at(1) sugid fixes

From: Ruslan Ermilov (ru@FreeBSD.org)
Date: 09/03/01 

Date: Mon, 3 Sep 2001 14:35:10 +0300
From: Ruslan Ermilov <ru@FreeBSD.org>
To: security@FreeBSD.org

Hi!

The attached patch fixes at(1) macros that manipulate user
and group IDs of the proccess so that they don't change the
real user and group IDs of the process, and instead use the
saved user and group IDs feature.

The setre[ug]id() calls are still used with the REDUCE_PERM
macro (with the r[ug]id arguments of -1) so that the call
changes the saved user/group ID of the process to that
specified.

That is to say, if the process was initially run ``setuid
root'', the call to ``REDUCE_PERM(1, ...)'' changes the
process's saved-user-ID to that of the user "daemon", and
the process then becomes ``setuid daemon'' (with effective
privileges temporarily relinquished to the real privileges).

Also, the panic() and perr() functions had insufficient
privileges to delete the problematic file under /var/at.

Comments/reviews are welcome.

Cheers, 

-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine
http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message