From cd256e1c407aa70dfefb7178ed2c0e4201f1aaf7 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Sun, 6 Oct 2013 15:14:25 +0200 Subject: [PATCH] wall: access FILE under real user's credentials While at it, move applet/config/kbuild bits into wall.c. (This way, it's more visible that applet is suid'ed). function old new delta wall_main 87 138 +51 Signed-off-by: Denys Vlasenko --- include/applets.src.h | 2 -- miscutils/Config.src | 7 ------- miscutils/Kbuild.src | 1 - miscutils/wall.c | 25 ++++++++++++++++++++++++- 4 files changed, 24 insertions(+), 11 deletions(-) diff --git a/include/applets.src.h b/include/applets.src.h index aa319bbc9..3a47e15b9 100644 --- a/include/applets.src.h +++ b/include/applets.src.h @@ -407,8 +407,6 @@ IF_VCONFIG(APPLET(vconfig, BB_DIR_SBIN, BB_SUID_DROP)) /* Needs to be run by root or be suid root - needs to change uid and gid: */ IF_VLOCK(APPLET(vlock, BB_DIR_USR_BIN, BB_SUID_REQUIRE)) IF_VOLNAME(APPLET(volname, BB_DIR_USR_BIN, BB_SUID_DROP)) -/* Needs to be run by root or be suid root - needs to write to /dev/TTY: */ -IF_WALL(APPLET(wall, BB_DIR_USR_BIN, BB_SUID_REQUIRE)) IF_WATCH(APPLET(watch, BB_DIR_BIN, BB_SUID_DROP)) IF_WATCHDOG(APPLET(watchdog, BB_DIR_SBIN, BB_SUID_DROP)) IF_WC(APPLET(wc, BB_DIR_USR_BIN, BB_SUID_DROP)) diff --git a/miscutils/Config.src b/miscutils/Config.src index b9fc196d8..117ec7739 100644 --- a/miscutils/Config.src +++ b/miscutils/Config.src @@ -591,13 +591,6 @@ config VOLNAME help Prints a CD-ROM volume name. -config WALL - bool "wall" - default y - depends on FEATURE_UTMP - help - Write a message to all users that are logged in. - config WATCHDOG bool "watchdog" default y diff --git a/miscutils/Kbuild.src b/miscutils/Kbuild.src index 8c498643b..f3954f407 100644 --- a/miscutils/Kbuild.src +++ b/miscutils/Kbuild.src @@ -46,5 +46,4 @@ lib-$(CONFIG_TIME) += time.o lib-$(CONFIG_TIMEOUT) += timeout.o lib-$(CONFIG_TTYSIZE) += ttysize.o lib-$(CONFIG_VOLNAME) += volname.o -lib-$(CONFIG_WALL) += wall.o lib-$(CONFIG_WATCHDOG) += watchdog.o diff --git a/miscutils/wall.c b/miscutils/wall.c index 762f53b72..c74f4f27b 100644 --- a/miscutils/wall.c +++ b/miscutils/wall.c @@ -6,6 +6,18 @@ * Licensed under GPLv2 or later, see file LICENSE in this source tree. */ +//config:config WALL +//config: bool "wall" +//config: default y +//config: depends on FEATURE_UTMP +//config: help +//config: Write a message to all users that are logged in. + +/* Needs to be run by root or be suid root - needs to write to /dev/TTY: */ +//applet:IF_WALL(APPLET(wall, BB_DIR_USR_BIN, BB_SUID_REQUIRE)) + +//kbuild:lib-$(CONFIG_WALL) += wall.o + //usage:#define wall_trivial_usage //usage: "[FILE]" //usage:#define wall_full_usage "\n\n" @@ -22,8 +34,19 @@ int wall_main(int argc UNUSED_PARAM, char **argv) { struct utmp *ut; char *msg; - int fd = argv[1] ? xopen(argv[1], O_RDONLY) : STDIN_FILENO; + int fd; + fd = STDIN_FILENO; + if (argv[1]) { + /* The applet is setuid. + * Access to the file must be under user's uid/gid. + */ + setfsuid(getuid()); + setfsgid(getgid()); + fd = xopen(argv[1], O_RDONLY); + setfsuid(geteuid()); + setfsgid(getegid()); + } msg = xmalloc_read(fd, NULL); if (ENABLE_FEATURE_CLEAN_UP && argv[1]) close(fd);