diff options
author | Bill Nottingham <notting@redhat.com> | 2012-04-24 17:50:42 -0400 |
---|---|---|
committer | Bill Nottingham <notting@redhat.com> | 2012-04-24 17:50:42 -0400 |
commit | 823ca3ee71aabcac532c44e8d5489e4606594ac9 (patch) | |
tree | fc010b3668b3db992eedbc7701c1678fbb18f82e /src/securetty.c | |
parent | 4920ccfbb5f232488f79422943dfdcac1efc5301 (diff) | |
download | initscripts-823ca3ee71aabcac532c44e8d5489e4606594ac9.tar initscripts-823ca3ee71aabcac532c44e8d5489e4606594ac9.tar.gz initscripts-823ca3ee71aabcac532c44e8d5489e4606594ac9.tar.bz2 initscripts-823ca3ee71aabcac532c44e8d5489e4606594ac9.tar.xz initscripts-823ca3ee71aabcac532c44e8d5489e4606594ac9.zip |
securetty: check if the device is in the file before attempting to write to it
This avoids spurious failures on RO root systems.
Diffstat (limited to 'src/securetty.c')
-rw-r--r-- | src/securetty.c | 58 |
1 files changed, 37 insertions, 21 deletions
diff --git a/src/securetty.c b/src/securetty.c index 9ec8e7ef..a4768e35 100644 --- a/src/securetty.c +++ b/src/securetty.c @@ -18,6 +18,7 @@ #include <errno.h> #include <fcntl.h> +#include <limits.h> #include <signal.h> #include <stdio.h> #include <stdlib.h> @@ -25,6 +26,7 @@ #include <syslog.h> #include <unistd.h> +#include <sys/mman.h> #include <sys/types.h> #include <sys/stat.h> @@ -66,29 +68,10 @@ int open_and_lock_securetty() { int rewrite_securetty(char *terminal) { int fd; - char *buf, *pos; - struct stat sbuf; fd = open_and_lock_securetty(); if (fd == -1) return 1; - if (fstat(fd, &sbuf) == -1) { - close(fd); - syslog(LOG_ERR, "Couldn't stat /etc/securetty: %s",strerror(errno)); - return 1; - } - buf = malloc(sbuf.st_size + 1); - if (read(fd, buf, sbuf.st_size) != sbuf.st_size) { - close(fd); - syslog(LOG_ERR, "Couldn't read /etc/securetty: %s",strerror(errno)); - return 1; - } - if (!strncmp(buf,terminal,strlen(terminal)) && buf[strlen(terminal)] == '\n') - goto out_ok; - if ((pos = strstr(buf, terminal))) { - if (pos[strlen(terminal)] == '\n' && *(pos-1) == '\n') - goto out_ok; - } if (lseek(fd, 0, SEEK_END) == -1) { close(fd); syslog(LOG_ERR, "Couldn't seek to end of /etc/securetty: %s",strerror(errno)); @@ -96,16 +79,49 @@ int rewrite_securetty(char *terminal) { } write(fd, terminal, strlen(terminal)); write(fd, "\n", 1); -out_ok: close(fd); return 0; } +int check_securetty(char *terminal) { + int fd, rc = 1; + char *buf, term[PATH_MAX]; + struct stat sb; + + fd = open("/etc/securetty", O_RDONLY); + if (fd == -1) + goto out; + fstat(fd, &sb); + buf = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); + if (buf == ((caddr_t) -1)) { + close(fd); + return 1; + } + snprintf(term,PATH_MAX,"%s\n",terminal); + if (!strncmp(buf,term,strlen(term))) { + rc = 0; + goto out_unmap; + } + snprintf(term,PATH_MAX,"\n%s\n",terminal); + if (strstr(buf,term)) { + rc = 0; + goto out_unmap; + } +out_unmap: + munmap(buf, sb.st_size); +out: + close(fd); + return rc; +} + int main(int argc, char **argv) { if (argc < 2 ) { fprintf(stderr, "Usage: securetty <device>\n"); exit(1); } openlog("securetty", LOG_CONS, LOG_DAEMON); - return rewrite_securetty(argv[1]); + if (check_securetty(argv[1])) + return rewrite_securetty(argv[1]); + else + return 0; } |