diff options
| -rw-r--r-- | include/usage.h | 4 | ||||
| -rw-r--r-- | loginutils/su.c | 26 |
2 files changed, 20 insertions, 10 deletions
diff --git a/include/usage.h b/include/usage.h index 81f0e1d6d..e6287c8a3 100644 --- a/include/usage.h +++ b/include/usage.h | |||
| @@ -2814,7 +2814,9 @@ | |||
| 2814 | #define su_full_usage \ | 2814 | #define su_full_usage \ |
| 2815 | "Change user id or become root.\n" \ | 2815 | "Change user id or become root.\n" \ |
| 2816 | "Options:\n" \ | 2816 | "Options:\n" \ |
| 2817 | "\t-p\tPreserve environment" | 2817 | "\t-p, -m\tPreserve environment" \ |
| 2818 | "\n\t-c\tCommand to pass to 'sh -c'" \ | ||
| 2819 | "\n\t-s\tShell to use instead of default shell" | ||
| 2818 | 2820 | ||
| 2819 | #define sulogin_trivial_usage \ | 2821 | #define sulogin_trivial_usage \ |
| 2820 | "[OPTION]... [tty-device]" | 2822 | "[OPTION]... [tty-device]" |
diff --git a/loginutils/su.c b/loginutils/su.c index 3e82d2428..b0227787a 100644 --- a/loginutils/su.c +++ b/loginutils/su.c | |||
| @@ -1,4 +1,7 @@ | |||
| 1 | /* vi: set sw=4 ts=4: */ | 1 | /* vi: set sw=4 ts=4: */ |
| 2 | /* | ||
| 3 | Licensed under the GPL v2, see the file LICENSE in this tarball. | ||
| 4 | */ | ||
| 2 | 5 | ||
| 3 | #include <fcntl.h> | 6 | #include <fcntl.h> |
| 4 | #include <signal.h> | 7 | #include <signal.h> |
| @@ -18,12 +21,15 @@ | |||
| 18 | 21 | ||
| 19 | #include "busybox.h" | 22 | #include "busybox.h" |
| 20 | 23 | ||
| 21 | |||
| 22 | |||
| 23 | /* The shell to run if none is given in the user's passwd entry. */ | 24 | /* The shell to run if none is given in the user's passwd entry. */ |
| 25 | #ifndef DEFAULT_SHELL | ||
| 26 | #define DEFAULT_SHELL "/bin/sh" | ||
| 27 | #endif | ||
| 28 | |||
| 29 | /* Default user. */ | ||
| 24 | #define DEFAULT_USER "root" | 30 | #define DEFAULT_USER "root" |
| 25 | 31 | ||
| 26 | //#define SYSLOG_SUCCESS | 32 | /* #define SYSLOG_SUCCESS */ |
| 27 | #define SYSLOG_FAILURE | 33 | #define SYSLOG_FAILURE |
| 28 | 34 | ||
| 29 | 35 | ||
| @@ -31,7 +37,8 @@ | |||
| 31 | /* Log the fact that someone has run su */ | 37 | /* Log the fact that someone has run su */ |
| 32 | 38 | ||
| 33 | # if defined( SYSLOG_SUCCESS ) && defined( SYSLOG_FAILURE ) | 39 | # if defined( SYSLOG_SUCCESS ) && defined( SYSLOG_FAILURE ) |
| 34 | static void log_su (const char *successful, const char *old_user, const char *tty) | 40 | static void log_su (const char *successful, const char *old_user, |
| 41 | const char *tty) | ||
| 35 | { | 42 | { |
| 36 | syslog ( LOG_NOTICE, "%s%s on %s", successful, old_user, tty); | 43 | syslog ( LOG_NOTICE, "%s%s on %s", successful, old_user, tty); |
| 37 | } | 44 | } |
| @@ -98,7 +105,8 @@ int su_main ( int argc, char **argv ) | |||
| 98 | if ( !old_user ) | 105 | if ( !old_user ) |
| 99 | #endif | 106 | #endif |
| 100 | { | 107 | { |
| 101 | /* getlogin can fail -- usually due to lack of utmp entry. Resort to getpwuid. */ | 108 | /* getlogin can fail -- usually due to lack of utmp entry. |
| 109 | Resort to getpwuid. */ | ||
| 102 | pw = getpwuid ( cur_uid ); | 110 | pw = getpwuid ( cur_uid ); |
| 103 | old_user = ( pw ? pw->pw_name : "" ); | 111 | old_user = ( pw ? pw->pw_name : "" ); |
| 104 | } | 112 | } |
| @@ -116,8 +124,8 @@ int su_main ( int argc, char **argv ) | |||
| 116 | /* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER | 124 | /* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER |
| 117 | is a username that is retrieved via NIS (YP), but that doesn't have | 125 | is a username that is retrieved via NIS (YP), but that doesn't have |
| 118 | a default shell listed. */ | 126 | a default shell listed. */ |
| 119 | if ( !pw-> pw_shell || !pw->pw_shell [0] ) | 127 | if ( !pw->pw_shell || !pw->pw_shell [0] ) |
| 120 | pw-> pw_shell = (char *) DEFAULT_SHELL; | 128 | pw->pw_shell = (char *) DEFAULT_SHELL; |
| 121 | 129 | ||
| 122 | if ((( cur_uid == 0 ) || correct_password ( pw ))) { | 130 | if ((( cur_uid == 0 ) || correct_password ( pw ))) { |
| 123 | log_su_successful(pw->pw_uid, old_user, tty ); | 131 | log_su_successful(pw->pw_uid, old_user, tty ); |
| @@ -133,7 +141,7 @@ int su_main ( int argc, char **argv ) | |||
| 133 | if ( !opt_shell && opt_preserve ) | 141 | if ( !opt_shell && opt_preserve ) |
| 134 | opt_shell = getenv ( "SHELL" ); | 142 | opt_shell = getenv ( "SHELL" ); |
| 135 | 143 | ||
| 136 | if ( opt_shell && cur_uid && restricted_shell ( pw-> pw_shell )) { | 144 | if ( opt_shell && cur_uid && restricted_shell ( pw->pw_shell )) { |
| 137 | /* The user being su'd to has a nonstandard shell, and so is | 145 | /* The user being su'd to has a nonstandard shell, and so is |
| 138 | probably a uucp account or has restricted access. Don't | 146 | probably a uucp account or has restricted access. Don't |
| 139 | compromise the account by allowing access with a standard | 147 | compromise the account by allowing access with a standard |
| @@ -147,7 +155,7 @@ int su_main ( int argc, char **argv ) | |||
| 147 | 155 | ||
| 148 | change_identity ( pw ); | 156 | change_identity ( pw ); |
| 149 | setup_environment ( opt_shell, opt_loginshell, !opt_preserve, pw ); | 157 | setup_environment ( opt_shell, opt_loginshell, !opt_preserve, pw ); |
| 150 | #ifdef CONFIG_SELINUX | 158 | #if ENABLE_SELINUX |
| 151 | set_current_security_context(NULL); | 159 | set_current_security_context(NULL); |
| 152 | #endif | 160 | #endif |
| 153 | run_shell ( opt_shell, opt_loginshell, opt_command, (const char**)opt_args); | 161 | run_shell ( opt_shell, opt_loginshell, opt_command, (const char**)opt_args); |