diff options
author | Sami Kerola | 2017-04-15 22:46:38 +0200 |
---|---|---|
committer | Sami Kerola | 2017-05-03 00:22:04 +0200 |
commit | 71f207a5f598623a539ba825b97a503072c4a1b4 (patch) | |
tree | fd31b40c23fa8d695a91ab64a4c0d82d11f5661b /login-utils/sulogin-consoles.c | |
parent | partx: add --list-types option (diff) | |
download | kernel-qcow2-util-linux-71f207a5f598623a539ba825b97a503072c4a1b4.tar.gz kernel-qcow2-util-linux-71f207a5f598623a539ba825b97a503072c4a1b4.tar.xz kernel-qcow2-util-linux-71f207a5f598623a539ba825b97a503072c4a1b4.zip |
sulogin: reduce vulnerability surface
Hopefully these changes are unreachable code, but better safe than sorry
when dealing with setuid root code that is installed everywhere. Quite
obviously the introduced abort() calls protect from impossible inputs.
Secondly set all possible data to be read-only in attempt to make it more
difficult to alter anything at all.
Reference: https://www.securecoding.cert.org/confluence/display/c/DCL00-C.+Const-qualify+immutable+objects
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Diffstat (limited to 'login-utils/sulogin-consoles.c')
-rw-r--r-- | login-utils/sulogin-consoles.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/login-utils/sulogin-consoles.c b/login-utils/sulogin-consoles.c index 30a0f042a..2c0eed3a4 100644 --- a/login-utils/sulogin-consoles.c +++ b/login-utils/sulogin-consoles.c @@ -75,7 +75,7 @@ static int consoles_debug; } while (0) static inline void __attribute__ ((__format__ (__printf__, 1, 2))) -dbgprint(const char *mesg, ...) +dbgprint(const char * const mesg, ...) { va_list ap; va_start(ap, mesg); @@ -151,7 +151,7 @@ void emergency_do_mounts(void) { } * the caller has to free the result */ static __attribute__((__nonnull__)) -char *oneline(const char *file) +char *oneline(const char * const file) { FILE *fp; char *ret = NULL; @@ -182,7 +182,7 @@ char *oneline(const char *file) * /sys/class/tty, the caller has to free the result. */ static __attribute__((__malloc__)) -char *actattr(const char *tty) +char *actattr(const char * const tty) { char *ret, *path; @@ -201,7 +201,7 @@ char *actattr(const char *tty) * /sys/class/tty. */ static -dev_t devattr(const char *tty) +dev_t devattr(const char * const tty) { dev_t dev = 0; char *path, *value; @@ -234,11 +234,11 @@ static #ifdef __GNUC__ __attribute__((__nonnull__,__malloc__,__hot__)) #endif -char* scandev(DIR *dir, dev_t comparedev) +char* scandev(DIR *dir, const dev_t comparedev) { char path[PATH_MAX]; char *name = NULL; - struct dirent *dent; + const struct dirent *dent; int len, fd; DBG(dbgprint("scanning /dev for %u:%u", major(comparedev), minor(comparedev))); @@ -313,10 +313,10 @@ static #ifdef __GNUC__ __attribute__((__hot__)) #endif -int append_console(struct list_head *consoles, const char *name) +int append_console(struct list_head *consoles, const char * const name) { struct console *restrict tail; - struct console *last = NULL; + const struct console *last = NULL; DBG(dbgprint("appenging %s", name)); @@ -549,7 +549,7 @@ done: #ifdef TIOCGDEV static int detect_consoles_from_tiocgdev(struct list_head *consoles, - int fallback, + const int fallback, const char *device) { unsigned int devnum; @@ -619,7 +619,7 @@ done: * Returns 1 if stdout and stderr should be reconnected and 0 * otherwise or less than zero on error. */ -int detect_consoles(const char *device, int fallback, struct list_head *consoles) +int detect_consoles(const char *device, const int fallback, struct list_head *consoles) { int fd, reconnect = 0, rc; dev_t comparedev = 0; |