTIUSER
|
||
|
- if (!multiattach)
|
||
|
-#endif
|
||
|
- {
|
||
|
- if (setuid(real_uid))
|
||
|
- Panic(errno, "setuid");
|
||
|
- }
|
||
|
-#if defined(MULTIUSER) && defined(USE_SETEUID)
|
||
|
- else
|
||
|
- {
|
||
|
- /* This call to xsetuid should also set the saved uid */
|
||
|
- xseteuid(real_uid); /* multi_uid, allow backend to send signals */
|
||
|
- }
|
||
|
-#endif
|
||
|
- if (setgid(real_gid))
|
||
|
- Panic(errno, "setgid");
|
||
|
+
|
||
|
eff_uid = real_uid;
|
||
|
eff_gid = real_gid;
|
||
|
|
||
|
@@ -422,12 +393,10 @@
|
||
|
# ifndef USE_SETEUID
|
||
|
close(multipipe[1]);
|
||
|
# else
|
||
|
- xseteuid(own_uid);
|
||
|
if (tty_oldmode >= 0)
|
||
|
if (chmod(attach_tty, tty_oldmode))
|
||
|
Panic(errno, "chmod %s", attach_tty);
|
||
|
tty_oldmode = -1;
|
||
|
- xseteuid(real_uid);
|
||
|
# endif
|
||
|
}
|
||
|
#endif
|
||
|
@@ -506,8 +475,6 @@
|
||
|
#ifdef MULTIUSER
|
||
|
if (tty_oldmode >= 0)
|
||
|
{
|
||
|
- if (setuid(own_uid))
|
||
|
- Panic(errno, "setuid");
|
||
|
chmod(attach_tty, tty_oldmode);
|
||
|
}
|
||
|
#endif
|
||
|
@@ -525,15 +492,6 @@
|
||
|
if (multiattach)
|
||
|
exit(SIG_POWER_BYE);
|
||
|
#endif
|
||
|
- if (setgid(real_gid))
|
||
|
- Panic(errno, "setgid");
|
||
|
-#ifdef MULTIUSER
|
||
|
- if (setuid(own_uid))
|
||
|
- Panic(errno, "setuid");
|
||
|
-#else
|
||
|
- if (setuid(real_uid))
|
||
|
- Panic(errno, "setuid");
|
||
|
-#endif
|
||
|
/* we don't want to disturb init (even if we were root), eh? jw */
|
||
|
if ((ppid = getppid()) > 1)
|
||
|
Kill(ppid, SIGHUP); /* carefully say good bye. jw. */
|
||
|
@@ -703,15 +661,6 @@
|
||
|
LockHup SIGDEFARG
|
||
|
{
|
||
|
int ppid = getppid();
|
||
|
- if (setgid(real_gid))
|
||
|
- Panic(errno, "setgid");
|
||
|
-#ifdef MULTIUSER
|
||
|
- if (setuid(own_uid))
|
||
|
- Panic(errno, "setuid");
|
||
|
-#else
|
||
|
- if (setuid(real_uid))
|
||
|
- Panic(errno, "setuid");
|
||
|
-#endif
|
||
|
if (ppid > 1)
|
||
|
Kill(ppid, SIGHUP);
|
||
|
exit(0);
|
||
|
@@ -737,15 +686,6 @@
|
||
|
if ((pid = fork()) == 0)
|
||
|
{
|
||
|
/* Child */
|
||
|
- if (setgid(real_gid))
|
||
|
- Panic(errno, "setgid");
|
||
|
-#ifdef MULTIUSER
|
||
|
- if (setuid(own_uid))
|
||
|
- Panic(errno, "setuid");
|
||
|
-#else
|
||
|
- if (setuid(real_uid)) /* this should be done already */
|
||
|
- Panic(errno, "setuid");
|
||
|
-#endif
|
||
|
closeallfiles(0); /* important: /etc/shadow may be open */
|
||
|
execl(prg, "SCREEN-LOCK", NULL);
|
||
|
exit(errno);
|
||
|
diff -uNr screen-4.6.2/display.c screen-4.6.2.mod/display.c
|
||
|
--- screen-4.6.2/display.c 2017-10-23 14:32:41.000000000 +0300
|
||
|
+++ screen-4.6.2.mod/display.c 2018-12-28 13:33:47.501212536 +0200
|
||
|
@@ -3769,8 +3769,6 @@
|
||
|
dfp = 0;
|
||
|
}
|
||
|
#endif
|
||
|
- if (setgid(real_gid) || setuid(real_uid))
|
||
|
- Panic(errno, "setuid/setgid");
|
||
|
brktty(D_userfd);
|
||
|
freetty();
|
||
|
close(0);
|
||
|
diff -uNr screen-4.6.2/fileio.c screen-4.6.2.mod/fileio.c
|
||
|
--- screen-4.6.2/fileio.c 2017-10-23 14:32:41.000000000 +0300
|
||
|
+++ screen-4.6.2.mod/fileio.c 2018-12-28 13:37:48.346041974 +0200
|
||
|
@@ -591,11 +591,7 @@
|
||
|
|
||
|
debug2("secfopen(%s, %s)\n", name, mode);
|
||
|
#ifdef USE_SETEUID
|
||
|
- xseteuid(real_uid);
|
||
|
- xsetegid(real_gid);
|
||
|
fi = fopen(name, mode);
|
||
|
- xseteuid(eff_uid);
|
||
|
- xsetegid(eff_gid);
|
||
|
return fi;
|
||
|
|
||
|
#else
|
||
|
@@ -633,11 +629,7 @@
|
||
|
|
||
|
debug3("secopen(%s, 0x%x, 0%03o)\n", name, flags, mode);
|
||
|
#ifdef USE_SETEUID
|
||
|
- xseteuid(real_uid);
|
||
|
- xsetegid(real_gid);
|
||
|
fd = open(name, flags, mode);
|
||
|
- xseteuid(eff_uid);
|
||
|
- xsetegid(eff_gid);
|
||
|
return fd;
|
||
|
#else
|
||
|
if (eff_uid == real_uid)
|
||
|
@@ -715,8 +707,6 @@
|
||
|
close(0);
|
||
|
dup(pi[0]);
|
||
|
closeallfiles(0);
|
||
|
- if (setgid(real_gid) || setuid(real_uid))
|
||
|
- Panic(errno, "printpipe setuid");
|
||
|
|
||
|
#ifdef SIGPIPE
|
||
|
signal(SIGPIPE, SIG_DFL);
|
||
|
@@ -755,10 +745,6 @@
|
||
|
}
|
||
|
closeallfiles(1);
|
||
|
|
||
|
- if (setgid(real_gid) || setuid(real_uid)) {
|
||
|
- close(1);
|
||
|
- Panic(errno, "setuid/setgid");
|
||
|
- }
|
||
|
#ifdef SIGPIPE
|
||
|
signal(SIGPIPE, SIG_DFL);
|
||
|
#endif
|
||
|
diff -uNr screen-4.6.2/misc.c screen-4.6.2.mod/misc.c
|
||
|
--- screen-4.6.2/misc.c 2017-10-23 14:32:41.000000000 +0300
|
||
|
+++ screen-4.6.2.mod/misc.c 2018-12-28 13:38:36.296292600 +0200
|
||
|
@@ -422,15 +422,11 @@
|
||
|
signal(SIGTTIN, SIG_DFL);
|
||
|
signal(SIGTTOU, SIG_DFL);
|
||
|
# endif
|
||
|
- setuid(real_uid);
|
||
|
- setgid(real_gid);
|
||
|
return 1;
|
||
|
default:
|
||
|
return 0;
|
||
|
}
|
||
|
#else
|
