mirror of
https://github.com/ericonr/util-linux.git
synced 2024-04-21 09:12:35 -05:00
The utils when compiled WITHOUT libuser then mkostemp()ing "/etc/%s.XXXXXX" where the filename prefix is argv[0] basename. An attacker could repeatedly execute the util with modified argv[0] and after many many attempts mkostemp() may generate suffix which makes sense. The result maybe temporary file with name like rc.status ld.so.preload or krb5.keytab, etc. Note that distros usually use libuser based ch{sh,fn} or stuff from shadow-utils. It's probably very minor security bug. Addresses: CVE-2015-5224 Signed-off-by: Karel Zak <kzak@redhat.com>
34 lines
958 B
C
34 lines
958 B
C
/*
|
|
* setpwnam.h --
|
|
* define several paths
|
|
*
|
|
* (c) 1994 Martin Schulze <joey@infodrom.north.de>
|
|
* This file is based on setpwnam.c which is
|
|
* (c) 1994 Salvatore Valente <svalente@mit.edu>
|
|
*
|
|
* This file is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Library General Public License as
|
|
* published by the Free Software Foundation; either version 2 of the
|
|
* License, or (at your option) any later version.
|
|
*/
|
|
#ifndef UTIL_LINUX_SETPWNAM_H
|
|
#define UTIL_LINUX_SETPWNAM_H
|
|
|
|
#include "pathnames.h"
|
|
|
|
#ifndef DEBUG
|
|
# define PASSWD_FILE _PATH_PASSWD
|
|
# define GROUP_FILE _PATH_GROUP
|
|
# define SHADOW_FILE _PATH_SHADOW_PASSWD
|
|
# define SGROUP_FILE _PATH_GSHADOW
|
|
#else
|
|
# define PASSWD_FILE "/tmp/passwd"
|
|
# define GROUP_FILE "/tmp/group"
|
|
# define SHADOW_FILE "/tmp/shadow"
|
|
# define SGROUP_FILE "/tmp/gshadow"
|
|
#endif
|
|
|
|
extern int setpwnam (struct passwd *pwd, const char *prefix);
|
|
|
|
#endif /* UTIL_LINUX_SETPWNAM_H */
|