Index: appl/gssftp/ftpd/ftpd.c

===================================================================

*** appl/gssftp/ftpd/ftpd.c	(revision 18440)

--- appl/gssftp/ftpd/ftpd.c	(working copy)

***************

*** 1367,1373 ****

  			goto bad;

  		sleep(tries);

  	}

! 	(void) krb5_seteuid((uid_t)pw->pw_uid);

  #ifdef IP_TOS

  #ifdef IPTOS_THROUGHPUT

  	on = IPTOS_THROUGHPUT;

--- 1367,1375 ----

  			goto bad;

  		sleep(tries);

  	}

! 	if (krb5_seteuid((uid_t)pw->pw_uid)) {

! 		fatal("seteuid user");

! 	}

  #ifdef IP_TOS

  #ifdef IPTOS_THROUGHPUT

  	on = IPTOS_THROUGHPUT;

***************

*** 1377,1383 ****

  #endif

  	return (fdopen(s, fmode));

  bad:

! 	(void) krb5_seteuid((uid_t)pw->pw_uid);

  	(void) close(s);

  	return (NULL);

  }

--- 1379,1387 ----

  #endif

  	return (fdopen(s, fmode));

  bad:

! 	if (krb5_seteuid((uid_t)pw->pw_uid)) {

! 		fatal("seteuid user");

! 	}

  	(void) close(s);

  	return (NULL);

  }

***************

*** 2186,2192 ****

  		(void) krb5_seteuid((uid_t)pw->pw_uid);

  		goto pasv_error;

  	}

! 	(void) krb5_seteuid((uid_t)pw->pw_uid);

  	len = sizeof(pasv_addr);

  	if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)

  		goto pasv_error;

--- 2190,2198 ----

  		(void) krb5_seteuid((uid_t)pw->pw_uid);

  		goto pasv_error;

  	}

! 	if (krb5_seteuid((uid_t)pw->pw_uid)) {

! 		fatal("seteuid user");

! 	}

  	len = sizeof(pasv_addr);

  	if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)

  		goto pasv_error;

Index: appl/bsd/v4rcp.c

===================================================================

*** appl/bsd/v4rcp.c	(revision 18440)

--- appl/bsd/v4rcp.c	(working copy)

***************

*** 436,442 ****

  			kstream_set_buffer_mode (krem, 0);

  #endif /* KERBEROS && !NOENCRYPTION */

  			(void) response();

! 			(void) setuid(userid);

  			source(--argc, ++argv);

  			exit(errs);

--- 436,445 ----

  			kstream_set_buffer_mode (krem, 0);

  #endif /* KERBEROS && !NOENCRYPTION */

  			(void) response();

! 			if (setuid(userid)) {

! 			    error("rcp: can't setuid(user)\n");

! 			    exit(1);

! 			}

  			source(--argc, ++argv);

  			exit(errs);

***************

*** 452,458 ****

  				krem = kstream_create_from_fd (rem, 0, 0);

  			kstream_set_buffer_mode (krem, 0);

  #endif /* KERBEROS && !NOENCRYPTION */

! 			(void) setuid(userid);

  			sink(--argc, ++argv);

  			exit(errs);

--- 455,464 ----

  				krem = kstream_create_from_fd (rem, 0, 0);

  			kstream_set_buffer_mode (krem, 0);

  #endif /* KERBEROS && !NOENCRYPTION */

! 			if (setuid(userid)) {

! 			    error("rcp: can't setuid(user)\n");

! 			    exit(1);

! 			}

  			sink(--argc, ++argv);

  			exit(errs);

Index: appl/bsd/krcp.c

===================================================================

*** appl/bsd/krcp.c	(revision 18440)

--- appl/bsd/krcp.c	(working copy)

***************

*** 620,626 ****

  		euid = geteuid();

  		if (euid == 0) {

! 		    (void) setuid(0);

  		    if(krb5_seteuid(userid)) {

  			perror("rcp seteuid user"); errs++; exit(errs);

  		    }

--- 620,628 ----

  		euid = geteuid();

  		if (euid == 0) {

! 		    if (setuid(0)) {

! 			perror("rcp setuid 0"); errs++; exit(errs);

! 		    }

  		    if(krb5_seteuid(userid)) {

  			perror("rcp seteuid user"); errs++; exit(errs);

  		    }

***************

*** 638,648 ****

  		  continue;

  		rcmd_stream_init_normal();

  #ifdef HAVE_SETREUID

! 		(void) setreuid(0, userid);

  		sink(1, argv+argc-1);

