diff options
author | Denys Vlasenko | 2013-10-06 15:14:25 +0200 |
---|---|---|
committer | Denys Vlasenko | 2013-10-06 15:14:25 +0200 |
commit | cd256e1c407aa70dfefb7178ed2c0e4201f1aaf7 (patch) | |
tree | fefa7b99ae531051123281cc5673e0022940de5c | |
parent | 3eab2b7675fc7e2889cd69285a2a31980a4bf504 (diff) | |
download | busybox-cd256e1c407aa70dfefb7178ed2c0e4201f1aaf7.zip busybox-cd256e1c407aa70dfefb7178ed2c0e4201f1aaf7.tar.gz |
wall: access FILE under real user's credentials
While at it, move applet/config/kbuild bits into wall.c.
(This way, it's more visible that applet is suid'ed).
function old new delta
wall_main 87 138 +51
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r-- | include/applets.src.h | 2 | ||||
-rw-r--r-- | miscutils/Config.src | 7 | ||||
-rw-r--r-- | miscutils/Kbuild.src | 1 | ||||
-rw-r--r-- | miscutils/wall.c | 25 |
4 files changed, 24 insertions, 11 deletions
diff --git a/include/applets.src.h b/include/applets.src.h index aa319bb..3a47e15 100644 --- a/include/applets.src.h +++ b/include/applets.src.h @@ -407,8 +407,6 @@ IF_VCONFIG(APPLET(vconfig, BB_DIR_SBIN, BB_SUID_DROP)) /* Needs to be run by root or be suid root - needs to change uid and gid: */ IF_VLOCK(APPLET(vlock, BB_DIR_USR_BIN, BB_SUID_REQUIRE)) IF_VOLNAME(APPLET(volname, BB_DIR_USR_BIN, BB_SUID_DROP)) -/* Needs to be run by root or be suid root - needs to write to /dev/TTY: */ -IF_WALL(APPLET(wall, BB_DIR_USR_BIN, BB_SUID_REQUIRE)) IF_WATCH(APPLET(watch, BB_DIR_BIN, BB_SUID_DROP)) IF_WATCHDOG(APPLET(watchdog, BB_DIR_SBIN, BB_SUID_DROP)) IF_WC(APPLET(wc, BB_DIR_USR_BIN, BB_SUID_DROP)) diff --git a/miscutils/Config.src b/miscutils/Config.src index b9fc196..117ec77 100644 --- a/miscutils/Config.src +++ b/miscutils/Config.src @@ -591,13 +591,6 @@ config VOLNAME help Prints a CD-ROM volume name. -config WALL - bool "wall" - default y - depends on FEATURE_UTMP - help - Write a message to all users that are logged in. - config WATCHDOG bool "watchdog" default y diff --git a/miscutils/Kbuild.src b/miscutils/Kbuild.src index 8c49864..f3954f4 100644 --- a/miscutils/Kbuild.src +++ b/miscutils/Kbuild.src @@ -46,5 +46,4 @@ lib-$(CONFIG_TIME) += time.o lib-$(CONFIG_TIMEOUT) += timeout.o lib-$(CONFIG_TTYSIZE) += ttysize.o lib-$(CONFIG_VOLNAME) += volname.o -lib-$(CONFIG_WALL) += wall.o lib-$(CONFIG_WATCHDOG) += watchdog.o diff --git a/miscutils/wall.c b/miscutils/wall.c index 762f53b..c74f4f2 100644 --- a/miscutils/wall.c +++ b/miscutils/wall.c @@ -6,6 +6,18 @@ * Licensed under GPLv2 or later, see file LICENSE in this source tree. */ +//config:config WALL +//config: bool "wall" +//config: default y +//config: depends on FEATURE_UTMP +//config: help +//config: Write a message to all users that are logged in. + +/* Needs to be run by root or be suid root - needs to write to /dev/TTY: */ +//applet:IF_WALL(APPLET(wall, BB_DIR_USR_BIN, BB_SUID_REQUIRE)) + +//kbuild:lib-$(CONFIG_WALL) += wall.o + //usage:#define wall_trivial_usage //usage: "[FILE]" //usage:#define wall_full_usage "\n\n" @@ -22,8 +34,19 @@ int wall_main(int argc UNUSED_PARAM, char **argv) { struct utmp *ut; char *msg; - int fd = argv[1] ? xopen(argv[1], O_RDONLY) : STDIN_FILENO; + int fd; + fd = STDIN_FILENO; + if (argv[1]) { + /* The applet is setuid. + * Access to the file must be under user's uid/gid. + */ + setfsuid(getuid()); + setfsgid(getgid()); + fd = xopen(argv[1], O_RDONLY); + setfsuid(geteuid()); + setfsgid(getegid()); + } msg = xmalloc_read(fd, NULL); if (ENABLE_FEATURE_CLEAN_UP && argv[1]) close(fd); |