aboutsummaryrefslogtreecommitdiff
path: root/inet/rcmd.c
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>1998-03-29 17:03:23 +0000
committerUlrich Drepper <drepper@redhat.com>1998-03-29 17:03:23 +0000
commitcb34385453717065a4bbfd9fae971b76c186df1e (patch)
treee06251493cba024dca02e8dfb2aaebe888b296d5 /inet/rcmd.c
parenta44d23932dea41a56c4345394a973767af45cf02 (diff)
downloadglibc-cb34385453717065a4bbfd9fae971b76c186df1e.zip
glibc-cb34385453717065a4bbfd9fae971b76c186df1e.tar.gz
glibc-cb34385453717065a4bbfd9fae971b76c186df1e.tar.bz2
Update.
1998-03-29 16:50 Ulrich Drepper <drepper@cygnus.com> * config.make.in (ldd-rewrite-script): New variable. * configure.in: Substitute ldd-rewrite-script. * elf/Makefile: Rewrite rules to generate ldd script. * elf/ldd.bash.in: Allow handling of non-ELF binaries. * elf/ldd.sh.in: Likewise. * sysdeps/unix/sysv/linux/Makefile: Remove rule to install lddlibc4. * sysdeps/unix/sysv/linux/configure.in: Define ldd_rewrite_script to point to sed script for libc4 handling insertion for ix86, m68, SPARC. * sysdeps/unix/sysv/linux/i386/Makefile: Add rule to install lddlibc4. 1998-03-26 15:20 Zack Weinberg <zack@rabi.phys.columbia.edu> * inet/rcmd.c (iruserok): Remain setuid to the local user while .rhosts is actually read, to make .rhosts-over-NFS work (PR libc/524). Use iruserfopen() for security checks on both hosts.equiv and .rhosts. General cleanup. (iruserfopen): New function, performs careful checking on hosts.equiv/.rhosts files. Disallows all the old forbidden stuff plus hard links to files. 1998-03-29 09:26 Ulrich Drepper <drepper@cygnus.com> * setjmp/tst-setjmp.c: Don't test __setjmp, test _setjmp instead. 1998-03-29 02:02 H.J. Lu <hjl@gnu.org> * sysdeps/i386/i486/bits/string.h: Fix typos. * nss/nsswitch.c (__nss_lookup): Fix the bogus checking for "adjusted for next function". 1998-03-28 00:13 H.J. Lu <hjl@gnu.org> * sysdeps/unix/sysv/linux/alpha/readdir.c (__readdir64): New strong alias. * sysdeps/unix/sysv/linux/alpha/syscalls.list (socket): Added. * libc.map (__ieee_get_fp_control, __ieee_set_fp_control): Added. Used by libm.so on alpha. 1998-03-28 Thorsten Kukuk <kukuk@vt.uni-paderborn.de> * intl/bindtextdom.c [_LIBC]: Define strdup only if not yet defined. 1998-03-27 07:29 H.J. Lu <hjl@gnu.org> * Makerules (object-suffixes-for-rules): Add .oS only for building shared library. Add ranlib rule for nonshared library. (rmobjs): Fix typo. * Makeconfig (libtype.oS, CFLAGS-.oS, CPPFLAGS-.oS): Moved into for shared library only. (CPPFLAGS-.oS): Add -DPIC. (libtypes): Use $(object-suffixes-for-rules) instead of $(object-suffixes). 1998-03-28 Ulrich Drepper <drepper@cygnus.com> * sysdeps/unix/sysv/linux/Makefile (inhibit-stdio_lim): Compile and install lddlibc4. 1998-03-28 09:13 Zack Weinberg <zack@rabi.phys.columbia.edu> * iconvdata/gap.pl: Gobble rest of line with a scalar, not a hash. * iconvdata/gaptab.pl: Likewise.
Diffstat (limited to 'inet/rcmd.c')
-rw-r--r--inet/rcmd.c168
1 files changed, 94 insertions, 74 deletions
diff --git a/inet/rcmd.c b/inet/rcmd.c
index d496a7a..05bd1d5 100644
--- a/inet/rcmd.c
+++ b/inet/rcmd.c
@@ -287,6 +287,49 @@ ruserok(rhost, superuser, ruser, luser)
return -1;
}
+/* Extremely paranoid file open function. */
+static FILE *
+iruserfopen (char *file, uid_t okuser)
+{
+ struct stat st;
+ char *cp = NULL;
+ FILE *res = NULL;
+
+ /* If not a regular file, if owned by someone other than user or
+ root, if writeable by anyone but the owner, or if hardlinked
+ anywhere, quit. */
+ cp = NULL;
+ if (__lxstat (_STAT_VER, file, &st))
+ cp = _("lstat failed");
+ else if (!S_ISREG (st.st_mode))
+ cp = _("not regular file");
+ else
+ {
+ res = fopen (file, "r");
+ if (!res)
+ cp = _("cannot open");
+ else if (__fxstat (_STAT_VER, fileno (res), &st) < 0)
+ cp = _("fstat failed");
+ else if (st.st_uid && st.st_uid != okuser)
+ cp = _("bad owner");
+ else if (st.st_mode & (S_IWGRP|S_IWOTH))
+ cp = _("writeable by other than owner");
+ else if (st.st_nlink > 1)
+ cp = _("hard linked somewhere");
+ }
+
+ /* If there were any problems, quit. */
+ if (cp != NULL)
+ {
+ __rcmd_errstr = cp;
+ if (res)
+ fclose (res);
+ return NULL;
+ }
+
+ return res;
+}
+
/*
* New .rhosts strategy: We are passed an ip address. We spin through
* hosts.equiv and .rhosts looking for a match. When the .rhosts only
@@ -297,83 +340,60 @@ ruserok(rhost, superuser, ruser, luser)
* Returns 0 if ok, -1 if not ok.
*/
int
-iruserok(raddr, superuser, ruser, luser)
- u_int32_t raddr;
- int superuser;
- const char *ruser, *luser;
+iruserok (raddr, superuser, ruser, luser)
+ u_int32_t raddr;
+ int superuser;
+ const char *ruser, *luser;
{
- register char *cp;
- struct stat sbuf;
- struct passwd pwdbuf, *pwd;
- FILE *hostf;
- int first;
-
- first = 1;
- hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
-again:
- if (hostf) {
- if (__ivaliduser(hostf, raddr, luser, ruser) == 0) {
- (void)fclose(hostf);
- return 0;
- }
- (void)fclose(hostf);
- }
- if (first == 1 && (__check_rhosts_file || superuser)) {
- char *pbuf;
- size_t dirlen;
- size_t buflen = __sysconf (_SC_GETPW_R_SIZE_MAX);
- char *buffer = __alloca (buflen);
-
- first = 0;
- if (__getpwnam_r (luser, &pwdbuf, buffer, buflen, &pwd) < 0)
- return -1;
+ FILE *hostf;
+ int isbad;
- dirlen = strlen (pwd->pw_dir);
- pbuf = alloca (dirlen + sizeof "/.rhosts");
- __mempcpy (__mempcpy (pbuf, pwd->pw_dir, dirlen),
- "/.rhosts", sizeof "/.rhosts");
-
- /*
- * Change effective uid while opening .rhosts. If root and
- * reading an NFS mounted file system, can't read files that
- * are protected read/write owner only.
- */
- if (__access (pbuf, R_OK) != 0)
- hostf = NULL;
- else
- {
- uid_t uid = geteuid ();
- seteuid (pwd->pw_uid);
- hostf = fopen (pbuf, "r");
- seteuid (uid);
- }
-
- if (hostf == NULL)
- return -1;
- /*
- * If not a regular file, or is owned by someone other than
- * user or root or if writeable by anyone but the owner, quit.
- */
- cp = NULL;
- if (lstat(pbuf, &sbuf) < 0)
- cp = _(".rhosts lstat failed");
- else if (!S_ISREG(sbuf.st_mode))
- cp = _(".rhosts not regular file");
- else if (fstat(fileno(hostf), &sbuf) < 0)
- cp = _(".rhosts fstat failed");
- else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
- cp = _("bad .rhosts owner");
- else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
- cp = _(".rhosts writeable by other than owner");
- /* If there were any problems, quit. */
- if (cp) {
- __rcmd_errstr = cp;
- (void)fclose(hostf);
- return -1;
- }
- goto again;
- }
+ if (!superuser)
+ hostf = iruserfopen (_PATH_HEQUIV, 0);
+
+ if (hostf)
+ {
+ isbad = __ivaliduser (hostf, raddr, luser, ruser);
+ fclose (hostf);
+
+ if (!isbad)
+ return 0;
+ }
+
+ if (__check_rhosts_file || superuser)
+ {
+ char *pbuf;
+ struct passwd pwdbuf, *pwd;
+ size_t dirlen;
+ size_t buflen = __sysconf (_SC_GETPW_R_SIZE_MAX);
+ char *buffer = __alloca (buflen);
+ uid_t uid;
+
+ if (__getpwnam_r (luser, &pwdbuf, buffer, buflen, &pwd))
return -1;
+
+ dirlen = strlen (pwd->pw_dir);
+ pbuf = alloca (dirlen + sizeof "/.rhosts");
+ __mempcpy (__mempcpy (pbuf, pwd->pw_dir, dirlen),
+ "/.rhosts", sizeof "/.rhosts");
+
+ /* Change effective uid while reading .rhosts. If root and
+ reading an NFS mounted file system, can't read files that
+ are protected read/write owner only. */
+ uid = geteuid ();
+ seteuid (pwd->pw_uid);
+ hostf = iruserfopen (pbuf, pwd->pw_uid);
+
+ if (hostf != NULL)
+ {
+ isbad = __ivaliduser (hostf, raddr, luser, ruser);
+ fclose (hostf);
+ }
+
+ seteuid (uid);
+ return isbad;
+ }
+ return -1;
}
/*