On Tuesday 08 October 2013 02:02:33 Ryan Mallon wrote:
> The wall applet is setuid and currently does no checking of the real
> user's read access to the message file. This allows the wall applet to
> be used to display files which are not readable by an unprivileged
> user. For example:
>
> $ wall /etc/shadow
> $ wall /proc/vmallocinfo
>
> Fix this by temporarily dropping privileges before opening the file.
>
> Signed-off-by: Ryan Mallon <[email protected]>
> ---
> miscutils/wall.c | 19 ++++++++++++++++++-
> 1 file changed, 18 insertions(+), 1 deletion(-)
>
> diff --git a/miscutils/wall.c b/miscutils/wall.c
> index 762f53b..0f9d046 100644
> --- a/miscutils/wall.c
> +++ b/miscutils/wall.c
> @@ -22,7 +22,24 @@ int wall_main(int argc UNUSED_PARAM, char **argv)
> {
> struct utmp *ut;
> char *msg;
> - int fd = argv[1] ? xopen(argv[1], O_RDONLY) : STDIN_FILENO;
> + int fd = STDIN_FILENO;
> +
> + if (argv[1]) {
> + /*
> + * This applet is setuid. Temporarily drop privileges to the
> + * real user when opening the file.
> + */
> + uid_t old_euid = geteuid();
> + gid_t old_egid = getegid();
> +
> + xsetegid(getgid());
> + xseteuid(getuid());
> +
> + fd = xopen(argv[1], O_RDONLY);
> +
> + xseteuid(old_euid);
> + xsetegid(old_egid);
> + }
>
> msg = xmalloc_read(fd, NULL);
> if (ENABLE_FEATURE_CLEAN_UP && argv[1])
>
Hi,
seems to me that now we can move all this stuff to libbb
as there are already two applets that use it.
int xopen_as_user(char *path) {
int fd;
uid_t old_euid = geteuid();
gid_t old_egid = getegid();
xsetegid(getgid());
xseteuid(getuid());
fd = xopen(path, O_RDONLY);
xseteuid(old_euid);
xsetegid(old_egid);
return fd
}
Ciao,
Tito
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
