diff -N -c -r -X exclude_files squid-1.0.beta2/configure.in squid-1.0.beta2.uid/configure.in *** squid-1.0.beta2/configure.in Sat Apr 20 21:57:16 1996 --- squid-1.0.beta2.uid/configure.in Tue Apr 23 20:15:23 1996 *************** *** 191,197 **** strerror \ sysconf \ syslog \ ! timegm\ ) dnl Need the debugging version of malloc if available --- 191,199 ---- strerror \ sysconf \ syslog \ ! timegm \ ! setresuid \ ! seteuid \ ) dnl Need the debugging version of malloc if available diff -N -c -r -X exclude_files squid-1.0.beta2/include/autoconf.h.in squid-1.0.beta2.uid/include/autoconf.h.in *** squid-1.0.beta2/include/autoconf.h.in Sat Apr 20 21:57:37 1996 --- squid-1.0.beta2.uid/include/autoconf.h.in Tue Apr 23 20:15:23 1996 *************** *** 73,78 **** --- 73,84 ---- /* Define if you have the timegm function. */ #undef HAVE_TIMEGM + /* Define if you have the setresuid function */ + #undef HAVE_SETRESUID + + /* Define if you have the seteuid function */ + #undef HAVE_SETEUID + /* Define if you have the header file. */ #undef HAVE_ALLOCA_H diff -N -c -r -X exclude_files squid-1.0.beta2/src/ftp.c squid-1.0.beta2.uid/src/ftp.c *** squid-1.0.beta2/src/ftp.c Sun Apr 21 00:52:36 1996 --- squid-1.0.beta2.uid/src/ftp.c Tue Apr 23 20:15:23 1996 *************** *** 653,658 **** --- 653,661 ---- return 0; } /* child */ + /* give up all extra priviligies */ + no_suid(); + /* set up stdin,stdout */ dup2(p[0], 0); dup2(fileno(debug_log), 2); close(p[0]); diff -N -c -r -X exclude_files squid-1.0.beta2/src/ipcache.c squid-1.0.beta2.uid/src/ipcache.c *** squid-1.0.beta2/src/ipcache.c Thu Apr 18 01:48:23 1996 --- squid-1.0.beta2.uid/src/ipcache.c Tue Apr 23 20:15:24 1996 *************** *** 159,164 **** --- 159,168 ---- } /* child */ + /* give up extra priviliges */ + no_suid(); + + /* setup filedescriptors */ dup2(cfd, 3); for (fd = getMaxFD(); fd > 3; fd--) { (void) close(fd); diff -N -c -r -X exclude_files squid-1.0.beta2/src/main.c squid-1.0.beta2.uid/src/main.c *** squid-1.0.beta2/src/main.c Sat Apr 20 21:42:20 1996 --- squid-1.0.beta2.uid/src/main.c Tue Apr 23 20:15:24 1996 *************** *** 107,112 **** --- 107,116 ---- void serverConnectionsOpen() { + /* Get our real priviliges */ + get_suid(); + + /* Open server ports */ theAsciiConnection = comm_open(COMM_NONBLOCKING, getAsciiPortNum(), 0, *************** *** 140,145 **** --- 144,152 ---- theUdpConnection); } } + + /* And restore our priviliges to normal */ + check_suid(); } void serverConnectionsClose() *************** *** 221,227 **** malloc_debug(0, malloc_debug_level); #endif ! /* do suid checking here */ check_suid(); if (first_time) { --- 228,234 ---- malloc_debug(0, malloc_debug_level); #endif ! /* do suid checking */ check_suid(); if (first_time) { diff -N -c -r -X exclude_files squid-1.0.beta2/src/tools.c squid-1.0.beta2.uid/src/tools.c *** squid-1.0.beta2/src/tools.c Sat Apr 20 21:42:21 1996 --- squid-1.0.beta2.uid/src/tools.c Tue Apr 23 20:19:07 1996 *************** *** 346,352 **** --- 346,380 ---- } else { setgid(pwd->pw_gid); } + #if defined(HAVE_SETRESUID) + setresuid(pwd->pw_uid,pwd->pw_uid,0); + #elif defined(HAVE_SETEUID) + seteuid(pwd->pw_uid); + #else setuid(pwd->pw_uid); + #endif + } + + void get_suid() + { + #if defined(HAVE_SETRESUID) + setresuid(-1,0,-1); + #else + setuid(0); + #endif + } + + void no_suid() + { + uid_t uid; + check_suid(); + uid=geteuid(); + #if defined(HAVE_SETRESUID) + setresuid(uid,uid,uid); + #else + setuid(0); + setuid(uid); + #endif } void writePidFile() diff -N -c -r -X exclude_files squid-1.0.beta2/src/tools.h squid-1.0.beta2.uid/src/tools.h *** squid-1.0.beta2/src/tools.h Tue Apr 16 07:05:33 1996 --- squid-1.0.beta2.uid/src/tools.h Tue Apr 23 20:15:24 1996 *************** *** 11,16 **** --- 11,18 ---- extern void shut_down _PARAMS((int sig)); extern void sig_child _PARAMS((int sig)); extern void check_suid _PARAMS((void)); + extern void get_suid _PARAMS((void)); + extern void no_suid _PARAMS((void)); extern int daemonize _PARAMS((void)); extern void writePidFile _PARAMS((void)); extern void setMaxFD _PARAMS((void));