[PATCH 3/3] wall: Temporarily drop privileges when opening files

Tito farmatito at tiscali.it
Tue Oct 8 07:22:31 UTC 2013


On Tuesday 08 October 2013 02:02:33 Ryan Mallon wrote:
> The wall applet is setuid and currently does no checking of the real
> user's read access to the message file. This allows the wall applet to
> be used to display files which are not readable by an unprivileged
> user. For example:
> 
>   $ wall /etc/shadow
>   $ wall /proc/vmallocinfo
> 
> Fix this by temporarily dropping privileges before opening the file.
> 
> Signed-off-by: Ryan Mallon <rmallon at gmail.com>
> ---
>  miscutils/wall.c |   19 ++++++++++++++++++-
>  1 file changed, 18 insertions(+), 1 deletion(-)
> 
> diff --git a/miscutils/wall.c b/miscutils/wall.c
> index 762f53b..0f9d046 100644
> --- a/miscutils/wall.c
> +++ b/miscutils/wall.c
> @@ -22,7 +22,24 @@ int wall_main(int argc UNUSED_PARAM, char **argv)
>  {
>  	struct utmp *ut;
>  	char *msg;
> -	int fd = argv[1] ? xopen(argv[1], O_RDONLY) : STDIN_FILENO;
> +	int fd = STDIN_FILENO;
> +
> +	if (argv[1]) {
> +		/*
> +		 * This applet is setuid. Temporarily drop privileges to the
> +		 * real user when opening the file.
> +		 */
> +		uid_t old_euid = geteuid();
> +		gid_t old_egid = getegid();
> +
> +		xsetegid(getgid());
> +		xseteuid(getuid());
> +
> +		fd = xopen(argv[1], O_RDONLY);
> +
> +		xseteuid(old_euid);
> +		xsetegid(old_egid);
> +	}
>  
>  	msg = xmalloc_read(fd, NULL);
>  	if (ENABLE_FEATURE_CLEAN_UP && argv[1])
> 

Hi,
seems to me that now we can move all this stuff to libbb
as there are already two applets that use it.


int xopen_as_user(char *path) {
	int fd;
	uid_t old_euid = geteuid();
	gid_t old_egid = getegid();

	xsetegid(getgid());
	xseteuid(getuid());

	fd = xopen(path, O_RDONLY);

	xseteuid(old_euid);
	xsetegid(old_egid);

	return fd
}

Ciao,
Tito


More information about the busybox mailing list