||
|
- xseteuid(real_uid);
|
||
|
- xsetegid(real_gid);
|
||
|
return 1;
|
||
|
#endif
|
||
|
}
|
||
|
@@ -445,8 +441,6 @@
|
||
|
else
|
||
|
_exit(val);
|
||
|
#else
|
||
|
- xseteuid(eff_uid);
|
||
|
- xsetegid(eff_gid);
|
||
|
UserSTAT = val;
|
||
|
#endif
|
||
|
}
|
||
|
diff -uNr screen-4.6.2/screen.c screen-4.6.2.mod/screen.c
|
||
|
--- screen-4.6.2/screen.c 2017-10-23 14:32:41.000000000 +0300
|
||
|
+++ screen-4.6.2.mod/screen.c 2018-12-28 13:55:33.318060361 +0200
|
||
|
@@ -976,14 +976,6 @@
|
||
|
}
|
||
|
#endif
|
||
|
|
||
|
-#define SET_GUID() do \
|
||
|
- { \
|
||
|
- setgid(real_gid); \
|
||
|
- setuid(real_uid); \
|
||
|
- eff_uid = real_uid; \
|
||
|
- eff_gid = real_gid; \
|
||
|
- } while (0)
|
||
|
-
|
||
|
if (home == 0 || *home == '\0')
|
||
|
home = ppp->pw_dir;
|
||
|
if (strlen(LoginName) > MAXLOGINLEN)
|
||
|
@@ -1175,7 +1167,6 @@
|
||
|
real_uid = multi_uid;
|
||
|
#endif
|
||
|
|
||
|
- SET_GUID();
|
||
|
i = FindSocket((int *)NULL, &fo, &oth, SockMatch, &sock);
|
||
|
if (quietflag) {
|
||
|
if (rflag)
|
||
|
@@ -1194,7 +1185,6 @@
|
||
|
SetTtyname(false, &st);
|
||
|
if (!*av)
|
||
|
Panic(0, "Please specify a command.");
|
||
|
- SET_GUID();
|
||
|
SendCmdMessage(sty, SockMatch, av, queryflag >= 0);
|
||
|
exit(0);
|
||
|
}
|
||
|
@@ -1221,7 +1211,6 @@
|
||
|
if (!SockMatch && !mflag && sty) {
|
||
|
/* attach_tty is not mandatory */
|
||
|
SetTtyname(false, &st);
|
||
|
- SET_GUID();
|
||
|
nwin_options.args = av;
|
||
|
SendCreateMsg(sty, &nwin);
|
||
|
exit(0);
|
||
|
@@ -1255,7 +1244,6 @@
|
||
|
socknamebuf[NAME_MAX] = 0;
|
||
|
#endif
|
||
|
sprintf(SockPath + strlen(SockPath), "/%s", socknamebuf);
|
||
|
- SET_GUID();
|
||
|
Attacher();
|
||
|
/* NOTREACHED */
|
||
|
}
|
||
|
@@ -1647,8 +1635,6 @@
|
||
|
#if defined(SYSVSIGS) && defined(SIGHASARG)
|
||
|
signal(sigsig, SIG_IGN);
|
||
|
#endif
|
||
|
- setgid(getgid());
|
||
|
- setuid(getuid());
|
||
|
unlink("core");
|
||
|
|
||
|
#ifdef SIGHASARG
|
||
|
@@ -1803,15 +1789,7 @@
|
||
|
|
||
|
if (ServerSocket != -1) {
|
||
|
debug1("we unlink(%s)\n", SockPath);
|
||
|
-#ifdef USE_SETEUID
|
||
|
- xseteuid(real_uid);
|
||
|
- xsetegid(real_gid);
|
||
|
-#endif
|
||
|
(void) unlink(SockPath);
|
||
|
-#ifdef USE_SETEUID
|
||
|
- xseteuid(eff_uid);
|
||
|
- xsetegid(eff_gid);
|
||
|
-#endif
|
||
|
}
|
||
|
|
||
|
