diff options
author | Ulrich Drepper <drepper@redhat.com> | 1998-03-29 17:03:23 +0000 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 1998-03-29 17:03:23 +0000 |
commit | cb34385453717065a4bbfd9fae971b76c186df1e (patch) | |
tree | e06251493cba024dca02e8dfb2aaebe888b296d5 /inet/rcmd.c | |
parent | a44d23932dea41a56c4345394a973767af45cf02 (diff) | |
download | glibc-cb34385453717065a4bbfd9fae971b76c186df1e.zip glibc-cb34385453717065a4bbfd9fae971b76c186df1e.tar.gz glibc-cb34385453717065a4bbfd9fae971b76c186df1e.tar.bz2 |
Update.
1998-03-29 16:50 Ulrich Drepper <drepper@cygnus.com>
* config.make.in (ldd-rewrite-script): New variable.
* configure.in: Substitute ldd-rewrite-script.
* elf/Makefile: Rewrite rules to generate ldd script.
* elf/ldd.bash.in: Allow handling of non-ELF binaries.
* elf/ldd.sh.in: Likewise.
* sysdeps/unix/sysv/linux/Makefile: Remove rule to install lddlibc4.
* sysdeps/unix/sysv/linux/configure.in: Define ldd_rewrite_script to
point to sed script for libc4 handling insertion for ix86, m68, SPARC.
* sysdeps/unix/sysv/linux/i386/Makefile: Add rule to install lddlibc4.
1998-03-26 15:20 Zack Weinberg <zack@rabi.phys.columbia.edu>
* inet/rcmd.c (iruserok): Remain setuid to the local user
while .rhosts is actually read, to make .rhosts-over-NFS work
(PR libc/524). Use iruserfopen() for security checks on both
hosts.equiv and .rhosts. General cleanup.
(iruserfopen): New function, performs careful checking on
hosts.equiv/.rhosts files. Disallows all the old forbidden
stuff plus hard links to files.
1998-03-29 09:26 Ulrich Drepper <drepper@cygnus.com>
* setjmp/tst-setjmp.c: Don't test __setjmp, test _setjmp instead.
1998-03-29 02:02 H.J. Lu <hjl@gnu.org>
* sysdeps/i386/i486/bits/string.h: Fix typos.
* nss/nsswitch.c (__nss_lookup): Fix the bogus checking for
"adjusted for next function".
1998-03-28 00:13 H.J. Lu <hjl@gnu.org>
* sysdeps/unix/sysv/linux/alpha/readdir.c (__readdir64): New
strong alias.
* sysdeps/unix/sysv/linux/alpha/syscalls.list (socket): Added.
* libc.map (__ieee_get_fp_control, __ieee_set_fp_control):
Added. Used by libm.so on alpha.
1998-03-28 Thorsten Kukuk <kukuk@vt.uni-paderborn.de>
* intl/bindtextdom.c [_LIBC]: Define strdup only if not yet
defined.
1998-03-27 07:29 H.J. Lu <hjl@gnu.org>
* Makerules (object-suffixes-for-rules): Add .oS only for
building shared library.
Add ranlib rule for nonshared library.
(rmobjs): Fix typo.
* Makeconfig (libtype.oS, CFLAGS-.oS, CPPFLAGS-.oS): Moved
into for shared library only.
(CPPFLAGS-.oS): Add -DPIC.
(libtypes): Use $(object-suffixes-for-rules) instead of
$(object-suffixes).
1998-03-28 Ulrich Drepper <drepper@cygnus.com>
* sysdeps/unix/sysv/linux/Makefile (inhibit-stdio_lim): Compile
and install lddlibc4.
1998-03-28 09:13 Zack Weinberg <zack@rabi.phys.columbia.edu>
* iconvdata/gap.pl: Gobble rest of line with a scalar, not a
hash.
* iconvdata/gaptab.pl: Likewise.
Diffstat (limited to 'inet/rcmd.c')
-rw-r--r-- | inet/rcmd.c | 168 |
1 files changed, 94 insertions, 74 deletions
diff --git a/inet/rcmd.c b/inet/rcmd.c index d496a7a..05bd1d5 100644 --- a/inet/rcmd.c +++ b/inet/rcmd.c @@ -287,6 +287,49 @@ ruserok(rhost, superuser, ruser, luser) return -1; } +/* Extremely paranoid file open function. */ +static FILE * +iruserfopen (char *file, uid_t okuser) +{ + struct stat st; + char *cp = NULL; + FILE *res = NULL; + + /* If not a regular file, if owned by someone other than user or + root, if writeable by anyone but the owner, or if hardlinked + anywhere, quit. */ + cp = NULL; + if (__lxstat (_STAT_VER, file, &st)) + cp = _("lstat failed"); + else if (!S_ISREG (st.st_mode)) + cp = _("not regular file"); + else + { + res = fopen (file, "r"); + if (!res) + cp = _("cannot open"); + else if (__fxstat (_STAT_VER, fileno (res), &st) < 0) + cp = _("fstat failed"); + else if (st.st_uid && st.st_uid != okuser) + cp = _("bad owner"); + else if (st.st_mode & (S_IWGRP|S_IWOTH)) + cp = _("writeable by other than owner"); + else if (st.st_nlink > 1) + cp = _("hard linked somewhere"); + } + + /* If there were any problems, quit. */ + if (cp != NULL) + { + __rcmd_errstr = cp; + if (res) + fclose (res); + return NULL; + } + + return res; +} + /* * New .rhosts strategy: We are passed an ip address. We spin through * hosts.equiv and .rhosts looking for a match. When the .rhosts only @@ -297,83 +340,60 @@ ruserok(rhost, superuser, ruser, luser) * Returns 0 if ok, -1 if not ok. */ int -iruserok(raddr, superuser, ruser, luser) - u_int32_t raddr; - int superuser; - const char *ruser, *luser; +iruserok (raddr, superuser, ruser, luser) + u_int32_t raddr; + int superuser; + const char *ruser, *luser; { - register char *cp; - struct stat sbuf; - struct passwd pwdbuf, *pwd; - FILE *hostf; - int first; - - first = 1; - hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r"); -again: - if (hostf) { - if (__ivaliduser(hostf, raddr, luser, ruser) == 0) { - (void)fclose(hostf); - return 0; - } - (void)fclose(hostf); - } - if (first == 1 && (__check_rhosts_file || superuser)) { - char *pbuf; - size_t dirlen; - size_t buflen = __sysconf (_SC_GETPW_R_SIZE_MAX); - char *buffer = __alloca (buflen); - - first = 0; - if (__getpwnam_r (luser, &pwdbuf, buffer, buflen, &pwd) < 0) - return -1; + FILE *hostf; + int isbad; - dirlen = strlen (pwd->pw_dir); - pbuf = alloca (dirlen + sizeof "/.rhosts"); - __mempcpy (__mempcpy (pbuf, pwd->pw_dir, dirlen), - "/.rhosts", sizeof "/.rhosts"); - - /* - * Change effective uid while opening .rhosts. If root and - * reading an NFS mounted file system, can't read files that - * are protected read/write owner only. - */ - if (__access (pbuf, R_OK) != 0) - hostf = NULL; - else - { - uid_t uid = geteuid (); - seteuid (pwd->pw_uid); - hostf = fopen (pbuf, "r"); - seteuid (uid); - } - - if (hostf == NULL) - return -1; - /* - * If not a regular file, or is owned by someone other than - * user or root or if writeable by anyone but the owner, quit. - */ - cp = NULL; - if (lstat(pbuf, &sbuf) < 0) - cp = _(".rhosts lstat failed"); - else if (!S_ISREG(sbuf.st_mode)) - cp = _(".rhosts not regular file"); - else if (fstat(fileno(hostf), &sbuf) < 0) - cp = _(".rhosts fstat failed"); - else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) - cp = _("bad .rhosts owner"); - else if (sbuf.st_mode & (S_IWGRP|S_IWOTH)) - cp = _(".rhosts writeable by other than owner"); - /* If there were any problems, quit. */ - if (cp) { - __rcmd_errstr = cp; - (void)fclose(hostf); - return -1; - } - goto again; - } + if (!superuser) + hostf = iruserfopen (_PATH_HEQUIV, 0); + + if (hostf) + { + isbad = __ivaliduser (hostf, raddr, luser, ruser); + fclose (hostf); + + if (!isbad) + return 0; + } + + if (__check_rhosts_file || superuser) + { + char *pbuf; + struct passwd pwdbuf, *pwd; + size_t dirlen; + size_t buflen = __sysconf (_SC_GETPW_R_SIZE_MAX); + char *buffer = __alloca (buflen); + uid_t uid; + + if (__getpwnam_r (luser, &pwdbuf, buffer, buflen, &pwd)) return -1; + + dirlen = strlen (pwd->pw_dir); + pbuf = alloca (dirlen + sizeof "/.rhosts"); + __mempcpy (__mempcpy (pbuf, pwd->pw_dir, dirlen), + "/.rhosts", sizeof "/.rhosts"); + + /* Change effective uid while reading .rhosts. If root and + reading an NFS mounted file system, can't read files that + are protected read/write owner only. */ + uid = geteuid (); + seteuid (pwd->pw_uid); + hostf = iruserfopen (pbuf, pwd->pw_uid); + + if (hostf != NULL) + { + isbad = __ivaliduser (hostf, raddr, luser, ruser); + fclose (hostf); + } + + seteuid (uid); + return isbad; + } + return -1; } /* |