shadow/libmisc
Samanta Navarro cde221b858 copy_tree: carefully treat permissions
The setuid, setgid, and sticky bits are not copied during copy_tree.

Also start with very restrictive permissions before setting ownerships.

This prevents situations in which users in a group with less permissions
than others could win a race in opening the file before permissions are
removed again.

Proof of concept:

$ echo $HOME
/home/uwu
$ install -o uwu -g fandom -m 604 /dev/null /home/uwu/owo
$ ls -l /home/uwu/owo
-rw----r-- 1 uwu fandom 0 Sep  4 00:00 /home/uwu/owo

If /tmp is on another filesystem, then "usermod -md /tmp/uwu uwu" leads
to this temporary situation:

$ ls -l /tmp/uwu/owo
-rw----r-- 1 root root  0 Sep  4 00:00 /tmp/uwu/owo

This means that between openat and chownat_if_needed a user of group
fandom could open /tmp/uwu/owo and read the content when it is finally
written into the file.
2022-09-14 10:11:32 +02:00
..
.indent.pro Commit the last version from the PLD CVS repository. 2007-10-07 14:36:51 +00:00
addgrps.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
age.c Update licensing info 2021-12-23 19:36:50 -06:00
audit_help.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
basename.c Update licensing info 2021-12-23 19:36:50 -06:00
btrfs.c Declare read-only data const 2022-08-06 11:27:56 -05:00
chkname.c shadow: use relaxed usernames 2022-09-02 20:27:14 -05:00
chkname.h Update licensing info 2021-12-23 19:36:50 -06:00
chowndir.c Avoid races in chown_tree() 2022-08-17 12:34:01 -05:00
chowntty.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
cleanup_group.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
cleanup_user.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
cleanup.c Update licensing info 2021-12-23 19:36:50 -06:00
console.c Drop unnecessary prototype 2022-08-06 11:27:56 -05:00
copydir.c copy_tree: carefully treat permissions 2022-09-14 10:11:32 +02:00
date_to_str.c Have a single definition of date_to_str() 2021-12-26 18:55:39 +01:00
entry.c Update licensing info 2021-12-23 19:36:50 -06:00
env.c Declare read-only data const 2022-08-06 11:27:56 -05:00
failure.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
failure.h Update licensing info 2021-12-23 19:36:50 -06:00
find_new_gid.c Declare read-only parameters const 2022-08-06 11:27:56 -05:00
find_new_sub_gids.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
find_new_sub_uids.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
find_new_uid.c Declare read-only parameters const 2022-08-06 11:27:56 -05:00
getdate.h Update licensing info 2021-12-23 19:36:50 -06:00
getdate.y Use isdigit(3) instead of a reimplementation of it 2021-12-29 02:41:09 +01:00
getgr_nam_gid.c Update licensing info 2021-12-23 19:36:50 -06:00
getrange.c Declare read-only parameters const 2022-08-06 11:27:56 -05:00
gettime.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
hushed.c Update licensing info 2021-12-23 19:36:50 -06:00
idmapping.c Declare read-only parameters const 2022-08-06 11:27:56 -05:00
idmapping.h Add include for uid_t 2022-08-06 11:27:56 -05:00
isexpired.c Update licensing info 2021-12-23 19:36:50 -06:00
limits.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
list.c Update licensing info 2021-12-23 19:36:50 -06:00
log.c Update licensing info 2021-12-23 19:36:50 -06:00
loginprompt.c Use 'void' instead of 'RETSIGTYPE'. Use 'sighandler_t' too. 2022-01-15 08:25:53 -06:00
mail.c Update licensing info 2021-12-23 19:36:50 -06:00
Makefile.am Have a single definition of date_to_str() 2021-12-26 18:55:39 +01:00
motd.c Drop register keyword 2022-08-06 11:27:56 -05:00
myname.c Update licensing info 2021-12-23 19:36:50 -06:00
obscure.c Update licensing info 2021-12-23 19:36:50 -06:00
pam_pass_non_interactive.c Declare read-only data const 2022-08-06 11:27:56 -05:00
pam_pass.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
prefix_flag.c Use strict prototypes 2022-01-03 15:09:17 +01:00
pwd2spwd.c Update licensing info 2021-12-23 19:36:50 -06:00
pwd_init.c Update licensing info 2021-12-23 19:36:50 -06:00
pwdcheck.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
remove_tree.c Avoid races in remove_tree() 2022-08-17 12:34:01 -05:00
rlogin.c Update licensing info 2021-12-23 19:36:50 -06:00
root_flag.c libmisc/root_flag: add tips for --root flag only support abspath 2022-08-06 15:04:06 -05:00
salt.c Drop superfluous const from return type 2022-08-06 11:27:56 -05:00
setugid.c Update licensing info 2021-12-23 19:36:50 -06:00
setupenv.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
shell.c Do not drop const qualifier for Basename 2022-01-03 15:09:17 +01:00
strtoday.c Declare read-only data const 2022-08-06 11:27:56 -05:00
sub.c Update licensing info 2021-12-23 19:36:50 -06:00
sulog.c Update licensing info 2021-12-23 19:36:50 -06:00
ttytype.c Update licensing info 2021-12-23 19:36:50 -06:00
tz.c Update licensing info 2021-12-23 19:36:50 -06:00
ulimit.c Update licensing info 2021-12-23 19:36:50 -06:00
user_busy.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
utmp.c Update licensing info 2021-12-23 19:36:50 -06:00
valid.c Update licensing info 2021-12-23 19:36:50 -06:00
xgetgrgid.c Update licensing info 2021-12-23 19:36:50 -06:00
xgetgrnam.c Update licensing info 2021-12-23 19:36:50 -06:00
xgetpwnam.c Update licensing info 2021-12-23 19:36:50 -06:00
xgetpwuid.c Update licensing info 2021-12-23 19:36:50 -06:00
xgetspnam.c Update licensing info 2021-12-23 19:36:50 -06:00
xgetXXbyYY.c Handle ERANGE error correctly 2022-03-18 20:24:10 -05:00
xmalloc.c Return void pointer from xmalloc 2022-08-06 11:27:56 -05:00
yesno.c Update licensing info 2021-12-23 19:36:50 -06:00