for (display = displays; display; display = display->d_next) {
|
||
|
@@ -1840,8 +1818,6 @@
|
||
|
debug("eexit\n");
|
||
|
if (ServerSocket != -1) {
|
||
|
debug1("we unlink(%s)\n", SockPath);
|
||
|
- setgid(real_gid);
|
||
|
- setuid(real_uid);
|
||
|
(void) unlink(SockPath);
|
||
|
}
|
||
|
exit(e);
|
||
|
@@ -2152,14 +2128,6 @@
|
||
|
}
|
||
|
#ifdef MULTIUSER
|
||
|
if (tty_oldmode >= 0) {
|
||
|
-
|
||
|
-# ifdef USE_SETEUID
|
||
|
- if (setuid(own_uid))
|
||
|
- xseteuid(own_uid); /* may be a loop. sigh. */
|
||
|
-# else
|
||
|
- setuid(own_uid);
|
||
|
-# endif
|
||
|
-
|
||
|
debug1("Panic: changing back modes from %s\n", attach_tty);
|
||
|
chmod(attach_tty, tty_oldmode);
|
||
|
}
|
||
|
diff -uNr screen-4.6.2/socket.c screen-4.6.2.mod/socket.c
|
||
|
--- screen-4.6.2/socket.c 2017-10-23 14:32:41.000000000 +0300
|
||
|
+++ screen-4.6.2.mod/socket.c 2018-12-28 13:41:48.932302337 +0200
|
||
|
@@ -164,11 +164,6 @@
|
||
|
*/
|
||
|
sdirlen = strlen(SockPath);
|
||
|
|
||
|
-#ifdef USE_SETEUID
|
||
|
- xseteuid(real_uid);
|
||
|
- xsetegid(real_gid);
|
||
|
-#endif
|
||
|
-
|
||
|
if ((dirp = opendir(SockPath)) == 0)
|
||
|
Panic(errno, "Cannot opendir %s", SockPath);
|
||
|
|
||
|
@@ -262,11 +257,6 @@
|
||
|
slisttail = &sent->next;
|
||
|
nfound++;
|
||
|
sockfd = MakeClientSocket(0, *is_sock);
|
||
|
-#ifdef USE_SETEUID
|
||
|
- /* MakeClientSocket sets ids back to eff */
|
||
|
- xseteuid(real_uid);
|
||
|
- xsetegid(real_gid);
|
||
|
-#endif
|
||
|
if (sockfd == -1)
|
||
|
{
|
||
|
debug2(" MakeClientSocket failed, unreachable? %d %d\n",
|
||
|
@@ -412,10 +402,6 @@
|
||
|
free(sent->name);
|
||
|
free((char *)sent);
|
||
|
}
|
||
|
-#ifdef USE_SETEUID
|
||
|
- xseteuid(eff_uid);
|
||
|
- xsetegid(eff_gid);
|
||
|
-#endif
|
||
|
if (notherp)
|
||
|
*notherp = npriv;
|
||
|
if (nfoundp)
|
||
|
@@ -430,10 +416,6 @@
|
||
|
register int s;
|
||
|
struct stat st;
|
||
|
|
||
|
-#ifdef USE_SETEUID
|
||
|
- xseteuid(real_uid);
|
||
|
- xsetegid(real_gid);
|
||
|
-#endif
|
||
|
s = open(SockPath, O_WRONLY | O_NONBLOCK);
|
||
|
if (s >= 0)
|
||
|
{
|
||
|
@@ -472,9 +454,6 @@
|
||
|
if (s < 0)
|
||
|
Panic(errno, "open fifo %s", SockPath);
|
||
|
|
||
|
- xseteuid(eff_uid);
|
||
|
- xsetegid(eff_gid);
|
||
|
-
|
||
|
return s;
|
||
|
|
||
|
# else /* !USE_SETEUID */
|
||
|
@@ -533,10 +512,6 @@
|
||
|
