summaryrefslogtreecommitdiff
path: root/loginutils
diff options
context:
space:
mode:
authorDenys Vlasenko2010-02-26 10:01:18 +0100
committerDenys Vlasenko2010-02-26 10:01:18 +0100
commit26ffe81188a5555824bc86b1953517f7ba4524a9 (patch)
tree79b05ca36349747f5bf5eee0cfcf87a29db5f233 /loginutils
parentfd686a262fa34b71900b010b4b31d7e2e3f3385c (diff)
downloadbusybox-26ffe81188a5555824bc86b1953517f7ba4524a9.zip
busybox-26ffe81188a5555824bc86b1953517f7ba4524a9.tar.gz
su: move restricted_shell into su.c (the only user)
function old new delta su_main 448 468 +20 buffer_fill_and_print 179 196 +17 scriptreplay_main 205 208 +3 localcmd 275 277 +2 hash_find 233 234 +1 devmem_main 469 463 -6 install_main 724 716 -8 setusershell 11 - -11 find_pair 187 169 -18 restricted_shell 49 - -49 ------------------------------------------------------------------------------ (add/remove: 0/3 grow/shrink: 5/3 up/down: 43/-92) Total: -49 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'loginutils')
-rw-r--r--loginutils/su.c19
1 files changed, 18 insertions, 1 deletions
diff --git a/loginutils/su.c b/loginutils/su.c
index 6356631..af25655 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -8,6 +8,23 @@
#include "libbb.h"
#include <syslog.h>
+#if ENABLE_FEATURE_SU_CHECKS_SHELLS
+/* Return 1 if SHELL is a restricted shell (one not returned by
+ getusershell), else 0, meaning it is a standard shell. */
+static int restricted_shell(const char *shell)
+{
+ char *line;
+
+ /*setusershell(); - getusershell does it itself*/
+ while ((line = getusershell()) != NULL) {
+ if (/* *line != '#' && */ strcmp(line, shell) == 0)
+ return 0;
+ }
+ endusershell();
+ return 1;
+}
+#endif
+
#define SU_OPT_mp (3)
#define SU_OPT_l (4)
@@ -89,7 +106,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
opt_shell = getenv("SHELL");
#if ENABLE_FEATURE_SU_CHECKS_SHELLS
- if (opt_shell && cur_uid && restricted_shell(pw->pw_shell)) {
+ if (opt_shell && cur_uid != 0 && restricted_shell(pw->pw_shell)) {
/* The user being su'd to has a nonstandard shell, and so is
probably a uucp account or has restricted access. Don't
compromise the account by allowing access with a standard