summaryrefslogtreecommitdiff
path: root/loginutils
diff options
context:
space:
mode:
authorEric Andersen2003-07-03 10:07:04 +0000
committerEric Andersen2003-07-03 10:07:04 +0000
commit9e48045e45df7e3e205575a4eb3dc39d634b05aa (patch)
treee8f993dffc34380fbcc54cc858c81da594bdb95b /loginutils
parentc48d49ad988a4163cff7f38ee4bd1f9886d0ed11 (diff)
downloadbusybox-9e48045e45df7e3e205575a4eb3dc39d634b05aa.zip
busybox-9e48045e45df7e3e205575a4eb3dc39d634b05aa.tar.gz
Patch from Russell Coker:
I've attached my latest SE Linux patch for busybox against the latest CVS version of busybox.
Diffstat (limited to 'loginutils')
-rw-r--r--loginutils/login.c47
-rw-r--r--loginutils/su.c6
2 files changed, 50 insertions, 3 deletions
diff --git a/loginutils/login.c b/loginutils/login.c
index e239f42..741d15c 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -16,7 +16,12 @@
#include <time.h>
#include "busybox.h"
-
+#ifdef CONFIG_SELINUX
+#include <flask_util.h>
+#include <get_sid_list.h>
+#include <proc_secure.h>
+#include <fs_secure.h>
+#endif
#ifdef CONFIG_FEATURE_U_W_TMP
// import from utmp.c
@@ -73,6 +78,10 @@ extern int login_main(int argc, char **argv)
int opt_fflag = 0;
char *opt_host = 0;
int alarmstarted = 0;
+#ifdef CONFIG_SELINUX
+ int flask_enabled = is_flask_enabled();
+ security_id_t sid = 0, old_tty_sid, new_tty_sid;
+#endif
username[0]=0;
amroot = ( getuid ( ) == 0 );
@@ -217,6 +226,36 @@ auth_ok:
#ifdef CONFIG_FEATURE_U_W_TMP
setutmp ( username, tty );
#endif
+#ifdef CONFIG_SELINUX
+ if (flask_enabled)
+ {
+ struct stat st;
+
+ if (get_default_sid(username, 0, &sid))
+ {
+ fprintf(stderr, "Unable to get SID for %s\n", username);
+ exit(1);
+ }
+ if (stat_secure(tty, &st, &old_tty_sid))
+ {
+ fprintf(stderr, "stat_secure(%.100s) failed: %.100s\n", tty, strerror(errno));
+ return EXIT_FAILURE;
+ }
+ if (security_change_sid (sid, old_tty_sid, SECCLASS_CHR_FILE, &new_tty_sid) != 0)
+ {
+ fprintf(stderr, "security_change_sid(%.100s) failed: %.100s\n", tty, strerror(errno));
+ return EXIT_FAILURE;
+ }
+ if(chsid(tty, new_tty_sid) != 0)
+ {
+ fprintf(stderr, "chsid(%.100s, %d) failed: %.100s\n", tty, new_tty_sid, strerror(errno));
+ return EXIT_FAILURE;
+ }
+ }
+ else
+ sid = 0;
+#endif
+
if ( *tty != '/' )
snprintf ( full_tty, sizeof( full_tty ) - 1, "/dev/%s", tty);
else
@@ -239,7 +278,11 @@ auth_ok:
if ( pw-> pw_uid == 0 )
syslog ( LOG_INFO, "root login %s\n", fromhost );
- run_shell ( pw-> pw_shell, 1, 0, 0 ); /* exec the shell finally. */
+ run_shell ( pw-> pw_shell, 1, 0, 0
+#ifdef CONFIG_SELINUX
+ , sid
+#endif
+ ); /* exec the shell finally. */
return EXIT_FAILURE;
}
diff --git a/loginutils/su.c b/loginutils/su.c
index 5e40cf2..85f5cbe 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -156,7 +156,11 @@ int su_main ( int argc, char **argv )
change_identity ( pw );
setup_environment ( opt_shell, opt_loginshell, !opt_preserve, pw );
- run_shell ( opt_shell, opt_loginshell, opt_command, (const char**)opt_args );
+ run_shell ( opt_shell, opt_loginshell, opt_command, (const char**)opt_args
+#ifdef CONFIG_SELINUX
+ , 0
+#endif
+ );
return EXIT_FAILURE;
}