mirror of
https://github.com/sheumann/hush.git
synced 2024-12-23 05:29:58 +00:00
libbb/login/su: do not sanitize shell name twice
function old new delta setup_environment 191 205 +14 login_main 1002 987 -15 su_main 474 458 -16 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 1/2 up/down: 14/-31) Total: -17 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
parent
41478ade4f
commit
bd74e3d8be
@ -32,6 +32,9 @@
|
||||
|
||||
void FAST_FUNC setup_environment(const char *shell, int flags, const struct passwd *pw)
|
||||
{
|
||||
if (!shell || !shell[0])
|
||||
shell = DEFAULT_SHELL;
|
||||
|
||||
/* Change the current working directory to be the home directory
|
||||
* of the user */
|
||||
if (chdir(pw->pw_dir)) {
|
||||
|
@ -198,7 +198,6 @@ int login_main(int argc UNUSED_PARAM, char **argv)
|
||||
};
|
||||
char *fromhost;
|
||||
char username[USERNAME_SIZE];
|
||||
const char *shell;
|
||||
int run_by_root;
|
||||
unsigned opt;
|
||||
int count = 0;
|
||||
@ -391,10 +390,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
|
||||
run_login_script(pw, full_tty);
|
||||
|
||||
change_identity(pw);
|
||||
shell = pw->pw_shell;
|
||||
if (!shell || !shell[0])
|
||||
shell = DEFAULT_SHELL;
|
||||
setup_environment(shell,
|
||||
setup_environment(pw->pw_shell,
|
||||
(!(opt & LOGIN_OPT_p) * SETUP_ENV_CLEARENV) + SETUP_ENV_CHANGEENV,
|
||||
pw);
|
||||
|
||||
@ -442,7 +438,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
|
||||
signal(SIGINT, SIG_DFL);
|
||||
|
||||
/* Exec login shell with no additional parameters */
|
||||
run_shell(shell, 1, NULL, NULL);
|
||||
run_shell(pw->pw_shell, 1, NULL, NULL);
|
||||
|
||||
/* return EXIT_FAILURE; - not reached */
|
||||
}
|
||||
|
@ -114,20 +114,14 @@ int su_main(int argc UNUSED_PARAM, char **argv)
|
||||
opt_shell = getenv("SHELL");
|
||||
}
|
||||
|
||||
/* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER
|
||||
* is a username that is retrieved via NIS (YP), that doesn't have
|
||||
* a default shell listed. */
|
||||
if (!pw->pw_shell || !pw->pw_shell[0])
|
||||
pw->pw_shell = (char *)DEFAULT_SHELL;
|
||||
|
||||
#if ENABLE_FEATURE_SU_CHECKS_SHELLS
|
||||
if (opt_shell && cur_uid != 0 && restricted_shell(pw->pw_shell)) {
|
||||
if (opt_shell && cur_uid != 0 && pw->pw_shell && restricted_shell(pw->pw_shell)) {
|
||||
/* The user being su'd to has a nonstandard shell, and so is
|
||||
* probably a uucp account or has restricted access. Don't
|
||||
* compromise the account by allowing access with a standard
|
||||
* shell. */
|
||||
bb_error_msg("using restricted shell");
|
||||
opt_shell = NULL;
|
||||
opt_shell = NULL; /* ignore -s PROG */
|
||||
}
|
||||
/* else: user can run whatever he wants via "su -s PROG USER".
|
||||
* This is safe since PROG is run under user's uid/gid. */
|
||||
|
Loading…
Reference in New Issue
Block a user