! 		(void) setreuid(userid, 0);

  #else

! 		(void) setuid(0);

  		if(seteuid(userid)) {

  		  perror("rcp seteuid user"); errs++; exit(errs);

  		}

--- 640,656 ----

  		  continue;

  		rcmd_stream_init_normal();

  #ifdef HAVE_SETREUID

! 		if (setreuid(0, userid)) {

! 		    perror("rcp setreuid 0,user"); errs++; exit(errs);

! 		}

  		sink(1, argv+argc-1);

! 		if (setreuid(userid, 0)) {

! 		    perror("rcp setreuid user,0"); errs++; exit(errs);

! 		}

  #else

! 		if (setuid(0)) {

! 		  perror("rcp setuid 0"); errs++; exit(errs);

! 		}

  		if(seteuid(userid)) {

  		  perror("rcp seteuid user"); errs++; exit(errs);

  		}

Index: appl/bsd/login.c

===================================================================

*** appl/bsd/login.c	(revision 18440)

--- appl/bsd/login.c	(working copy)

***************

*** 1648,1654 ****

  	}

  #endif	/* HAVE_SETLUID */

  #ifdef _IBMR2

!     setuidx(ID_LOGIN, pwd->pw_uid);

  #endif

      /* This call MUST succeed */

--- 1648,1657 ----

  	}

  #endif	/* HAVE_SETLUID */

  #ifdef _IBMR2

!     if (setuidx(ID_LOGIN, pwd->pw_uid) < 0) {

! 	perror("setuidx");

! 	sleepexit(1);

!     };

  #endif

      /* This call MUST succeed */

Index: appl/bsd/krshd.c

===================================================================

*** appl/bsd/krshd.c	(revision 18440)

--- appl/bsd/krshd.c	(working copy)

***************

*** 1403,1411 ****

       * If we're on a system which keeps track of login uids, then

       * set the login uid. 

       */

!     setluid((uid_t) pwd->pw_uid);

  #endif	/* HAVE_SETLUID */

!     (void) setuid((uid_t)pwd->pw_uid);

      /* if TZ is set in the parent, drag it in */

      {

        char **findtz = environ;

--- 1403,1417 ----

       * If we're on a system which keeps track of login uids, then

       * set the login uid. 

       */

!     if (setluid((uid_t) pwd->pw_uid) < 0) {

! 	perror("setluid");

! 	_exit(1);

!     }

  #endif	/* HAVE_SETLUID */

!     if (setuid((uid_t)pwd->pw_uid) < 0) {

! 	perror("setuid");

! 	_exit(1);

!     }

      /* if TZ is set in the parent, drag it in */

      {

        char **findtz = environ;

Index: clients/ksu/main.c

===================================================================

*** clients/ksu/main.c	(revision 18440)

--- clients/ksu/main.c	(working copy)

***************

*** 893,900 ****

      struct stat  st_temp;

      krb5_seteuid(0);

!     krb5_seteuid(target_uid);

!     

      cc_name = krb5_cc_get_name(context, cc);

      if ( ! stat(cc_name, &st_temp)){

  	if ((retval = krb5_cc_destroy(context, cc))){

--- 893,904 ----

      struct stat  st_temp;

      krb5_seteuid(0);

!     if (krb5_seteuid(target_uid) < 0) {

! 	com_err(prog_name, errno,

! 		"while changing to target uid for destroying ccache");

! 	exit(1);

!     }

! 

      cc_name = krb5_cc_get_name(context, cc);

      if ( ! stat(cc_name, &st_temp)){

  	if ((retval = krb5_cc_destroy(context, cc))){

Index: lib/krb4/kuserok.c

===================================================================

*** lib/krb4/kuserok.c	(revision 18440)

--- lib/krb4/kuserok.c	(working copy)

***************

*** 159,167 ****

  	 */

          if(getuid() == 0) {

  	  uid_t old_euid = geteuid();

! 	  seteuid(pwd->pw_uid);

  	  fp = fopen(pbuf, "r");

! 	  seteuid(old_euid);	  

  	  if ((fp) == NULL) {

  	    return(NOTOK);

  	  }

--- 159,169 ----

  	 */

          if(getuid() == 0) {

  	  uid_t old_euid = geteuid();

! 	  if (seteuid(pwd->pw_uid) < 0)

! 	      return NOTOK;

  	  fp = fopen(pbuf, "r");

! 	  if (seteuid(old_euid) < 0)

! 	      return NOTOK;

  	  if ((fp) == NULL) {

  	    return(NOTOK);

  	  }