emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wall: access FILE under real user's credentials

Browse Source 
While at it, move applet/config/kbuild bits into wall.c.
(This way, it's more visible that applet is suid'ed).

function                                             old     new   delta
wall_main                                             87     138     +51

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2013-10-06 15:14:25 +02:00
parent 3eab2b7675
commit cd256e1c40
4 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/applets.src.h
View File

@ -407,8 +407,6 @@ IF_VCONFIG(APPLET(vconfig, BB_DIR_SBIN, BB_SUID_DROP))
/* Needs to be run by root or be suid root - needs to change uid and gid: */ /* Needs to be run by root or be suid root - needs to change uid and gid: */
IF_VLOCK(APPLET(vlock, BB_DIR_USR_BIN, BB_SUID_REQUIRE)) IF_VLOCK(APPLET(vlock, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
IF_VOLNAME(APPLET(volname, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_VOLNAME(APPLET(volname, BB_DIR_USR_BIN, BB_SUID_DROP))
/* Needs to be run by root or be suid root - needs to write to /dev/TTY: */
IF_WALL(APPLET(wall, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
IF_WATCH(APPLET(watch, BB_DIR_BIN, BB_SUID_DROP)) IF_WATCH(APPLET(watch, BB_DIR_BIN, BB_SUID_DROP))
IF_WATCHDOG(APPLET(watchdog, BB_DIR_SBIN, BB_SUID_DROP)) IF_WATCHDOG(APPLET(watchdog, BB_DIR_SBIN, BB_SUID_DROP))
IF_WC(APPLET(wc, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_WC(APPLET(wc, BB_DIR_USR_BIN, BB_SUID_DROP))

7
miscutils/Config.src
View File

@ -591,13 +591,6 @@ config VOLNAME
help help
Prints a CD-ROM volume name. Prints a CD-ROM volume name.
config WALL
bool "wall"
default y
depends on FEATURE_UTMP
help
Write a message to all users that are logged in.
config WATCHDOG config WATCHDOG
bool "watchdog" bool "watchdog"
default y default y

1
miscutils/Kbuild.src
View File

@ -46,5 +46,4 @@ lib-$(CONFIG_TIME) += time.o
lib-$(CONFIG_TIMEOUT) += timeout.o lib-$(CONFIG_TIMEOUT) += timeout.o
lib-$(CONFIG_TTYSIZE) += ttysize.o lib-$(CONFIG_TTYSIZE) += ttysize.o
lib-$(CONFIG_VOLNAME) += volname.o lib-$(CONFIG_VOLNAME) += volname.o
lib-$(CONFIG_WALL) += wall.o
lib-$(CONFIG_WATCHDOG) += watchdog.o lib-$(CONFIG_WATCHDOG) += watchdog.o

25
miscutils/wall.c
View File

@ -6,6 +6,18 @@
* Licensed under GPLv2 or later, see file LICENSE in this source tree. * Licensed under GPLv2 or later, see file LICENSE in this source tree.
*/ */
//config:config WALL
//config: bool "wall"
//config: default y
//config: depends on FEATURE_UTMP
//config: help
//config: Write a message to all users that are logged in.
/* Needs to be run by root or be suid root - needs to write to /dev/TTY: */
//applet:IF_WALL(APPLET(wall, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
//kbuild:lib-$(CONFIG_WALL) += wall.o
//usage:#define wall_trivial_usage //usage:#define wall_trivial_usage
//usage: "[FILE]" //usage: "[FILE]"
//usage:#define wall_full_usage "\n\n" //usage:#define wall_full_usage "\n\n"
@ -22,8 +34,19 @@ int wall_main(int argc UNUSED_PARAM, char **argv)
{ {
struct utmp *ut; struct utmp *ut;
char *msg; char *msg;
int fd = argv[1] ? xopen(argv[1], O_RDONLY) : STDIN_FILENO; int fd;
fd = STDIN_FILENO;
if (argv[1]) {
/* The applet is setuid.
* Access to the file must be under user's uid/gid.
*/
setfsuid(getuid());
setfsgid(getgid());
fd = xopen(argv[1], O_RDONLY);
setfsuid(geteuid());
setfsgid(getegid());
}
msg = xmalloc_read(fd, NULL); msg = xmalloc_read(fd, NULL);
if (ENABLE_FEATURE_CLEAN_UP && argv[1]) if (ENABLE_FEATURE_CLEAN_UP && argv[1])
close(fd); close(fd);