Changeset 502 in openpam


Ignore:
Timestamp:
Dec 18, 2011, 1:59:22 PM (6 years ago)
Author:
Dag-Erling Smørgrav
Message:

Use openpam_check_path_owner_perms()

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/lib/openpam_dynamic.c

    r494 r502  
    4040#endif
    4141
    42 #include <sys/types.h>
    43 #include <sys/stat.h>
    44 
    4542#include <dlfcn.h>
    4643#include <errno.h>
    47 #include <libgen.h>
    4844#include <stdio.h>
    4945#include <stdlib.h>
     
    6258 * OpenPAM internal
    6359 *
    64  * Verify that a file or directory is owned by either root or the
    65  * arbitrator and that it is not writable by group or other.
    66  */
    67 
    68 static int
    69 check_owner_perms(const char *path)
    70 {
    71         struct stat sb;
    72 
    73         if (stat(path, &sb) != 0)
    74                 return (-1);
    75         if ((sb.st_uid != 0 && sb.st_uid != geteuid()) ||
    76             (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
    77                 openpam_log(PAM_LOG_ERROR,
    78                     "%s: insecure ownership or permissions", path);
    79                 errno = EPERM;
    80                 return (-1);
    81         }
    82         return (0);
    83 }
    84 
    85 /*
    86  * OpenPAM internal
    87  *
    8860 * Perform sanity checks and attempt to load a module
    8961 */
     
    9264try_dlopen(const char *modfn)
    9365{
    94         char *moddn;
    95         int ok, serrno;
    9666
    97         /*
    98          * BSD dirname(3) returns a pointer to a static buffer, while GNU
    99          * dirname(3) modifies the input string.  Use a copy of the string
    100          * so both cases work.
    101          */
    102         if ((moddn = strdup(modfn)) == NULL)
     67        if (openpam_check_path_owner_perms(modfn) != 0)
    10368                return (NULL);
    104         ok = (check_owner_perms(dirname(moddn)) == 0 &&
    105             check_owner_perms(modfn) == 0);
    106         serrno = errno;
    107         FREE(moddn);
    108         errno = serrno;
    109         return (ok ? dlopen(modfn, RTLD_NOW) : NULL);
     69        return (dlopen(modfn, RTLD_NOW));
    11070}
    11171   
Note: See TracChangeset for help on using the changeset viewer.