Since these functions are only used internally, we can make sure they
are being used correctly, and assert() helps in catching remaining
issues. Usage of each changed function has been reviewed:
For xgetpwnam:
- chsh(1) only calls it if a username has been set
- login(1) only calls it if username has been set and is not empty
- su(1) always initializes new_user to "root"
- unshare(1) calls get_user with optarg, so always set as well
For xgetgrnam:
- unshare(1) calls get_group with optarg
For xgetpwuid:
- chsh(1) passes a stack allocated struct for struct passwd
Signed-off-by: Érico Nogueira <erico.erc@gmail.com>
Per the man page, it shouldn't be used for security purposes. This is an
issue especially on musl, where getlogin is implemented as
getenv("LOGNAME"). Since xgetlogin is being used as user identity in su(1), to
set PAM_RUSER, we simply switch to always using getpwuid(getuid()).
Signed-off-by: Érico Nogueira <erico.erc@gmail.com>
Érico Nogueira
Karel Zak
Matthew Harm Bekkema
Quentin Rameau