strncpy(a.sun_path, SockPath, sizeof(a.sun_path));
|
||
|
a.sun_path[sizeof(a.sun_path) - 1] = 0;
|
||
|
|
||
|
-# ifdef USE_SETEUID
|
||
|
- xseteuid(real_uid);
|
||
|
- xsetegid(real_gid);
|
||
|
-# endif
|
||
|
if (connect(s, (struct sockaddr *) &a, strlen(SockPath) + 2) != -1)
|
||
|
{
|
||
|
debug("oooooh! socket already is alive!\n");
|
||
|
@@ -594,10 +569,6 @@
|
||
|
fcntl(s, F_SETOWN, getpid());
|
||
|
debug1("Serversocket owned by %d\n", fcntl(s, F_GETOWN, 0));
|
||
|
#endif /* F_SETOWN */
|
||
|
-#ifdef USE_SETEUID
|
||
|
- xseteuid(eff_uid);
|
||
|
- xsetegid(eff_gid);
|
||
|
-#endif
|
||
|
return s;
|
||
|
}
|
||
|
|
||
|
@@ -615,10 +586,6 @@
|
||
|
a.sun_family = AF_UNIX;
|
||
|
strncpy(a.sun_path, SockPath, sizeof(a.sun_path));
|
||
|
a.sun_path[sizeof(a.sun_path) - 1] = 0;
|
||
|
-#ifdef USE_SETEUID
|
||
|
- xseteuid(real_uid);
|
||
|
- xsetegid(real_gid);
|
||
|
-#else
|
||
|
if (access(SockPath, W_OK))
|
||
|
{
|
||
|
if (err)
|
||
|
@@ -627,7 +594,6 @@
|
||
|
close(s);
|
||
|
return -1;
|
||
|
}
|
||
|
-#endif
|
||
|
if (connect(s, (struct sockaddr *)&a, strlen(SockPath) + 2) == -1)
|
||
|
{
|
||
|
if (err)
|
||
|
@@ -636,10 +602,6 @@
|
||
|
close(s);
|
||
|
s = -1;
|
||
|
}
|
||
|
-#ifdef USE_SETEUID
|
||
|
- xseteuid(eff_uid);
|
||
|
- xsetegid(eff_gid);
|
||
|
-#endif
|
||
|
return s;
|
||
|
}
|
||
|
|
||
|
diff -uNr screen-4.6.2/termcap.c screen-4.6.2.mod/termcap.c
|
||
|
--- screen-4.6.2/termcap.c 2017-10-23 14:32:41.000000000 +0300
|
||
|
+++ screen-4.6.2.mod/termcap.c 2018-12-28 13:42:17.886548054 +0200
|
||
|
@@ -1334,15 +1334,7 @@
|
||
|
{
|
||
|
int r;
|
||
|
|
||
|
-#ifdef USE_SETEUID
|
||
|
- xseteuid(real_uid);
|
||
|
- xsetegid(real_gid);
|
||
|
-#endif
|
||
|
r = tgetent(bp, name);
|
||
|
-#ifdef USE_SETEUID
|
||
|
- xseteuid(eff_uid);
|
||
|
- xsetegid(eff_gid);
|
||
|
-#endif
|
||
|
return r;
|
||
|
}
|
||
|
|
||
|
diff -uNr screen-4.6.2/window.c screen-4.6.2.mod/window.c
|
||
|
--- screen-4.6.2/window.c 2017-10-23 14:32:41.000000000 +0300
|
||
|
+++ screen-4.6.2.mod/window.c 2018-12-28 13:35:35.264541270 +0200
|
||
|
@@ -1268,8 +1268,6 @@
|
||
|
#endif
|
||
|
|
||
|
displays = 0; /* beware of Panic() */
|
||
|
- if (setgid(real_gid) || setuid(real_uid))
|
||
|
- Panic(errno, "Setuid/gid");
|
||
|
eff_uid = real_uid;
|
||
|
eff_gid = real_gid;
|
||
|
#ifdef PSEUDOS
|