emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

* NEWS, libmisc/chowntty.c: Fix a race condition that could lead to

Browse Source 
gaining ownership or changing mode of arbitrary files.
This commit is contained in:
nekral-guest
2008-11-22 23:22:16 +00:00
parent 8d7e1faebf
commit eb4097180b
3 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libmisc/chowntty.c
View File

@@ -109,14 +109,14 @@ void chown_tty (const char *tty, const struct passwd *info)
exit (1);
}
if ( (chown (tty, info->pw_uid, gid) != 0)
|| (chmod (tty, getdef_num ("TTYPERM", 0600)) != 0)) {
if ( (fchown (STDIN_FILENO, info->pw_uid, gid) != 0)
|| (fchmod (STDIN_FILENO, getdef_num ("TTYPERM", 0600)) != 0)) {
int err = errno;
snprintf (buf, sizeof buf, _("Unable to change tty %s"), tty);
snprintf (buf, sizeof buf, _("Unable to change tty stdin"));
perror (buf);
SYSLOG ((LOG_WARN,
"unable to change tty `%s' for user `%s'\n", tty,
"unable to change tty stdin for user `%s'\n",
info->pw_name));
closelog ();