diff options
| author | Ryan Mallon <rmallon@gmail.com> | 2013-10-08 14:53:29 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2013-10-08 14:53:29 +0200 |
| commit | 1d30b3f1f66a0cd179f47082245079ef357b6a66 (patch) | |
| tree | 2a5eaf34ebb770e2d4d499338e6a4c82a22d3086 /miscutils/wall.c | |
| parent | 5906a5c26c392b9687d14951a6da3a5195b576be (diff) | |
| download | busybox-1d30b3f1f66a0cd179f47082245079ef357b6a66.tar.gz | |
wall,crontab: use xopen_as_uid_gid()
This fixes a narrow security race in crontab.
function old new delta
xopen_as_uid_gid - 80 +80
seteuid - 64 +64
setegid - 64 +64
setreuid - 37 +37
xseteuid - 22 +22
xsetegid - 22 +22
crontab_main 590 577 -13
setfsuid 33 - -33
setfsgid 33 - -33
wall_main 138 102 -36
open_as_user 109 - -109
text data bss dec hex filename
893539 497 7568 901604 dc1e4 busybox_old
893618 497 7568 901683 dc233 busybox_unstripped
Signed-off-by: Ryan Mallon <rmallon@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'miscutils/wall.c')
| -rw-r--r-- | miscutils/wall.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/miscutils/wall.c b/miscutils/wall.c index c74f4f27b..bb709ee39 100644 --- a/miscutils/wall.c +++ b/miscutils/wall.c @@ -41,11 +41,7 @@ int wall_main(int argc UNUSED_PARAM, char **argv) /* The applet is setuid. * Access to the file must be under user's uid/gid. */ - setfsuid(getuid()); - setfsgid(getgid()); - fd = xopen(argv[1], O_RDONLY); - setfsuid(geteuid()); - setfsgid(getegid()); + fd = xopen_as_uid_gid(argv[1], O_RDONLY, getuid(), getgid()); } msg = xmalloc_read(fd, NULL); if (ENABLE_FEATURE_CLEAN_UP && argv[1]) |