mirror of
https://github.com/sheumann/hush.git
synced 2025-01-11 08:29:54 +00:00
libbb/login/su: do not sanitize shell name twice
function old new delta setup_environment 191 205 +14 login_main 1002 987 -15 su_main 474 458 -16 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 1/2 up/down: 14/-31) Total: -17 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
parent
41478ade4f
commit
bd74e3d8be
@ -32,6 +32,9 @@
|
|||||||
|
|
||||||
void FAST_FUNC setup_environment(const char *shell, int flags, const struct passwd *pw)
|
void FAST_FUNC setup_environment(const char *shell, int flags, const struct passwd *pw)
|
||||||
{
|
{
|
||||||
|
if (!shell || !shell[0])
|
||||||
|
shell = DEFAULT_SHELL;
|
||||||
|
|
||||||
/* Change the current working directory to be the home directory
|
/* Change the current working directory to be the home directory
|
||||||
* of the user */
|
* of the user */
|
||||||
if (chdir(pw->pw_dir)) {
|
if (chdir(pw->pw_dir)) {
|
||||||
|
@ -198,7 +198,6 @@ int login_main(int argc UNUSED_PARAM, char **argv)
|
|||||||
};
|
};
|
||||||
char *fromhost;
|
char *fromhost;
|
||||||
char username[USERNAME_SIZE];
|
char username[USERNAME_SIZE];
|
||||||
const char *shell;
|
|
||||||
int run_by_root;
|
int run_by_root;
|
||||||
unsigned opt;
|
unsigned opt;
|
||||||
int count = 0;
|
int count = 0;
|
||||||
@ -391,10 +390,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
|
|||||||
run_login_script(pw, full_tty);
|
run_login_script(pw, full_tty);
|
||||||
|
|
||||||
change_identity(pw);
|
change_identity(pw);
|
||||||
shell = pw->pw_shell;
|
setup_environment(pw->pw_shell,
|
||||||
if (!shell || !shell[0])
|
|
||||||
shell = DEFAULT_SHELL;
|
|
||||||
setup_environment(shell,
|
|
||||||
(!(opt & LOGIN_OPT_p) * SETUP_ENV_CLEARENV) + SETUP_ENV_CHANGEENV,
|
(!(opt & LOGIN_OPT_p) * SETUP_ENV_CLEARENV) + SETUP_ENV_CHANGEENV,
|
||||||
pw);
|
pw);
|
||||||
|
|
||||||
@ -442,7 +438,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
|
|||||||
signal(SIGINT, SIG_DFL);
|
signal(SIGINT, SIG_DFL);
|
||||||
|
|
||||||
/* Exec login shell with no additional parameters */
|
/* Exec login shell with no additional parameters */
|
||||||
run_shell(shell, 1, NULL, NULL);
|
run_shell(pw->pw_shell, 1, NULL, NULL);
|
||||||
|
|
||||||
/* return EXIT_FAILURE; - not reached */
|
/* return EXIT_FAILURE; - not reached */
|
||||||
}
|
}
|
||||||
|
@ -114,20 +114,14 @@ int su_main(int argc UNUSED_PARAM, char **argv)
|
|||||||
opt_shell = getenv("SHELL");
|
opt_shell = getenv("SHELL");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER
|
|
||||||
* is a username that is retrieved via NIS (YP), that doesn't have
|
|
||||||
* a default shell listed. */
|
|
||||||
if (!pw->pw_shell || !pw->pw_shell[0])
|
|
||||||
pw->pw_shell = (char *)DEFAULT_SHELL;
|
|
||||||
|
|
||||||
#if ENABLE_FEATURE_SU_CHECKS_SHELLS
|
#if ENABLE_FEATURE_SU_CHECKS_SHELLS
|
||||||
if (opt_shell && cur_uid != 0 && restricted_shell(pw->pw_shell)) {
|
if (opt_shell && cur_uid != 0 && pw->pw_shell && restricted_shell(pw->pw_shell)) {
|
||||||
/* The user being su'd to has a nonstandard shell, and so is
|
/* The user being su'd to has a nonstandard shell, and so is
|
||||||
* probably a uucp account or has restricted access. Don't
|
* probably a uucp account or has restricted access. Don't
|
||||||
* compromise the account by allowing access with a standard
|
* compromise the account by allowing access with a standard
|
||||||
* shell. */
|
* shell. */
|
||||||
bb_error_msg("using restricted shell");
|
bb_error_msg("using restricted shell");
|
||||||
opt_shell = NULL;
|
opt_shell = NULL; /* ignore -s PROG */
|
||||||
}
|
}
|
||||||
/* else: user can run whatever he wants via "su -s PROG USER".
|
/* else: user can run whatever he wants via "su -s PROG USER".
|
||||||
* This is safe since PROG is run under user's uid/gid. */
|
* This is safe since PROG is run under user's uid/gid. */
|
||||||
|
Loading…
x
Reference in New Issue
Block a user