aboutsummaryrefslogtreecommitdiff
path: root/loginutils
diff options
context:
space:
mode:
Diffstat (limited to 'loginutils')
-rw-r--r--loginutils/login.c2
-rw-r--r--loginutils/su.c33
-rw-r--r--loginutils/sulogin.c2
3 files changed, 31 insertions, 6 deletions
diff --git a/loginutils/login.c b/loginutils/login.c
index 94b6c45db..52abc1886 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -618,7 +618,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
signal(SIGINT, SIG_DFL);
/* Exec login shell with no additional parameters */
- run_shell(pw->pw_shell, 1, NULL, NULL);
+ run_shell(pw->pw_shell, 1, NULL);
/* return EXIT_FAILURE; - not reached */
}
diff --git a/loginutils/su.c b/loginutils/su.c
index 3c0e8c100..24ffbde86 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -31,10 +31,10 @@
//kbuild:lib-$(CONFIG_SU) += su.o
//usage:#define su_trivial_usage
-//usage: "[OPTIONS] [-] [USER]"
+//usage: "[-lmp] [-] [-s SH] [USER [SCRIPT ARGS / -c 'CMD' ARG0 ARGS]]"
//usage:#define su_full_usage "\n\n"
//usage: "Run shell under USER (by default, root)\n"
-//usage: "\n -,-l Clear environment, run shell as login shell"
+//usage: "\n -,-l Clear environment, go to home dir, run shell as login shell"
//usage: "\n -p,-m Do not set new $HOME, $SHELL, $USER, $LOGNAME"
//usage: "\n -c CMD Command to pass to 'sh -c'"
//usage: "\n -s SH Shell to use instead of user's default"
@@ -81,8 +81,12 @@ int su_main(int argc UNUSED_PARAM, char **argv)
#endif
const char *old_user;
+ /* Note: we don't use "'+': stop at first non-option" idiom here.
+ * For su, "SCRIPT ARGS" or "-c CMD ARGS" do not stop option parsing:
+ * ARGS starting with dash will be treated as su options,
+ * not passed to shell. (Tested on util-linux 2.28).
+ */
flags = getopt32(argv, "mplc:s:", &opt_command, &opt_shell);
- //argc -= optind;
argv += optind;
if (argv[0] && LONE_DASH(argv[0])) {
@@ -162,8 +166,29 @@ int su_main(int argc UNUSED_PARAM, char **argv)
pw);
IF_SELINUX(set_current_security_context(NULL);)
+ if (opt_command) {
+ *--argv = opt_command;
+ *--argv = (char*)"-c";
+ }
+
+ /* A nasty ioctl exists which can stuff data into input queue:
+ * #include <sys/ioctl.h>
+ * int main() {
+ * const char *msg = "echo $UID\n";
+ * while (*msg) ioctl(0, TIOCSTI, *msg++);
+ * return 0;
+ * }
+ * With "su USER -c EXPLOIT" run by root, exploit can make root shell
+ * read as input and execute arbitrary command.
+ * It's debatable whether we need to protect against this
+ * (root may hesitate to run unknown scripts interactively).
+ *
+ * Some versions of su run -c CMD in a different session:
+ * ioctl(TIOCSTI) works only on the controlling tty.
+ */
+
/* Never returns */
- run_shell(opt_shell, flags & SU_OPT_l, opt_command, (const char**)argv);
+ run_shell(opt_shell, flags & SU_OPT_l, (const char**)argv);
/* return EXIT_FAILURE; - not reached */
}
diff --git a/loginutils/sulogin.c b/loginutils/sulogin.c
index 6befea933..2e32e2bbd 100644
--- a/loginutils/sulogin.c
+++ b/loginutils/sulogin.c
@@ -89,5 +89,5 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
shell = pwd->pw_shell;
/* Exec login shell with no additional parameters. Never returns. */
- run_shell(shell, 1, NULL, NULL);
+ run_shell(shell, 1, NULL);
}