[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox-cvs
Subject: [git commit] wall,crontab: use xopen_as_uid_gid()
From: Denys Vlasenko <vda.linux () googlemail ! com>
Date: 2013-10-08 12:53:29
Message-ID: 20131012025120.642569B948 () busybox ! osuosl ! org
[Download RAW message or body]
commit: http://git.busybox.net/busybox/commit/?id=1d30b3f1f66a0cd179f47082245079ef357b6a66
branch: http://git.busybox.net/busybox/commit/?id=refs/heads/master
This fixes a narrow security race in crontab.
function old new delta
xopen_as_uid_gid - 80 +80
seteuid - 64 +64
setegid - 64 +64
setreuid - 37 +37
xseteuid - 22 +22
xsetegid - 22 +22
crontab_main 590 577 -13
setfsuid 33 - -33
setfsgid 33 - -33
wall_main 138 102 -36
open_as_user 109 - -109
text data bss dec hex filename
893539 497 7568 901604 dc1e4 busybox_old
893618 497 7568 901683 dc233 busybox_unstripped
Signed-off-by: Ryan Mallon <rmallon@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
miscutils/crontab.c | 27 +--------------------------
miscutils/wall.c | 6 +-----
2 files changed, 2 insertions(+), 31 deletions(-)
diff --git a/miscutils/crontab.c b/miscutils/crontab.c
index 4731d8d..aad242f 100644
--- a/miscutils/crontab.c
+++ b/miscutils/crontab.c
@@ -55,28 +55,6 @@ static void edit_file(const struct passwd *pas, const char *file)
bb_perror_msg_and_die("can't execute '%s'", ptr);
}
-static int open_as_user(const struct passwd *pas, const char *file)
-{
- pid_t pid;
- char c;
-
- pid = xvfork();
- if (pid) { /* PARENT */
- if (wait4pid(pid) == 0) {
- /* exitcode 0: child says it can read */
- return open(file, O_RDONLY);
- }
- return -1;
- }
-
- /* CHILD */
- /* initgroups, setgid, setuid */
- change_identity(pas);
- /* We just try to read one byte. If it works, file is readable
- * under this user. We signal that by exiting with 0. */
- _exit(safe_read(xopen(file, O_RDONLY), &c, 1) < 0);
-}
-
int crontab_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
int crontab_main(int argc UNUSED_PARAM, char **argv)
{
@@ -137,10 +115,7 @@ int crontab_main(int argc UNUSED_PARAM, char **argv)
if (!argv[0])
bb_show_usage();
if (NOT_LONE_DASH(argv[0])) {
- src_fd = open_as_user(pas, argv[0]);
- if (src_fd < 0)
- bb_error_msg_and_die("user %s cannot read %s",
- pas->pw_name, argv[0]);
+ src_fd = xopen_as_uid_gid(argv[0], O_RDONLY, pas->pw_uid, pas->pw_gid);
}
}
diff --git a/miscutils/wall.c b/miscutils/wall.c
index c74f4f2..bb709ee 100644
--- a/miscutils/wall.c
+++ b/miscutils/wall.c
@@ -41,11 +41,7 @@ int wall_main(int argc UNUSED_PARAM, char **argv)
/* The applet is setuid.
* Access to the file must be under user's uid/gid.
*/
- setfsuid(getuid());
- setfsgid(getgid());
- fd = xopen(argv[1], O_RDONLY);
- setfsuid(geteuid());
- setfsgid(getegid());
+ fd = xopen_as_uid_gid(argv[1], O_RDONLY, getuid(), getgid());
}
msg = xmalloc_read(fd, NULL);
if (ENABLE_FEATURE_CLEAN_UP && argv[1])
_______________________________________________
busybox-cvs mailing list
busybox-cvs@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox-cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic