aboutsummaryrefslogtreecommitdiff
path: root/libbb
diff options
context:
space:
mode:
authorDenis Vlasenko <vda.linux@googlemail.com>2007-10-29 19:25:45 +0000
committerDenis Vlasenko <vda.linux@googlemail.com>2007-10-29 19:25:45 +0000
commit15ca51e3e2a31efc275b616106244d8ec3f8f773 (patch)
treee54716fcb612a54cfa72564d9ef089eebe92acbd /libbb
parent5a28a25b9dd81e0975532458723c4244ff532e58 (diff)
downloadbusybox-w32-15ca51e3e2a31efc275b616106244d8ec3f8f773.tar.gz
busybox-w32-15ca51e3e2a31efc275b616106244d8ec3f8f773.tar.bz2
busybox-w32-15ca51e3e2a31efc275b616106244d8ec3f8f773.zip
appletlib.c: make it actally follow _BB_SUID_ALWAYS rules
adduser: implement -S and code shrink / fix uid selection *: sanitize getspnam_r use text data bss dec hex filename 777042 974 9676 787692 c04ec busybox_old 776883 974 9676 787533 c044d busybox_unstripped
Diffstat (limited to 'libbb')
-rw-r--r--libbb/appletlib.c9
-rw-r--r--libbb/correct_password.c15
2 files changed, 13 insertions, 11 deletions
diff --git a/libbb/appletlib.c b/libbb/appletlib.c
index 8b1ed8000..4bd60d049 100644
--- a/libbb/appletlib.c
+++ b/libbb/appletlib.c
@@ -459,10 +459,7 @@ static void check_suid(const struct bb_applet *applet)
459 if (sct->m_applet == applet) 459 if (sct->m_applet == applet)
460 goto found; 460 goto found;
461 } 461 }
462 /* default: drop all privileges */ 462 goto check_need_suid;
463 xsetgid(rgid);
464 xsetuid(ruid);
465 return;
466 found: 463 found:
467 m = sct->m_mode; 464 m = sct->m_mode;
468 if (sct->m_uid == ruid) 465 if (sct->m_uid == ruid)
@@ -505,13 +502,13 @@ static void check_suid(const struct bb_applet *applet)
505 } 502 }
506 } 503 }
507#endif 504#endif
505 check_need_suid:
508#endif 506#endif
509
510 if (applet->need_suid == _BB_SUID_ALWAYS) { 507 if (applet->need_suid == _BB_SUID_ALWAYS) {
511 /* Real uid is not 0. If euid isn't 0 too, suid bit 508 /* Real uid is not 0. If euid isn't 0 too, suid bit
512 * is most probably not set on our executable */ 509 * is most probably not set on our executable */
513 if (geteuid()) 510 if (geteuid())
514 bb_error_msg_and_die("applet requires root privileges!"); 511 bb_error_msg_and_die("must be suid to work properly");
515 } else if (applet->need_suid == _BB_SUID_NEVER) { 512 } else if (applet->need_suid == _BB_SUID_NEVER) {
516 xsetgid(rgid); /* drop all privileges */ 513 xsetgid(rgid); /* drop all privileges */
517 xsetuid(ruid); 514 xsetuid(ruid);
diff --git a/libbb/correct_password.c b/libbb/correct_password.c
index f1793cd17..96bb10e0b 100644
--- a/libbb/correct_password.c
+++ b/libbb/correct_password.c
@@ -40,6 +40,11 @@ int correct_password(const struct passwd *pw)
40{ 40{
41 char *unencrypted, *encrypted; 41 char *unencrypted, *encrypted;
42 const char *correct; 42 const char *correct;
43#if ENABLE_FEATURE_SHADOWPASSWDS
44 /* Using _r function to avoid pulling in static buffers */
45 struct spwd spw;
46 char buffer[256];
47#endif
43 48
44 /* fake salt. crypt() can choke otherwise. */ 49 /* fake salt. crypt() can choke otherwise. */
45 correct = "aa"; 50 correct = "aa";
@@ -50,11 +55,11 @@ int correct_password(const struct passwd *pw)
50 correct = pw->pw_passwd; 55 correct = pw->pw_passwd;
51#if ENABLE_FEATURE_SHADOWPASSWDS 56#if ENABLE_FEATURE_SHADOWPASSWDS
52 if ((correct[0] == 'x' || correct[0] == '*') && !correct[1]) { 57 if ((correct[0] == 'x' || correct[0] == '*') && !correct[1]) {
53 /* Using _r function to avoid pulling in static buffers */ 58 /* getspnam_r may return 0 yet set result to NULL.
54 struct spwd spw; 59 * At least glibc 2.4 does this. Be extra paranoid here. */
55 struct spwd *result; 60 struct spwd *result = NULL;
56 char buffer[256]; 61 int r = getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result);
57 correct = (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result)) ? "aa" : spw.sp_pwdp; 62 correct = (r || !result) ? "aa" : result->sp_pwdp;
58 } 63 }
59#endif 64#endif
60 65
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 09:25:28 +0000