aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorBill Nottingham <notting@redhat.com>2012-04-24 17:50:42 -0400
committerBill Nottingham <notting@redhat.com>2012-04-24 17:50:42 -0400
commit823ca3ee71aabcac532c44e8d5489e4606594ac9 (patch)
treefc010b3668b3db992eedbc7701c1678fbb18f82e /src
parent4920ccfbb5f232488f79422943dfdcac1efc5301 (diff)
downloadinitscripts-823ca3ee71aabcac532c44e8d5489e4606594ac9.tar
initscripts-823ca3ee71aabcac532c44e8d5489e4606594ac9.tar.gz
initscripts-823ca3ee71aabcac532c44e8d5489e4606594ac9.tar.bz2
initscripts-823ca3ee71aabcac532c44e8d5489e4606594ac9.tar.xz
initscripts-823ca3ee71aabcac532c44e8d5489e4606594ac9.zip
securetty: check if the device is in the file before attempting to write to it
This avoids spurious failures on RO root systems.
Diffstat (limited to 'src')
-rw-r--r--src/securetty.c58
1 files changed, 37 insertions, 21 deletions
diff --git a/src/securetty.c b/src/securetty.c
index 9ec8e7ef..a4768e35 100644
--- a/src/securetty.c
+++ b/src/securetty.c
@@ -18,6 +18,7 @@
#include <errno.h>
#include <fcntl.h>
+#include <limits.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
@@ -25,6 +26,7 @@
#include <syslog.h>
#include <unistd.h>
+#include <sys/mman.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -66,29 +68,10 @@ int open_and_lock_securetty() {
int rewrite_securetty(char *terminal) {
int fd;
- char *buf, *pos;
- struct stat sbuf;
fd = open_and_lock_securetty();
if (fd == -1)
return 1;
- if (fstat(fd, &sbuf) == -1) {
- close(fd);
- syslog(LOG_ERR, "Couldn't stat /etc/securetty: %s",strerror(errno));
- return 1;
- }
- buf = malloc(sbuf.st_size + 1);
- if (read(fd, buf, sbuf.st_size) != sbuf.st_size) {
- close(fd);
- syslog(LOG_ERR, "Couldn't read /etc/securetty: %s",strerror(errno));
- return 1;
- }
- if (!strncmp(buf,terminal,strlen(terminal)) && buf[strlen(terminal)] == '\n')
- goto out_ok;
- if ((pos = strstr(buf, terminal))) {
- if (pos[strlen(terminal)] == '\n' && *(pos-1) == '\n')
- goto out_ok;
- }
if (lseek(fd, 0, SEEK_END) == -1) {
close(fd);
syslog(LOG_ERR, "Couldn't seek to end of /etc/securetty: %s",strerror(errno));
@@ -96,16 +79,49 @@ int rewrite_securetty(char *terminal) {
}
write(fd, terminal, strlen(terminal));
write(fd, "\n", 1);
-out_ok:
close(fd);
return 0;
}
+int check_securetty(char *terminal) {
+ int fd, rc = 1;
+ char *buf, term[PATH_MAX];
+ struct stat sb;
+
+ fd = open("/etc/securetty", O_RDONLY);
+ if (fd == -1)
+ goto out;
+ fstat(fd, &sb);
+ buf = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
+ if (buf == ((caddr_t) -1)) {
+ close(fd);
+ return 1;
+ }
+ snprintf(term,PATH_MAX,"%s\n",terminal);
+ if (!strncmp(buf,term,strlen(term))) {
+ rc = 0;
+ goto out_unmap;
+ }
+ snprintf(term,PATH_MAX,"\n%s\n",terminal);
+ if (strstr(buf,term)) {
+ rc = 0;
+ goto out_unmap;
+ }
+out_unmap:
+ munmap(buf, sb.st_size);
+out:
+ close(fd);
+ return rc;
+}
+
int main(int argc, char **argv) {
if (argc < 2 ) {
fprintf(stderr, "Usage: securetty <device>\n");
exit(1);
}
openlog("securetty", LOG_CONS, LOG_DAEMON);
- return rewrite_securetty(argv[1]);
+ if (check_securetty(argv[1]))
+ return rewrite_securetty(argv[1]);
+ else
+ return 0;
}