commit: 4a9ca2b7d367cd1ef59d8c76bafee650f4da2030
parent 87a83ec16d0f2fe7eae80143c107ca9dd5042435
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Thu, 3 Nov 2022 02:31:05 +0100
login: fchmod + initgroups
Diffstat:
| M | login.c | 30 | ++++++++++++++++++++---------- |
1 file changed, 20 insertions(+), 10 deletions(-)
diff --git a/login.c b/login.c
@@ -2,7 +2,7 @@
// SPDX-License-Identifier: AGPL-3.0-only
#define _POSIX_C_SOURCE 200809L
-// for explicit_bzero
+// for explicit_bzero, initgroups
#define _DEFAULT_SOURCE
#ifdef __linux__
@@ -12,17 +12,19 @@
#include "common.h" // skeud_getpass, skeud_crypt_check
-#include <assert.h> // assert
-#include <errno.h> // errno
-#include <grp.h> // getgrnam
-#include <pwd.h> // getpwnam
-#include <stdbool.h> // bool
-#include <stdio.h> // fprintf, perror
-#include <stdlib.h> // abort, setenv
-#include <string.h> // strcmp, explicit_bzero
-#include <unistd.h> // getuid, getopt, opt*, chdir, setuid, setgid, fchown
+#include <assert.h> // assert
+#include <errno.h> // errno
+#include <grp.h> // getgrnam, initgroups
+#include <pwd.h> // getpwnam
+#include <stdbool.h> // bool
+#include <stdio.h> // fprintf, perror
+#include <stdlib.h> // abort, setenv
+#include <string.h> // strcmp, explicit_bzero
+#include <sys/stat.h> // fchmod
+#include <unistd.h> // getuid, getopt, opt*, chdir, setuid, setgid, fchown
#define TTY_GROUP "tty"
+#define TTY_PERMS 0600
extern char **environ;
char *envclear[] = {NULL};
@@ -190,10 +192,18 @@ main(int argc, char *argv[])
{
perror("login: fchown");
}
+ if(fchmod(STDIN_FILENO, TTY_PERMS))
+ {
+ perror("login: fchmod");
+ }
if(setgid(pwent->pw_gid) < 0)
{
perror("login: setgid");
}
+ if(initgroups(pwent->pw_name, pwent->pw_gid) < 0)
+ {
+ perror("login: initgroups");
+ }
if(setuid(pwent->pw_uid) < 0)
{
perror("login: setuid");
