diff options
author | Eric Andersen | 2003-07-03 10:07:04 +0000 |
---|---|---|
committer | Eric Andersen | 2003-07-03 10:07:04 +0000 |
commit | 9e48045e45df7e3e205575a4eb3dc39d634b05aa (patch) | |
tree | e8f993dffc34380fbcc54cc858c81da594bdb95b /loginutils | |
parent | c48d49ad988a4163cff7f38ee4bd1f9886d0ed11 (diff) | |
download | busybox-9e48045e45df7e3e205575a4eb3dc39d634b05aa.zip busybox-9e48045e45df7e3e205575a4eb3dc39d634b05aa.tar.gz |
Patch from Russell Coker:
I've attached my latest SE Linux patch for busybox against the latest CVS
version of busybox.
Diffstat (limited to 'loginutils')
-rw-r--r-- | loginutils/login.c | 47 | ||||
-rw-r--r-- | loginutils/su.c | 6 |
2 files changed, 50 insertions, 3 deletions
diff --git a/loginutils/login.c b/loginutils/login.c index e239f42..741d15c 100644 --- a/loginutils/login.c +++ b/loginutils/login.c @@ -16,7 +16,12 @@ #include <time.h> #include "busybox.h" - +#ifdef CONFIG_SELINUX +#include <flask_util.h> +#include <get_sid_list.h> +#include <proc_secure.h> +#include <fs_secure.h> +#endif #ifdef CONFIG_FEATURE_U_W_TMP // import from utmp.c @@ -73,6 +78,10 @@ extern int login_main(int argc, char **argv) int opt_fflag = 0; char *opt_host = 0; int alarmstarted = 0; +#ifdef CONFIG_SELINUX + int flask_enabled = is_flask_enabled(); + security_id_t sid = 0, old_tty_sid, new_tty_sid; +#endif username[0]=0; amroot = ( getuid ( ) == 0 ); @@ -217,6 +226,36 @@ auth_ok: #ifdef CONFIG_FEATURE_U_W_TMP setutmp ( username, tty ); #endif +#ifdef CONFIG_SELINUX + if (flask_enabled) + { + struct stat st; + + if (get_default_sid(username, 0, &sid)) + { + fprintf(stderr, "Unable to get SID for %s\n", username); + exit(1); + } + if (stat_secure(tty, &st, &old_tty_sid)) + { + fprintf(stderr, "stat_secure(%.100s) failed: %.100s\n", tty, strerror(errno)); + return EXIT_FAILURE; + } + if (security_change_sid (sid, old_tty_sid, SECCLASS_CHR_FILE, &new_tty_sid) != 0) + { + fprintf(stderr, "security_change_sid(%.100s) failed: %.100s\n", tty, strerror(errno)); + return EXIT_FAILURE; + } + if(chsid(tty, new_tty_sid) != 0) + { + fprintf(stderr, "chsid(%.100s, %d) failed: %.100s\n", tty, new_tty_sid, strerror(errno)); + return EXIT_FAILURE; + } + } + else + sid = 0; +#endif + if ( *tty != '/' ) snprintf ( full_tty, sizeof( full_tty ) - 1, "/dev/%s", tty); else @@ -239,7 +278,11 @@ auth_ok: if ( pw-> pw_uid == 0 ) syslog ( LOG_INFO, "root login %s\n", fromhost ); - run_shell ( pw-> pw_shell, 1, 0, 0 ); /* exec the shell finally. */ + run_shell ( pw-> pw_shell, 1, 0, 0 +#ifdef CONFIG_SELINUX + , sid +#endif + ); /* exec the shell finally. */ return EXIT_FAILURE; } diff --git a/loginutils/su.c b/loginutils/su.c index 5e40cf2..85f5cbe 100644 --- a/loginutils/su.c +++ b/loginutils/su.c @@ -156,7 +156,11 @@ int su_main ( int argc, char **argv ) change_identity ( pw ); setup_environment ( opt_shell, opt_loginshell, !opt_preserve, pw ); - run_shell ( opt_shell, opt_loginshell, opt_command, (const char**)opt_args ); + run_shell ( opt_shell, opt_loginshell, opt_command, (const char**)opt_args +#ifdef CONFIG_SELINUX + , 0 +#endif + ); return EXIT_FAILURE; } |