2023-10-31 17:39:09 +01:00
|
|
|
From: Werner Fink <werner@suse.de>
|
|
|
|
Date: 2013-06-06 08:27:43+0000
|
|
|
|
Subject: let `su' handle /sbin and /usr/sbin in path
|
|
|
|
|
Accepting request 543952 from home:sbrabec:branches:util-linux-2.31
- Update to version 2.31:
* New utilities: uuidparse, rfkill.
* su has been refactored and extended to create pseudo terminal
(new option --pty, CVE-2016-2779, bsc#968674). This new
EXPERIMENTAL feature provides better isolation between root's
terminal and an unprivileged su.
* libuuid: Improved to match
* libuuid, uuidgen: support hash-based UUIDs v3 (md5) and v5
(sha1) as specified by RFC-4122. Provide UUID templates for
dns, url, oid, or x500.
* libblkid: Extended support for DM-integrity, HPE (aka
extended-XFS) and UBI superblock. New API to hide already
detected signatures.
* libfdisk: New API to modify grain, make possible to completely
disable dialog driven partitioning.
* libsmartcols: New API to move columns.
* column: --table-header-repeat to repeat table headers.
* libfdisk: Use BLKPG ioctls to inform the kernel about changes.
* fdisk: Improved ^C and ^D behavior.
* cfdisk: Dialog to resize partition.
* look: Follow the WORDLIST environment variable.
* script: Follow the usual semantics for stop/continue signals.
* setpriv: New command line options --ambient-caps and
--init-groups.
* hwclock: Reduce system shutdown times, log --systz when using
libaudit.
* Other bug fixes.
- Drop upstreamed util-linux-use-tinfow.patch.
- Update to version 2.31:
OBS-URL: https://build.opensuse.org/request/show/543952
OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=352
2017-11-27 11:06:27 +01:00
|
|
|
Index: util-linux-2.31/login-utils/su-common.c
|
|
|
|
===================================================================
|
|
|
|
--- util-linux-2.31.orig/login-utils/su-common.c
|
|
|
|
+++ util-linux-2.31/login-utils/su-common.c
|
|
|
|
@@ -944,6 +944,117 @@ static void setenv_path(const struct pas
|
|
|
|
err(EXIT_FAILURE, _("failed to set the PATH environment variable"));
|
2013-06-06 11:42:28 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
+/* Add or clear /sbin and /usr/sbin for the su command
|
|
|
|
+ used without `-'. */
|
|
|
|
+
|
|
|
|
+/* Set if /sbin is found in path. */
|
|
|
|
+#define SBIN_MASK 0x01
|
|
|
|
+/* Set if /usr/sbin is found in path. */
|
|
|
|
+#define USBIN_MASK 0x02
|
|
|
|
+
|
|
|
|
+static char *
|
|
|
|
+addsbin (const char *const path)
|
|
|
|
+{
|
|
|
|
+ unsigned char smask = 0;
|
|
|
|
+ char *ptr, *tmp, *cur, *ret = NULL;
|
|
|
|
+ size_t len;
|
|
|
|
+
|
|
|
|
+ if (!path || *path == 0)
|
|
|
|
+ return NULL;
|
|
|
|
+
|
|
|
|
+ tmp = xstrdup (path);
|
|
|
|
+ cur = tmp;
|
|
|
|
+ for (ptr = strsep (&cur, ":"); ptr != NULL; ptr = strsep (&cur, ":"))
|
|
|
|
+ {
|
|
|
|
+ if (!strcmp (ptr, "/sbin"))
|
|
|
|
+ smask |= SBIN_MASK;
|
|
|
|
+ if (!strcmp (ptr, "/usr/sbin"))
|
|
|
|
+ smask |= USBIN_MASK;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if ((smask & (USBIN_MASK|SBIN_MASK)) == (USBIN_MASK|SBIN_MASK))
|
|
|
|
+ {
|
|
|
|
+ free (tmp);
|
|
|
|
+ return NULL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ len = strlen (path);
|
|
|
|
+ if (!(smask & USBIN_MASK))
|
|
|
|
+ len += strlen ("/usr/sbin:");
|
|
|
|
+
|
|
|
|
+ if (!(smask & SBIN_MASK))
|
|
|
|
+ len += strlen (":/sbin");
|
|
|
|
+
|
|
|
|
+ ret = xmalloc (len + 1);
|
|
|
|
+ strcpy (tmp, path);
|
|
|
|
+
|
|
|
|
+ *ret = 0;
|
|
|
|
+ cur = tmp;
|
|
|
|
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
|
|
|
|
+ {
|
|
|
|
+ if (!strcmp (ptr, "."))
|
|
|
|
+ continue;
|
|
|
|
+ if (*ret)
|
|
|
|
+ strcat (ret, ":");
|
|
|
|
+ if (!(smask & USBIN_MASK) && !strcmp (ptr, "/bin"))
|
|
|
|
+ {
|
|
|
|
+ strcat (ret, "/usr/sbin:");
|
|
|
|
+ strcat (ret, ptr);
|
|
|
|
+ smask |= USBIN_MASK;
|
|
|
|
+ continue;
|
|
|
|
+ }
|
|
|
|
+ if (!(smask & SBIN_MASK) && !strcmp (ptr, "/usr/bin"))
|
|
|
|
+ {
|
|
|
|
+ strcat (ret, ptr);
|
|
|
|
+ strcat (ret, ":/sbin");
|
|
|
|
+ smask |= SBIN_MASK;
|
|
|
|
+ continue;
|
|
|
|
+ }
|
|
|
|
+ strcat (ret, ptr);
|
|
|
|
+ }
|
|
|
|
+ free (tmp);
|
|
|
|
+
|
|
|
|
+ if (!(smask & USBIN_MASK))
|
|
|
|
+ strcat (ret, ":/usr/sbin");
|
|
|
|
+
|
|
|
|
+ if (!(smask & SBIN_MASK))
|
|
|
|
+ strcat (ret, ":/sbin");
|
|
|
|
+
|
|
|
|
+ return ret;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static char *
|
|
|
|
+clearsbin (const char *const path)
|
|
|
|
+{
|
|
|
|
+ char *ptr, *tmp, *cur, *ret = NULL;
|
|
|
|
+
|
|
|
|
+ if (!path || *path == 0)
|
|
|
|
+ return NULL;
|
|
|
|
+
|
|
|
|
+ tmp = strdup (path);
|
|
|
|
+ if (!tmp)
|
|
|
|
+ return NULL;
|
|
|
|
+
|
|
|
|
+ ret = xmalloc (strlen (path) + 1);
|
|
|
|
+ *ret = 0;
|
|
|
|
+ cur = tmp;
|
|
|
|
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
|
|
|
|
+ {
|
|
|
|
+ if (!strcmp (ptr, "/sbin"))
|
|
|
|
+ continue;
|
|
|
|
+ if (!strcmp (ptr, "/usr/sbin"))
|
|
|
|
+ continue;
|
|
|
|
+ if (!strcmp (ptr, "/usr/local/sbin"))
|
|
|
|
+ continue;
|
|
|
|
+ if (*ret)
|
|
|
|
+ strcat (ret, ":");
|
|
|
|
+ strcat (ret, ptr);
|
|
|
|
+ }
|
|
|
|
+ free (tmp);
|
|
|
|
+
|
|
|
|
+ return ret;
|
|
|
|
+}
|
|
|
|
+
|
Accepting request 543952 from home:sbrabec:branches:util-linux-2.31
- Update to version 2.31:
* New utilities: uuidparse, rfkill.
* su has been refactored and extended to create pseudo terminal
(new option --pty, CVE-2016-2779, bsc#968674). This new
EXPERIMENTAL feature provides better isolation between root's
terminal and an unprivileged su.
* libuuid: Improved to match
* libuuid, uuidgen: support hash-based UUIDs v3 (md5) and v5
(sha1) as specified by RFC-4122. Provide UUID templates for
dns, url, oid, or x500.
* libblkid: Extended support for DM-integrity, HPE (aka
extended-XFS) and UBI superblock. New API to hide already
detected signatures.
* libfdisk: New API to modify grain, make possible to completely
disable dialog driven partitioning.
* libsmartcols: New API to move columns.
* column: --table-header-repeat to repeat table headers.
* libfdisk: Use BLKPG ioctls to inform the kernel about changes.
* fdisk: Improved ^C and ^D behavior.
* cfdisk: Dialog to resize partition.
* look: Follow the WORDLIST environment variable.
* script: Follow the usual semantics for stop/continue signals.
* setpriv: New command line options --ambient-caps and
--init-groups.
* hwclock: Reduce system shutdown times, log --systz when using
libaudit.
* Other bug fixes.
- Drop upstreamed util-linux-use-tinfow.patch.
- Update to version 2.31:
OBS-URL: https://build.opensuse.org/request/show/543952
OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=352
2017-11-27 11:06:27 +01:00
|
|
|
static void modify_environment(struct su_context *su, const char *shell)
|
|
|
|
{
|
|
|
|
const struct passwd *pw = su->pwd;
|
|
|
|
@@ -982,6 +1093,22 @@ static void modify_environment(struct su
|
2013-06-06 11:42:28 +02:00
|
|
|
|
Accepting request 543952 from home:sbrabec:branches:util-linux-2.31
- Update to version 2.31:
* New utilities: uuidparse, rfkill.
* su has been refactored and extended to create pseudo terminal
(new option --pty, CVE-2016-2779, bsc#968674). This new
EXPERIMENTAL feature provides better isolation between root's
terminal and an unprivileged su.
* libuuid: Improved to match
* libuuid, uuidgen: support hash-based UUIDs v3 (md5) and v5
(sha1) as specified by RFC-4122. Provide UUID templates for
dns, url, oid, or x500.
* libblkid: Extended support for DM-integrity, HPE (aka
extended-XFS) and UBI superblock. New API to hide already
detected signatures.
* libfdisk: New API to modify grain, make possible to completely
disable dialog driven partitioning.
* libsmartcols: New API to move columns.
* column: --table-header-repeat to repeat table headers.
* libfdisk: Use BLKPG ioctls to inform the kernel about changes.
* fdisk: Improved ^C and ^D behavior.
* cfdisk: Dialog to resize partition.
* look: Follow the WORDLIST environment variable.
* script: Follow the usual semantics for stop/continue signals.
* setpriv: New command line options --ambient-caps and
--init-groups.
* hwclock: Reduce system shutdown times, log --systz when using
libaudit.
* Other bug fixes.
- Drop upstreamed util-linux-use-tinfow.patch.
- Update to version 2.31:
OBS-URL: https://build.opensuse.org/request/show/543952
OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=352
2017-11-27 11:06:27 +01:00
|
|
|
if (getlogindefs_bool("ALWAYS_SET_PATH", 0))
|
|
|
|
setenv_path(pw);
|
|
|
|
+ else
|
2013-06-06 11:42:28 +02:00
|
|
|
+ {
|
Accepting request 543952 from home:sbrabec:branches:util-linux-2.31
- Update to version 2.31:
* New utilities: uuidparse, rfkill.
* su has been refactored and extended to create pseudo terminal
(new option --pty, CVE-2016-2779, bsc#968674). This new
EXPERIMENTAL feature provides better isolation between root's
terminal and an unprivileged su.
* libuuid: Improved to match
* libuuid, uuidgen: support hash-based UUIDs v3 (md5) and v5
(sha1) as specified by RFC-4122. Provide UUID templates for
dns, url, oid, or x500.
* libblkid: Extended support for DM-integrity, HPE (aka
extended-XFS) and UBI superblock. New API to hide already
detected signatures.
* libfdisk: New API to modify grain, make possible to completely
disable dialog driven partitioning.
* libsmartcols: New API to move columns.
* column: --table-header-repeat to repeat table headers.
* libfdisk: Use BLKPG ioctls to inform the kernel about changes.
* fdisk: Improved ^C and ^D behavior.
* cfdisk: Dialog to resize partition.
* look: Follow the WORDLIST environment variable.
* script: Follow the usual semantics for stop/continue signals.
* setpriv: New command line options --ambient-caps and
--init-groups.
* hwclock: Reduce system shutdown times, log --systz when using
libaudit.
* Other bug fixes.
- Drop upstreamed util-linux-use-tinfow.patch.
- Update to version 2.31:
OBS-URL: https://build.opensuse.org/request/show/543952
OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=352
2017-11-27 11:06:27 +01:00
|
|
|
+ char const *path = getenv ("PATH");
|
|
|
|
+ char *new = NULL;
|
|
|
|
+
|
|
|
|
+ if (pw->pw_uid)
|
|
|
|
+ new = clearsbin (path);
|
|
|
|
+ else
|
|
|
|
+ new = addsbin (path);
|
|
|
|
+
|
|
|
|
+ if (new)
|
|
|
|
+ {
|
|
|
|
+ xsetenv ("PATH", new, 1);
|
|
|
|
+ free (new);
|
|
|
|
+ }
|
2013-06-06 11:42:28 +02:00
|
|
|
+ }
|
|
|
|
|
Accepting request 543952 from home:sbrabec:branches:util-linux-2.31
- Update to version 2.31:
* New utilities: uuidparse, rfkill.
* su has been refactored and extended to create pseudo terminal
(new option --pty, CVE-2016-2779, bsc#968674). This new
EXPERIMENTAL feature provides better isolation between root's
terminal and an unprivileged su.
* libuuid: Improved to match
* libuuid, uuidgen: support hash-based UUIDs v3 (md5) and v5
(sha1) as specified by RFC-4122. Provide UUID templates for
dns, url, oid, or x500.
* libblkid: Extended support for DM-integrity, HPE (aka
extended-XFS) and UBI superblock. New API to hide already
detected signatures.
* libfdisk: New API to modify grain, make possible to completely
disable dialog driven partitioning.
* libsmartcols: New API to move columns.
* column: --table-header-repeat to repeat table headers.
* libfdisk: Use BLKPG ioctls to inform the kernel about changes.
* fdisk: Improved ^C and ^D behavior.
* cfdisk: Dialog to resize partition.
* look: Follow the WORDLIST environment variable.
* script: Follow the usual semantics for stop/continue signals.
* setpriv: New command line options --ambient-caps and
--init-groups.
* hwclock: Reduce system shutdown times, log --systz when using
libaudit.
* Other bug fixes.
- Drop upstreamed util-linux-use-tinfow.patch.
- Update to version 2.31:
OBS-URL: https://build.opensuse.org/request/show/543952
OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=352
2017-11-27 11:06:27 +01:00
|
|
|
if (pw->pw_uid) {
|
|
|
|
xsetenv("USER", pw->pw_name, 1);
|