write: doesn't check for tty group
write(1) selects a wrong tty, because there is not a proper check of tty group ownership: $ write kzak write: kzak is logged in more than once; writing to tty7 write: /dev/tty7: Permission denied $ ls -la /dev/tty7 crw--w---- 1 root root 4, 7 2008-07-04 00:32 /dev/tty7 ^^^^ $ ls -la /usr/bin/write -rwxr-sr-x 1 root tty 11864 2008-04-02 16:24 /usr/bin/write ^ ^^^ We have to check for tty group owner, because we don't have permissions to write to arbitrary tty. Fixed version: $ write kzak write: kzak is logged in more than once; writing to pts/6 ^^^^ Message from test@nb on pts/7 at 15:22 ... ^C $ ls -la /dev/pts/6 crw--w---- 1 kzak tty 136, 6 2008-07-07 15:35 /dev/pts/6 ^^^ Addresses-Red-Hat-Bugzilla: #454252 Signed-off-by: Karel Zak <kzak@redhat.com>
This commit is contained in:
parent
b4cbb7b897
commit
bf09b61a32
|
@ -72,6 +72,8 @@ static void done(int);
|
||||||
int term_chk(char *, int *, time_t *, int);
|
int term_chk(char *, int *, time_t *, int);
|
||||||
int utmp_chk(char *, char *);
|
int utmp_chk(char *, char *);
|
||||||
|
|
||||||
|
static gid_t myegid;
|
||||||
|
|
||||||
int
|
int
|
||||||
main(int argc, char **argv) {
|
main(int argc, char **argv) {
|
||||||
time_t atime;
|
time_t atime;
|
||||||
|
@ -83,6 +85,8 @@ main(int argc, char **argv) {
|
||||||
bindtextdomain(PACKAGE, LOCALEDIR);
|
bindtextdomain(PACKAGE, LOCALEDIR);
|
||||||
textdomain(PACKAGE);
|
textdomain(PACKAGE);
|
||||||
|
|
||||||
|
myegid = getegid();
|
||||||
|
|
||||||
/* check that sender has write enabled */
|
/* check that sender has write enabled */
|
||||||
if (isatty(fileno(stdin)))
|
if (isatty(fileno(stdin)))
|
||||||
myttyfd = fileno(stdin);
|
myttyfd = fileno(stdin);
|
||||||
|
@ -267,7 +271,9 @@ int term_chk(char *tty, int *msgsokP, time_t *atimeP, int showerror)
|
||||||
"write: %s: %s\n", path, strerror(errno));
|
"write: %s: %s\n", path, strerror(errno));
|
||||||
return(1);
|
return(1);
|
||||||
}
|
}
|
||||||
*msgsokP = (s.st_mode & (S_IWRITE >> 3)) != 0; /* group write bit */
|
|
||||||
|
/* group write bit and group ownership */
|
||||||
|
*msgsokP = (s.st_mode & (S_IWRITE >> 3)) && myegid == s.st_gid;
|
||||||
*atimeP = s.st_atime;
|
*atimeP = s.st_atime;
|
||||||
return(0);
|
return(0);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue