commit e2764fac19ab02a6cca0d5a1a9411271904e0906
from: Omar Polo <op@omarpolo.com>
date: Fri Sep 30 10:14:13 2022 UTC

checks/compats for setres{gid,uid}

commit - 8eb6aff83027bd30cfb899de1e71885de52ed93c
commit + e2764fac19ab02a6cca0d5a1a9411271904e0906
blob - /dev/null
blob + ec625cd0abbff37a6be1700a1cd73e0f67bd2079 (mode 644)
--- /dev/null
+++ compat/setresgid.c
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2004, 2005 Darren Tucker (dtucker at zip com au).
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <unistd.h>
+
+int
+setresgid(gid_t rgid, gid_t egid, gid_t sgid)
+{
+	/* this is the only configuration tested */
+
+	if (rgid != egid || egid != sgid)
+		return -1;
+
+	if (setregid(rgid, egid) == -1)
+		return -1;
+
+	return 0;
+}
blob - /dev/null
blob + a033d99ab249e10501c2f99de973d2d3242757f8 (mode 644)
--- /dev/null
+++ compat/setresuid.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2004, 2005 Darren Tucker (dtucker at zip com au).
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <unistd.h>
+
+int
+setresuid(uid_t ruid, uid_t euid, uid_t suid)
+{
+	uid_t ouid;
+	int ret = -1;
+
+	/* Allow only the tested configuration. */
+
+	if (ruid != euid || euid != suid) {
+		errno = ENOSYS;
+		return -1;
+	}
+	ouid = getuid();
+
+	if ((ret = setreuid(euid, euid)) == -1)
+		return -1;
+
+	/*
+	 * When real, effective and saved uids are the same and we have
+	 * changed uids, sanity check that we cannot restore the old uid.
+	 */
+
+	if (ruid == euid && euid == suid && ouid != ruid &&
+	    setuid(ouid) != -1 && seteuid(ouid) != -1) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	/*
+	 * Finally, check that the real and effective uids are what we
+	 * expect.
+	 */
+	if (getuid() != ruid || geteuid() != euid) {
+		errno = EACCES;
+		return -1;
+	}
+
+	return ret;
+}
blob - 95a52eb12f4f78290f3b7f20c69738ed72db549e
blob + 6452b2bf184aa60b92f3c0f69f6f9e3e50b52dcc
--- compat/unistd.h
+++ compat/unistd.h
@@ -17,3 +17,11 @@ int	getdtablecount(void);
 #if !HAVE_GETDTABLESIZE
 int	getdtablesize(void);
 #endif
+
+#if !HAVE_SETRESGID
+int	setresgid(gid_t, gid_t, gid_t);
+#endif
+
+#if !HAVE_SETRESUID
+int	setresuid(uid_t, uid_t, uid_t);
+#endif
blob - e049bdcf44d10dd480ab5575fd803ba5307ab2f6
blob + eb08a267a79ff6bdd8d6b40b52e2bd437bd72d27
--- configure
+++ configure
@@ -150,6 +150,8 @@ HAVE_REALLOCARRAY=
 HAVE_RECALLOCARRAY=
 HAVE_SETGROUPS=
 HAVE_SETPROCTITLE=
+HAVE_SETRESGID=
+HAVE_SETRESUID=
 HAVE_STRLCAT=
 HAVE_STRLCPY=
 HAVE_STRTONUM=
@@ -273,6 +275,8 @@ runtest reallocarray	REALLOCARRAY -D_OPENBSD_SOURCE		|
 runtest recallocarray	RECALLOCARRAY -D_OPENBSD_SOURCE		|| true
 runtest setgroups	SETGROUPS -D_BSD_SOURCE			|| true
 runtest setproctitle	SETPROCTITLE				|| true
+runtest setresgid	SETRESGID -D_GNU_SOURCE			|| true
+runtest setresuid	SETRESUID -D_GNU_SOURCE			|| true
 runtest strlcat		STRLCAT					|| true
 runtest strlcpy		STRLCPY					|| true
 runtest strtonum	STRTONUM				|| true
@@ -362,6 +366,8 @@ cat <<EOF
 #define HAVE_RECALLOCARRAY	${HAVE_RECALLOCARRAY}
 #define HAVE_SETGROUPS		${HAVE_SETGROUPS}
 #define HAVE_SETPROCTITLE	${HAVE_SETPROCTITLE}
+#define HAVE_SETRESGID		${HAVE_SETRESGID}
+#define HAVE_SETRESUID		${HAVE_SETRESUID}
 #define HAVE_STRLCAT		${HAVE_STRLCAT}
 #define HAVE_STRLCPY		${HAVE_STRLCPY}
 #define HAVE_STRTONUM		${HAVE_STRTONUM}
blob - /dev/null
blob + 616458f82280192cdb500175616ed252dfe19928 (mode 644)
--- /dev/null
+++ tests/setresgid.c
@@ -0,0 +1,8 @@
+#include <sys/types.h>
+#include <unistd.h>
+
+int
+main(void)
+{
+	return setresgid(-1, -1, -1) == -1;
+}
blob - /dev/null
blob + 0f3f65c864ef1d839583399c33676500daf4c72a (mode 644)
--- /dev/null
+++ tests/setresuid.c
@@ -0,0 +1,8 @@
+#include <sys/types.h>
+#include <unistd.h>
+
+int
+main(void)
+{
+	return setresuid(-1, -1, -1) == -1;
+}