mirror of
https://github.com/sheumann/hush.git
synced 2024-10-11 10:23:41 +00:00
login: remove setpgrp call (makes it work from shell prompt again).
login: sanitize stdio descriptors (we are suid, need to be careful!) shrink login and set_environment by ~100 bytes.
This commit is contained in:
parent
831a20f512
commit
0de3c55b42
@ -259,8 +259,8 @@ static ATTRIBUTE_ALWAYS_INLINE char* strchrnul(const char *s, char c) {
|
|||||||
#define HAVE_INTTYPES_H
|
#define HAVE_INTTYPES_H
|
||||||
#define PRIu32 "u"
|
#define PRIu32 "u"
|
||||||
|
|
||||||
/* use legacy setpgrp(pidt_,pid_t) for now. move to platform.c */
|
/* use legacy setpgrp(pid_t,pid_t) for now. move to platform.c */
|
||||||
#define bb_setpgrp do { pid_t __me = getpid(); setpgrp(__me,__me); } while (0)
|
#define bb_setpgrp() do { pid_t __me = getpid(); setpgrp(__me,__me); } while (0)
|
||||||
|
|
||||||
#if !defined ADJ_OFFSET_SINGLESHOT && defined MOD_CLKA && defined MOD_OFFSET
|
#if !defined ADJ_OFFSET_SINGLESHOT && defined MOD_CLKA && defined MOD_OFFSET
|
||||||
#define ADJ_OFFSET_SINGLESHOT (MOD_CLKA | MOD_OFFSET)
|
#define ADJ_OFFSET_SINGLESHOT (MOD_CLKA | MOD_OFFSET)
|
||||||
@ -276,7 +276,7 @@ static ATTRIBUTE_ALWAYS_INLINE char* strchrnul(const char *s, char c) {
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#else
|
#else
|
||||||
#define bb_setpgrp setpgrp()
|
#define bb_setpgrp() setpgrp()
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(__linux__)
|
#if defined(__linux__)
|
||||||
|
@ -7,10 +7,6 @@
|
|||||||
* Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
|
* Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <errno.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include "libbb.h"
|
#include "libbb.h"
|
||||||
|
|
||||||
void bb_info_msg(const char *s, ...)
|
void bb_info_msg(const char *s, ...)
|
||||||
|
@ -28,19 +28,12 @@
|
|||||||
* SUCH DAMAGE.
|
* SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <errno.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <syslog.h>
|
|
||||||
#include <ctype.h>
|
|
||||||
#include "libbb.h"
|
#include "libbb.h"
|
||||||
|
|
||||||
|
/* util-linux manpage says /sbin:/bin:/usr/sbin:/usr/bin,
|
||||||
|
* but I want to save a few bytes here */
|
||||||
#define DEFAULT_LOGIN_PATH "/bin:/usr/bin"
|
static const char DEFAULT_ROOT_LOGIN_PATH[] = "/sbin:/usr/sbin:/bin:/usr/bin";
|
||||||
#define DEFAULT_ROOT_LOGIN_PATH "/usr/sbin:/bin:/usr/bin:/sbin"
|
#define DEFAULT_LOGIN_PATH (DEFAULT_ROOT_LOGIN_PATH + sizeof("/sbin:/usr/sbin"))
|
||||||
|
|
||||||
void setup_environment(const char *shell, int loginshell, int changeenv, const struct passwd *pw)
|
void setup_environment(const char *shell, int loginshell, int changeenv, const struct passwd *pw)
|
||||||
{
|
{
|
||||||
|
@ -181,14 +181,13 @@ prompt:
|
|||||||
|
|
||||||
static void motd(void)
|
static void motd(void)
|
||||||
{
|
{
|
||||||
FILE *fp;
|
int fd;
|
||||||
int c;
|
|
||||||
|
|
||||||
fp = fopen(bb_path_motd_file, "r");
|
fd = open(bb_path_motd_file, O_RDONLY);
|
||||||
if (fp) {
|
if (fd) {
|
||||||
while ((c = getc(fp)) != EOF)
|
fflush(stdout);
|
||||||
putchar(c);
|
bb_copyfd_eof(fd, STDOUT_FILENO);
|
||||||
fclose(fp);
|
close(fd);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -199,7 +198,7 @@ static void alarm_handler(int sig ATTRIBUTE_UNUSED)
|
|||||||
* We don't want to block here */
|
* We don't want to block here */
|
||||||
ndelay_on(1);
|
ndelay_on(1);
|
||||||
ndelay_on(2);
|
ndelay_on(2);
|
||||||
bb_info_msg("\r\nLogin timed out after %d seconds\r", TIMEOUT);
|
printf("\r\nLogin timed out after %d seconds\r\n", TIMEOUT);
|
||||||
exit(EXIT_SUCCESS);
|
exit(EXIT_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -230,6 +229,12 @@ int login_main(int argc, char **argv)
|
|||||||
signal(SIGALRM, alarm_handler);
|
signal(SIGALRM, alarm_handler);
|
||||||
alarm(TIMEOUT);
|
alarm(TIMEOUT);
|
||||||
|
|
||||||
|
/* Mandatory paranoia for suid applet:
|
||||||
|
* ensure that fd# 0,1,2 are opened (at least to /dev/null)
|
||||||
|
* and any extra open fd's are closed.
