351470: setuid root programs linked with NSPR allow elevation of privilege. NSPRPUB_PRE_4_2_CLIENT_BRANCH
authorwtchang%redhat.com
Tue, 12 Sep 2006 00:03:02 +0000
branchNSPRPUB_PRE_4_2_CLIENT_BRANCH
changeset 3690 595fae0b72aa1097324b3014ae192354106242c9
parent 3689 838281707bc1f409e9c08b72e260a8645d1ad024
child 3692 e60b707c5a4dcbdd0f927b8f60be9588c2300ddd
push idunknown
push userunknown
push dateunknown
bugs351470
351470: setuid root programs linked with NSPR allow elevation of privilege. patch #1. r=nelson, sr=wtc Tag: NSPRPUB_PRE_4_2_CLIENT_BRANCH
pr/src/io/prlog.c
pr/src/misc/prtrace.c
--- a/pr/src/io/prlog.c
+++ b/pr/src/io/prlog.c
@@ -250,16 +250,22 @@ void _PR_InitLog(void)
             }
             /*found:*/
             count = sscanf(&ev[pos], " , %n", &delta);
             pos += delta;
             if (count == EOF) break;
         }
         PR_SetLogBuffering(isSync ? bufSize : 0);
 
+#ifdef XP_UNIX
+        if (getuid() != geteuid()) {
+            return;
+        }
+#endif /* XP_UNIX */
+
         ev = PR_GetEnv("NSPR_LOG_FILE");
         if (ev && ev[0]) {
             if (!PR_SetLogFile(ev)) {
 #ifdef XP_PC
                 char* str = PR_smprintf("Unable to create nspr log file '%s'\n", ev);
                 if (str) {
                     OutputDebugString(str);
                     PR_smprintf_free(str);
@@ -288,20 +294,22 @@ void _PR_LogCleanup(void)
     if (logFile
         && logFile != stdout
         && logFile != stderr
 #ifdef XP_PC
         && logFile != WIN32_DEBUG_FILE
 #endif
         ) {
         fclose(logFile);
+        logFile = NULL;
     }
 #else
     if (logFile && logFile != _pr_stdout && logFile != _pr_stderr) {
         PR_Close(logFile);
+        logFile = NULL;
     }
 #endif
 
     while (lm != NULL) {
         PRLogModuleInfo *next = lm->next;
         free((/*const*/ char *)lm->name);
         PR_Free(lm);
         lm = next;
--- a/pr/src/misc/prtrace.c
+++ b/pr/src/misc/prtrace.c
@@ -40,25 +40,17 @@
 **
 ** Implement the API defined in prtrace.h
 **
 **
 **
 */
 
 #include <string.h>
-#include "prtrace.h"
-#include "prclist.h"
-#include "prlock.h"
-#include "prcvar.h"
-#include "prio.h"
-#include "prlog.h"
-#include "prenv.h"
-#include "prmem.h"
-#include "prerror.h"
+#include "primpl.h"
 
 
 #define DEFAULT_TRACE_BUFSIZE ( 1024 * 1024 )
 #define DEFAULT_BUFFER_SEGMENTS    2
 
 /*
 ** Enumerate states in a RName structure
 */
@@ -692,16 +684,22 @@ static PRFileDesc * InitializeRecording(
         _PR_InitializeTrace();
 
     PR_LOG( lm, PR_LOG_DEBUG,
         ("PR_RecordTraceEntries: begins"));
 
     logLostData = 0; /* reset at entry */
     logState = LogReset;
 
+#ifdef XP_UNIX
+    if (getuid() != geteuid()) {
+        return NULL;
+    }
+#endif /* XP_UNIX */
+
     /* Get the filename for the logfile from the environment */
     logFileName = PR_GetEnv( "NSPR_TRACE_LOG" );
     if ( logFileName == NULL )
     {
         PR_LOG( lm, PR_LOG_ERROR,
             ("RecordTraceEntries: Environment variable not defined. Exiting"));
         return NULL;
     }