351470: setuid root programs linked with NSPR allow elevation of privilege.
authoralexei.volkov.bugs%sun.com
Thu, 07 Sep 2006 22:58:43 +0000
changeset 3680 67c4cd5cb1c76a89d2a9f574bdfec712783c8d7e
parent 3678 669ea02e90fbd61ee3038947c3b793ebc9861a06
child 3681 d78838abf963474ff4ea8822451534499420f533
push idunknown
push userunknown
push dateunknown
bugs351470
351470: setuid root programs linked with NSPR allow elevation of privilege. patch #1. r=nelson, sr=wtc
pr/src/io/prlog.c
pr/src/misc/prtrace.c
--- a/pr/src/io/prlog.c
+++ b/pr/src/io/prlog.c
@@ -250,16 +250,22 @@ void _PR_InitLog(void)
             }
             /*found:*/
             count = sscanf(&ev[pos], " , %n", &delta);
             pos += delta;
             if (count == EOF) break;
         }
         PR_SetLogBuffering(isSync ? bufSize : 0);
 
+#ifdef XP_UNIX
+        if (getuid() != geteuid()) {
+            return;
+        }
+#endif /* XP_UNIX */
+
         ev = PR_GetEnv("NSPR_LOG_FILE");
         if (ev && ev[0]) {
             if (!PR_SetLogFile(ev)) {
 #ifdef XP_PC
                 char* str = PR_smprintf("Unable to create nspr log file '%s'\n", ev);
                 if (str) {
                     OutputDebugString(str);
                     PR_smprintf_free(str);
@@ -288,20 +294,22 @@ void _PR_LogCleanup(void)
     if (logFile
         && logFile != stdout
         && logFile != stderr
 #ifdef XP_PC
         && logFile != WIN32_DEBUG_FILE
 #endif
         ) {
         fclose(logFile);
+        logFile = NULL;
     }
 #else
     if (logFile && logFile != _pr_stdout && logFile != _pr_stderr) {
         PR_Close(logFile);
+        logFile = NULL;
     }
 #endif
 
     while (lm != NULL) {
         PRLogModuleInfo *next = lm->next;
         free((/*const*/ char *)lm->name);
         PR_Free(lm);
         lm = next;
--- a/pr/src/misc/prtrace.c
+++ b/pr/src/misc/prtrace.c
@@ -40,25 +40,17 @@
 **
 ** Implement the API defined in prtrace.h
 **
 **
 **
 */
 
 #include <string.h>
-#include "prtrace.h"
-#include "prclist.h"
-#include "prlock.h"
-#include "prcvar.h"
-#include "prio.h"
-#include "prlog.h"
-#include "prenv.h"
-#include "prmem.h"
-#include "prerror.h"
+#include "primpl.h"
 
 
 #define DEFAULT_TRACE_BUFSIZE ( 1024 * 1024 )
 #define DEFAULT_BUFFER_SEGMENTS    2
 
 /*
 ** Enumerate states in a RName structure
 */
@@ -692,16 +684,22 @@ static PRFileDesc * InitializeRecording(
         _PR_InitializeTrace();
 
     PR_LOG( lm, PR_LOG_DEBUG,
         ("PR_RecordTraceEntries: begins"));
 
     logLostData = 0; /* reset at entry */
     logState = LogReset;
 
+#ifdef XP_UNIX
+    if (getuid() != geteuid()) {
+        return NULL;
+    }
+#endif /* XP_UNIX */
+
     /* Get the filename for the logfile from the environment */
     logFileName = PR_GetEnv( "NSPR_TRACE_LOG" );
     if ( logFileName == NULL )
     {
         PR_LOG( lm, PR_LOG_ERROR,
             ("RecordTraceEntries: Environment variable not defined. Exiting"));
         return NULL;
     }