|
||||||
|
* (The name of the function is misleading. Not daemonizing here.) */
|
||||||
|
bb_daemonize_or_rexec(DAEMON_ONLY_SANITIZE | DAEMON_CLOSE_EXTRA_FDS, NULL);
|
||||||
|
|
||||||
opt = getopt32(argc, argv, "f:h:p", &opt_user, &opt_host);
|
opt = getopt32(argc, argv, "f:h:p", &opt_user, &opt_host);
|
||||||
if (opt & LOGIN_OPT_f) {
|
if (opt & LOGIN_OPT_f) {
|
||||||
if (!amroot)
|
if (!amroot)
|
||||||
@ -261,7 +266,8 @@ int login_main(int argc, char **argv)
|
|||||||
} else
|
} else
|
||||||
snprintf(fromhost, sizeof(fromhost)-1, " on '%.100s'", short_tty);
|
snprintf(fromhost, sizeof(fromhost)-1, " on '%.100s'", short_tty);
|
||||||
|
|
||||||
bb_setpgrp;
|
// Was breaking "login <username>" from shell command line:
|
||||||
|
// bb_setpgrp();
|
||||||
|
|
||||||
openlog(applet_name, LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
|
openlog(applet_name, LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
|
||||||
|
|
||||||
@ -292,7 +298,7 @@ int login_main(int argc, char **argv)
|
|||||||
if (correct_password(pw))
|
if (correct_password(pw))
|
||||||
break;
|
break;
|
||||||
|
|
||||||
auth_failed:
|
auth_failed:
|
||||||
opt &= ~LOGIN_OPT_f;
|
opt &= ~LOGIN_OPT_f;
|
||||||
bb_do_delay(FAIL_DELAY);
|
bb_do_delay(FAIL_DELAY);
|
||||||
puts("Login incorrect");
|
puts("Login incorrect");
|
||||||
@ -343,17 +349,13 @@ auth_failed:
|
|||||||
t_argv[0] = getenv("LOGIN_PRE_SUID_SCRIPT");
|
t_argv[0] = getenv("LOGIN_PRE_SUID_SCRIPT");
|
||||||
if (t_argv[0]) {
|
if (t_argv[0]) {
|
||||||
t_argv[1] = NULL;
|
t_argv[1] = NULL;
|
||||||
setenv("LOGIN_TTY", full_tty, 1);
|
xsetenv("LOGIN_TTY", full_tty);
|
||||||
setenv("LOGIN_USER", pw->pw_name, 1);
|
xsetenv("LOGIN_USER", pw->pw_name);
|
||||||
setenv("LOGIN_UID", utoa(pw->pw_uid), 1);
|
xsetenv("LOGIN_UID", utoa(pw->pw_uid));
|
||||||
setenv("LOGIN_GID", utoa(pw->pw_gid), 1);
|
xsetenv("LOGIN_GID", utoa(pw->pw_gid));
|
||||||
setenv("LOGIN_SHELL", pw->pw_shell, 1);
|
xsetenv("LOGIN_SHELL", pw->pw_shell);
|
||||||
xspawn(argv); /* NOMMU-friendly */
|
xspawn(argv); /* NOMMU-friendly */
|
||||||
unsetenv("LOGIN_TTY");
|
/* All variables are unset by setup_environment */
|
||||||
unsetenv("LOGIN_USER");
|
|
||||||
unsetenv("LOGIN_UID");
|
|
||||||
unsetenv("LOGIN_GID");
|
|
||||||
unsetenv("LOGIN_SHELL");
|
|
||||||
wait(NULL);
|
wait(NULL);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -379,6 +381,9 @@ auth_failed:
|
|||||||
// setsid();
|
// setsid();
|
||||||
// /* TIOCSCTTY: steal tty from other process group */
|
// /* TIOCSCTTY: steal tty from other process group */
|
||||||
// if (ioctl(0, TIOCSCTTY, 1)) error_msg...
|
// if (ioctl(0, TIOCSCTTY, 1)) error_msg...
|
||||||
|
// BBox login used to do this (see above):
|
||||||
|
// bb_setpgrp();
|
||||||
|
// If this stuff is really needed, add it and explain why!
|
||||||
|
|
||||||
/* set signals to defaults */
|
/* set signals to defaults */
|
||||||
signal(SIGALRM, SIG_DFL);
|
signal(SIGALRM, SIG_DFL);
|
||||||
|
Loading…
Reference in New Issue
Block a user