mirror of
https://github.com/sheumann/hush.git
synced 2025-01-12 14:30:54 +00:00
1d30b3f1f6
This fixes a narrow security race in crontab. function old new delta xopen_as_uid_gid - 80 +80 seteuid - 64 +64 setegid - 64 +64 setreuid - 37 +37 xseteuid - 22 +22 xsetegid - 22 +22 crontab_main 590 577 -13 setfsuid 33 - -33 setfsgid 33 - -33 wall_main 138 102 -36 open_as_user 109 - -109 text data bss dec hex filename 893539 497 7568 901604 dc1e4 busybox_old 893618 497 7568 901683 dc233 busybox_unstripped Signed-off-by: Ryan Mallon <rmallon@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
64 lines
1.5 KiB
C
64 lines
1.5 KiB
C
/* vi: set sw=4 ts=4: */
|
|
/*
|
|
* wall - write a message to all logged-in users
|
|
* Copyright (c) 2009 Bernhard Reutner-Fischer
|
|
*
|
|
* Licensed under GPLv2 or later, see file LICENSE in this source tree.
|
|
*/
|
|
|
|
//config:config WALL
|
|
//config: bool "wall"
|
|
//config: default y
|
|
//config: depends on FEATURE_UTMP
|
|
//config: help
|
|
//config: Write a message to all users that are logged in.
|
|
|
|
/* Needs to be run by root or be suid root - needs to write to /dev/TTY: */
|
|
//applet:IF_WALL(APPLET(wall, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
|
|
|
|
//kbuild:lib-$(CONFIG_WALL) += wall.o
|
|
|
|
//usage:#define wall_trivial_usage
|
|
//usage: "[FILE]"
|
|
//usage:#define wall_full_usage "\n\n"
|
|
//usage: "Write content of FILE or stdin to all logged-in users"
|
|
//usage:
|
|
//usage:#define wall_sample_usage
|
|
//usage: "echo foo | wall\n"
|
|
//usage: "wall ./mymessage"
|
|
|
|
#include "libbb.h"
|
|
|
|
int wall_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
|
|
int wall_main(int argc UNUSED_PARAM, char **argv)
|
|
{
|
|
struct utmp *ut;
|
|
char *msg;
|
|
int fd;
|
|
|
|
fd = STDIN_FILENO;
|
|
if (argv[1]) {
|
|
/* The applet is setuid.
|
|
* Access to the file must be under user's uid/gid.
|
|
*/
|
|
fd = xopen_as_uid_gid(argv[1], O_RDONLY, getuid(), getgid());
|
|
}
|
|
msg = xmalloc_read(fd, NULL);
|
|
if (ENABLE_FEATURE_CLEAN_UP && argv[1])
|
|
close(fd);
|
|
setutent();
|
|
while ((ut = getutent()) != NULL) {
|
|
char *line;
|
|
if (ut->ut_type != USER_PROCESS)
|
|
continue;
|
|
line = concat_path_file("/dev", ut->ut_line);
|
|
xopen_xwrite_close(line, msg);
|
|
free(line);
|
|
}
|
|
if (ENABLE_FEATURE_CLEAN_UP) {
|
|
endutent();
|
|
free(msg);
|
|
}
|
|
return EXIT_SUCCESS;
|
|
}
|