emo/shadow

Go to file

Samanta Navarro a116e20c76 su: Prevent stack overflow in check_perms

This is no real world security fix.

The overflow could occur if too many layered subsystems are encountered
because the function check_perms calls itself recursively.

It would already take a misconfigured system for this to achieve it.

Use an iterative approach by calling the do_check_perms in a loop
instead of calling itself recursively.

As a side note: At least GCC 13 optimized this code and already uses
a jmp in its assembler code. I could only see the stack overflow by
activating address sanitizer which prevented the optimization.

Co-developed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Samanta Navarro <ferivoz@riseup.net>

2023-05-25 08:25:42 -05:00

.builds

CI: add libbsd and pkg-config dependencies

2022-11-28 09:07:41 -06:00

.github

CI: Make build logs more readable

2023-04-18 09:21:09 +02:00

contrib

Remove superfluous casts

2023-02-09 10:03:03 -06:00

doc

doc: add contributions introduction

2023-04-03 10:42:22 -05:00

docs

fix spelling and unify whitespace

2021-08-18 18:06:02 +00:00

etc

run_parts for groupadd and groupdel

2023-04-26 17:38:24 -05:00

lib

def_load: avoid NULL deref

2023-05-22 10:23:12 +02:00

libmisc

subsystem: Prevent endless loop

2023-05-25 08:25:42 -05:00

libsubid

Remove superfluous casts

2023-02-09 10:03:03 -06:00

man

Update German translations

2023-05-11 11:05:59 -05:00

Update French translations

2023-05-15 08:42:40 -05:00

CI: Make build logs more readable

2023-04-18 09:21:09 +02:00

src

su: Prevent stack overflow in check_perms

2023-05-25 08:25:42 -05:00

tests

fix typos

2023-04-26 17:35:58 -05:00

.editorconfig

Add .editorconfig

2023-03-02 16:33:06 -06:00

.gitignore

Show libsubid api version in subid.h

2021-12-05 08:02:57 -06:00

.travis.yml

CI: Make build logs more readable

2023-04-18 09:21:09 +02:00

acinclude.m4

configure: replace obsolete autoconf macros

2022-05-10 09:55:18 +02:00

AUTHORS.md

Update AUTHORS to add Marek Michałkiewicz

2023-04-24 09:01:22 +02:00

autogen.sh

undo accidental autogen.sh commit: enable-shared

2021-11-27 14:56:03 -06:00

ChangeLog

fix typos

2023-04-26 17:35:58 -05:00

configure.ac

libmisc/yesno.c: Use getline(3) and rpmatch(3)

2023-04-26 17:32:47 -05:00

COPYING

Update licensing info

2021-12-23 19:36:50 -06:00

Makefile.am

fix spelling and unify whitespace

2021-08-18 18:06:02 +00:00

NEWS

fix typos

2023-04-26 17:35:58 -05:00

README

Add README as symlink to README.md

2021-12-19 14:09:08 -06:00

README.md

README: add reference to contribution guidelines

2023-04-03 10:42:22 -05:00

SECURITY.md

SECURITY.md: add Iker Pedrosa

2023-03-20 10:54:45 -05:00

shadow.spec.in

* shadow.spec.in: Fix the source (new FTP).

2008-08-31 17:30:45 +00:00

TODO

fix spelling and unify whitespace

2021-08-18 18:06:02 +00:00

README.md

shadow-utils

Introduction

The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates a passwd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel, and usermod commands are used for managing user accounts. The groupadd, groupdel, and groupmod commands are used for managing group accounts.

Sites

Contacts

There are several ways to contact us:

the general discussion mailing list
the #shadow IRC channel on libera.chat:
- irc://irc.libera.chat/shadow

Mailing archives

the general discussion mailing list archive
the commit mailing list archive, only used for historical purposes

Contributions

Contributions are welcome. Follow the guidelines before posting any patches.

Authors and maintainers

Authors and maintainers are listed in AUTHORS.md.

Languages

Shell 57.1%

C 40.6%

M4 0.9%

Yacc 0.8%

Makefile 0.4%

Other 0.1%