Restore uid and gid before invoking external RSH.

diff --git a/CHANGES b/CHANGES
index ee61a20202f1ee5c5732848be2a9d936e7e8cefb..74e424332cb34a59baf3e9277cd6c36987df48ba 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,4 @@
-$Id: CHANGES,v 1.84 2000/09/26 13:17:42 stelian Exp $
+$Id: CHANGES,v 1.85 2000/11/03 18:28:58 stelian Exp $
 
 Changes between versions 0.4b19 and 0.4b20 (released ???????????????)
 =====================================================================
@@ -34,6 +34,9 @@ Changes between versions 0.4b19 and 0.4b20 (released ???????????????)
 6.     Made dump able to backup files larger than 2 GB. Note that
        dump still doesn't cope with files larger than 4 GB.
 
+7.     Restore the real uid and gid before invoking an external
+       RSH program (big hole when dump or restore is suid root!).
+
 Changes between versions 0.4b18 and 0.4b19 (released August 20, 2000)
 =====================================================================
 

diff --git a/common/dumprmt.c b/common/dumprmt.c
index dbbe618485159856189496c5ef9d4717cb4d1e9f..4f6b3c790e674f224362dd704e39be4631efdf2f 100644 (file)
--- a/common/dumprmt.c
+++ b/common/dumprmt.c
@@ -40,7 +40,7 @@
 
 #ifndef lint
 static const char rcsid[] =
-       "$Id: dumprmt.c,v 1.11 2000/01/21 10:17:41 stelian Exp $";
+       "$Id: dumprmt.c,v 1.12 2000/11/03 18:28:58 stelian Exp $";
 #endif /* not lint */
 
 #ifdef __linux__
@@ -205,6 +205,12 @@ rmtgetconn(void)
                rshcmd[4] = rmt;
                rshcmd[5] = NULL;
 
+               /* Restore the uid and gid. We really don't want
+                * to execute whatever is put into RSH variable with
+                * more priviledges than needed... */
+               setuid(getuid());
+               setgid(getgid());
+
                if ((rshpid = piped_child(rshcmd)) < 0) {
                        msg("cannot open connection\n");
                        return 0;