diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2011-03-06 18:49:40 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2011-03-06 18:49:40 +0100 |
| commit | bd74e3d8beb0fedc4c1fdd9469a9de3f1f04c7b5 (patch) | |
| tree | f1bf618a965c8a3f01811715f4c9684bee767ad0 | |
| parent | 41478ade4f28cbacd954c9663d851c374d33f6b9 (diff) | |
| download | busybox-w32-bd74e3d8beb0fedc4c1fdd9469a9de3f1f04c7b5.tar.gz busybox-w32-bd74e3d8beb0fedc4c1fdd9469a9de3f1f04c7b5.tar.bz2 busybox-w32-bd74e3d8beb0fedc4c1fdd9469a9de3f1f04c7b5.zip | |
libbb/login/su: do not sanitize shell name twice
function old new delta
setup_environment 191 205 +14
login_main 1002 987 -15
su_main 474 458 -16
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/2 up/down: 14/-31) Total: -17 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | libbb/setup_environment.c | 3 | ||||
| -rw-r--r-- | loginutils/login.c | 8 | ||||
| -rw-r--r-- | loginutils/su.c | 10 |
3 files changed, 7 insertions, 14 deletions
diff --git a/libbb/setup_environment.c b/libbb/setup_environment.c index a95fbc5bf..73229ca6c 100644 --- a/libbb/setup_environment.c +++ b/libbb/setup_environment.c | |||
| @@ -32,6 +32,9 @@ | |||
| 32 | 32 | ||
| 33 | void FAST_FUNC setup_environment(const char *shell, int flags, const struct passwd *pw) | 33 | void FAST_FUNC setup_environment(const char *shell, int flags, const struct passwd *pw) |
| 34 | { | 34 | { |
| 35 | if (!shell || !shell[0]) | ||
| 36 | shell = DEFAULT_SHELL; | ||
| 37 | |||
| 35 | /* Change the current working directory to be the home directory | 38 | /* Change the current working directory to be the home directory |
| 36 | * of the user */ | 39 | * of the user */ |
| 37 | if (chdir(pw->pw_dir)) { | 40 | if (chdir(pw->pw_dir)) { |
diff --git a/loginutils/login.c b/loginutils/login.c index 952b3aadd..028a099b6 100644 --- a/loginutils/login.c +++ b/loginutils/login.c | |||
| @@ -198,7 +198,6 @@ int login_main(int argc UNUSED_PARAM, char **argv) | |||
| 198 | }; | 198 | }; |
| 199 | char *fromhost; | 199 | char *fromhost; |
| 200 | char username[USERNAME_SIZE]; | 200 | char username[USERNAME_SIZE]; |
| 201 | const char *shell; | ||
| 202 | int run_by_root; | 201 | int run_by_root; |
| 203 | unsigned opt; | 202 | unsigned opt; |
| 204 | int count = 0; | 203 | int count = 0; |
| @@ -391,10 +390,7 @@ int login_main(int argc UNUSED_PARAM, char **argv) | |||
| 391 | run_login_script(pw, full_tty); | 390 | run_login_script(pw, full_tty); |
| 392 | 391 | ||
| 393 | change_identity(pw); | 392 | change_identity(pw); |
| 394 | shell = pw->pw_shell; | 393 | setup_environment(pw->pw_shell, |
| 395 | if (!shell || !shell[0]) | ||
| 396 | shell = DEFAULT_SHELL; | ||
| 397 | setup_environment(shell, | ||
| 398 | (!(opt & LOGIN_OPT_p) * SETUP_ENV_CLEARENV) + SETUP_ENV_CHANGEENV, | 394 | (!(opt & LOGIN_OPT_p) * SETUP_ENV_CLEARENV) + SETUP_ENV_CHANGEENV, |
| 399 | pw); | 395 | pw); |
| 400 | 396 | ||
| @@ -442,7 +438,7 @@ int login_main(int argc UNUSED_PARAM, char **argv) | |||
| 442 | signal(SIGINT, SIG_DFL); | 438 | signal(SIGINT, SIG_DFL); |
| 443 | 439 | ||
| 444 | /* Exec login shell with no additional parameters */ | 440 | /* Exec login shell with no additional parameters */ |
| 445 | run_shell(shell, 1, NULL, NULL); | 441 | run_shell(pw->pw_shell, 1, NULL, NULL); |
| 446 | 442 | ||
| 447 | /* return EXIT_FAILURE; - not reached */ | 443 | /* return EXIT_FAILURE; - not reached */ |
| 448 | } | 444 | } |
diff --git a/loginutils/su.c b/loginutils/su.c index db303af6d..72dd0f06f 100644 --- a/loginutils/su.c +++ b/loginutils/su.c | |||
| @@ -114,20 +114,14 @@ int su_main(int argc UNUSED_PARAM, char **argv) | |||
| 114 | opt_shell = getenv("SHELL"); | 114 | opt_shell = getenv("SHELL"); |
| 115 | } | 115 | } |
| 116 | 116 | ||
| 117 | /* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER | ||
| 118 | * is a username that is retrieved via NIS (YP), that doesn't have | ||
| 119 | * a default shell listed. */ | ||
| 120 | if (!pw->pw_shell || !pw->pw_shell[0]) | ||
| 121 | pw->pw_shell = (char *)DEFAULT_SHELL; | ||
| 122 | |||
| 123 | #if ENABLE_FEATURE_SU_CHECKS_SHELLS | 117 | #if ENABLE_FEATURE_SU_CHECKS_SHELLS |
| 124 | if (opt_shell && cur_uid != 0 && restricted_shell(pw->pw_shell)) { | 118 | if (opt_shell && cur_uid != 0 && pw->pw_shell && restricted_shell(pw->pw_shell)) { |
| 125 | /* The user being su'd to has a nonstandard shell, and so is | 119 | /* The user being su'd to has a nonstandard shell, and so is |
| 126 | * probably a uucp account or has restricted access. Don't | 120 | * probably a uucp account or has restricted access. Don't |
| 127 | * compromise the account by allowing access with a standard | 121 | * compromise the account by allowing access with a standard |
| 128 | * shell. */ | 122 | * shell. */ |
| 129 | bb_error_msg("using restricted shell"); | 123 | bb_error_msg("using restricted shell"); |
| 130 | opt_shell = NULL; | 124 | opt_shell = NULL; /* ignore -s PROG */ |
| 131 | } | 125 | } |
| 132 | /* else: user can run whatever he wants via "su -s PROG USER". | 126 | /* else: user can run whatever he wants via "su -s PROG USER". |
| 133 | * This is safe since PROG is run under user's uid/gid. */ | 127 | * This is safe since PROG is run under user's uid/gid. */ |