diff --git a/man.changes b/man.changes index 82fde0f..e8eeac6 100644 --- a/man.changes +++ b/man.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Jun 8 08:31:52 UTC 2015 - werner@suse.de + +- Allow root to use man command within its home + ------------------------------------------------------------------- Fri May 29 10:34:37 UTC 2015 - werner@suse.de diff --git a/man.spec b/man.spec index 3b34ea6..b876e73 100644 --- a/man.spec +++ b/man.spec @@ -1,7 +1,7 @@ # # spec file for package man # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/wrapper.c b/wrapper.c index e2815bb..578c945 100644 --- a/wrapper.c +++ b/wrapper.c @@ -69,7 +69,6 @@ int main (int argc, char **argv, char *envp[]) { uid_t ruid, euid; gid_t rgid; - struct passwd *pwd; argc = argc; /* not used */ @@ -103,6 +102,9 @@ int main (int argc, char **argv, char *envp[]) printf ("%s\n", wlp->run); #endif if (ruid == 0 || euid == 0) { + struct passwd *pwd; + char *cwd; + pwd = getpwnam (wlp->user); if (!pwd) { fprintf (stderr, _("%s: Failed su to user %s\n"), wlp->prog, wlp->user); @@ -119,6 +121,10 @@ int main (int argc, char **argv, char *envp[]) pwd->pw_gid = rgid; #endif } + if ((cwd = get_current_dir_name()) == NULL) { + fprintf (stderr, _("%s: Failed su to user %s\n"), wlp->prog, wlp->user); + return -EACCES; + } if (setregid (rgid, pwd->pw_gid)) { fprintf (stderr, _("%s: Failed su to user %s\n"), wlp->prog, wlp->user); return -EACCES; @@ -131,6 +137,11 @@ int main (int argc, char **argv, char *envp[]) fprintf (stderr, _("%s: Failed su to user %s\n"), wlp->prog, wlp->user); return -EACCES; } + if (access(cwd, X_OK) < 0 && chdir(pwd->pw_dir)) { + fprintf (stderr, _("%s: Failed su to user %s\n"), wlp->prog, wlp->user); + return -EACCES; + } + free(cwd); } execve (wlp->run, argv, envp); perror ("execve");