From 26ffe81188a5555824bc86b1953517f7ba4524a9 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Fri, 26 Feb 2010 10:01:18 +0100 Subject: su: move restricted_shell into su.c (the only user) function old new delta su_main 448 468 +20 buffer_fill_and_print 179 196 +17 scriptreplay_main 205 208 +3 localcmd 275 277 +2 hash_find 233 234 +1 devmem_main 469 463 -6 install_main 724 716 -8 setusershell 11 - -11 find_pair 187 169 -18 restricted_shell 49 - -49 ------------------------------------------------------------------------------ (add/remove: 0/3 grow/shrink: 5/3 up/down: 43/-92) Total: -49 bytes Signed-off-by: Denys Vlasenko --- loginutils/su.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'loginutils') diff --git a/loginutils/su.c b/loginutils/su.c index 6356631b8..af25655fd 100644 --- a/loginutils/su.c +++ b/loginutils/su.c @@ -8,6 +8,23 @@ #include "libbb.h" #include +#if ENABLE_FEATURE_SU_CHECKS_SHELLS +/* Return 1 if SHELL is a restricted shell (one not returned by + getusershell), else 0, meaning it is a standard shell. */ +static int restricted_shell(const char *shell) +{ + char *line; + + /*setusershell(); - getusershell does it itself*/ + while ((line = getusershell()) != NULL) { + if (/* *line != '#' && */ strcmp(line, shell) == 0) + return 0; + } + endusershell(); + return 1; +} +#endif + #define SU_OPT_mp (3) #define SU_OPT_l (4) @@ -89,7 +106,7 @@ int su_main(int argc UNUSED_PARAM, char **argv) opt_shell = getenv("SHELL"); #if ENABLE_FEATURE_SU_CHECKS_SHELLS - if (opt_shell && cur_uid && restricted_shell(pw->pw_shell)) { + if (opt_shell && cur_uid != 0 && restricted_shell(pw->pw_shell)) { /* The user being su'd to has a nonstandard shell, and so is probably a uucp account or has restricted access. Don't compromise the account by allowing access with a standard -- cgit v1.2.3