It seems like overkill to provide this #ifdef. For example coreutils
use "char *" for all selinux contexts (since 2014).
Signed-off-by: Karel Zak <kzak@redhat.com>
* 'vipw-shortwrite' of https://github.com/DankRank/util-linux:
ul_copy_file: make defines for return values
read_all: return 0 when EOF occurs after 0 bytes
ul_copy_file: add test program
ul_copy_file: handle EAGAIN and EINTR
ul_copy_file: use all_read/all_write
ul_copy_file: use BUFSSIZ for buffer size
nologin: use ul_copy_file
login: use ul_copy_file
configure.ac: check for sendfile
ul_copy_file: use sendfile
vipw: move copyfile to the lib
vipw: fix short write handling in copyfile
Also, a bug in pw_tmpfile was fixed: copyfile used tmp_file to report
errors, but pw_tmpfile only assigned that variable _after_ calling
copyfile.
Suggested-by: Sami Kerola <kerolasa@iki.fi>
Reviewed-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Egor Chelak <egor.chelak@gmail.com>
When calling variadic functions, NULL must be explicitly cast to a
desired type.
This is noted in the exec(3) manpage.
The call in newgrp.c was changed for consistency.
Signed-off-by: Egor Chelak <egor.chelak@gmail.com>
Since `off` and `nr` approach each other, the for-loop ends prematurely
when at least half of the buffer was written. I think under certain
conditions this could cause the copy to be incomplete.
Signed-off-by: Egor Chelak <egor.chelak@gmail.com>
This should make leaking end of /etc/shadow file more unlikely.
Notice that there is now way to tell to editors they should ensure none it
does not leak any buffers, drop cores, and so on, when editing sensitive
data. In short this change is addressing the issue only partially.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
changed in include/c.h and applied via sed:
sed -i 's/fprintf.*\(USAGE_MAN_TAIL.*\)/printf(\1/' $(git ls-files -- "*.c")
sed -i 's/print_usage_help_options\(.*\);/printf(USAGE_HELP_OPTIONS\1);/' $(git ls-files -- "*.c")
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Consolidate --help and --version descriptions. We are
now able to align them to the other options.
We changed include/c.h. The rest of this patch was
generated by sed, plus manually setting the right
alignment numbers. We do not change anything but
white spaces in the --help output.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
This patch is trivial and changes nothing, because
we were always using usage(stdout)
Now all our usage() functions look very similar. If wanted we
could auto-generate another big cosmetical patch to remove all
the useless "FILE *out" constants and use printf and puts
rather than their f* friends. Such patch could be automatically
synchronized with the translation project (newlines!) to not
make the translators sick.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Commit 11b86e1733 changed printf() to puts() in favour of more simple
function, but forgot that puts() adds a new line to end of string. That new
line is neither needed, or expected, so use fputs() that is both a simple
printing function and comes without new line side effect.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
clang warning:
libmount/src/tab.c:1833:6: warning: variable 'rc' is used uninitialized whenever
'if' condition is true [-Wsometimes-uninitialized]
if (!mpc)
^~~~
icc printf warnings:
libmount/src/monitor.c(348): warning #2279: printf/scanf format not a string literal and no format arguments
DBG(MONITOR, ul_debugobj(mn, status == 1 ? " success" : " nothing"));
^
login-utils/vipw.c(348): warning #2279: printf/scanf format not a string literal and no format arguments
: _("You are using shadow passwords on this system.\n"));
^
icc enum warnings:
disk-utils/fdisk-menu.c(150): warning #188: enumerated type mixed with another type
.exclude = FDISK_DISKLABEL_GPT | FDISK_DISKLABEL_BSD,
^
libsmartcols/src/table_print.c(750): warning #188: enumerated type mixed with another type
&width, align,
^
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
__P() is used for compatibility with old K&R C compilers. With
ANSI C this macro has no effect.
This fixes a compilation error with musl libc because of undeclared
__P.
Ref:
https://lists.samba.org/archive/samba-technical/2015-June/108042.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
The utils when compiled WITHOUT libuser then mkostemp()ing
"/etc/%s.XXXXXX" where the filename prefix is argv[0] basename.
An attacker could repeatedly execute the util with modified argv[0]
and after many many attempts mkostemp() may generate suffix which
makes sense. The result maybe temporary file with name like rc.status
ld.so.preload or krb5.keytab, etc.
Note that distros usually use libuser based ch{sh,fn} or stuff from
shadow-utils.
It's probably very minor security bug.
Addresses: CVE-2015-5224
Signed-off-by: Karel Zak <kzak@redhat.com>
This adds a concise description of a tool to its usage text.
A first form of this patch was proposed by Steven Honeyman
(see http://www.spinics.net/lists/util-linux-ng/msg09994.html).
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
Some editors, such as Vim with 'writebackup' mode enabled, use "atomic
save" in which the old file is deleted and a new one with the same name
created in its place. The vipw tries to detect if such happen by
looking hard temporary file link count, when it is zero reopen
temporary file by using it's path.
Reported-by: Mantas Mikulėnas <grawity@gmail.com>
References: http://www.spinics.net/lists/util-linux-ng/msg06666.html
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
We can not let the user control where TMPDIR is for this tempfile.
This will be where we write the updated passwd file, and must be
capable of being moved atomically with rename(2). Therefore, it
cannot be on a different device, or setpwnam() and vipw/vigr programs
will invariably fail with EXDEV.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Let developer to choose, case by case, what sort of return value is
best in her code. The xmkstemp() is for users who want file
descriptor as return value of the function, xfmkstemp() will return
FILE pointer.
Proposed-By: Karel Zak <kzak@redhat.com>
CC: Davidlohr Bueso <dave@gnu.org>
Reference: http://marc.info/?l=util-linux-ng&m=133129570124003&w=2
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Solaris lacks err, errx, warn and warnx. This also means the err.h header
doesn't exist. Removed err.h include from all files, and included err.h from
c.h instead if it exists, otherwise alternatives are provided.
Signed-off-by: Fabian Groffen <grobian@gentoo.org>
Karel Zak
Egor Chelak
Sami Kerola
Ruediger Meier
Romain Naour
Benno Schulenberg
William Pitcock
Dave Reisner
Petr Uzel
Fabian Groffen
Marek Polacek