diff options
| author | Karel Zak | 2015-05-26 10:32:38 +0200 |
|---|---|---|
| committer | Karel Zak | 2015-05-26 10:32:38 +0200 |
| commit | 687cc5d58942b24a9f4013c68876d8cbea907ab1 (patch) | |
| tree | 2b83b6fd3bac3acb9a31acd2967e6a7ef3177af4 /sys-utils/hwclock.c | |
| parent | sulogin: don't use strcpy(), enlarge pwd line buffer (diff) | |
| download | kernel-qcow2-util-linux-687cc5d58942b24a9f4013c68876d8cbea907ab1.tar.gz kernel-qcow2-util-linux-687cc5d58942b24a9f4013c68876d8cbea907ab1.tar.xz kernel-qcow2-util-linux-687cc5d58942b24a9f4013c68876d8cbea907ab1.zip | |
hwclock: don't allow non-root access
Fortunately very few people are crazy enough to install hwclock as
setuid. Some comments in code and unfortunately also man page
advertising that setuid is no problem. That's pretty stupid promise.
The code quality is poor and it's obviously not designed to be secure
(things like popen() without drop privileges, etc.).
This patch removes all notes about "setuid support" and for sure
disable hwclock execution for non-root users.
Addresses: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786804
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'sys-utils/hwclock.c')
| -rw-r--r-- | sys-utils/hwclock.c | 34 |
1 files changed, 5 insertions, 29 deletions
diff --git a/sys-utils/hwclock.c b/sys-utils/hwclock.c index ccbdace45..cadbf3075 100644 --- a/sys-utils/hwclock.c +++ b/sys-utils/hwclock.c @@ -1633,8 +1633,6 @@ int main(int argc, char **argv) * fractions. */ time_t set_time = 0; /* Time to which user said to set Hardware Clock */ - - bool permitted; /* User is permitted to do the function */ int rc, c; /* Variables set by various options; show may also be set later */ @@ -1863,6 +1861,11 @@ int main(int argc, char **argv) argc -= optind; argv += optind; + if (getuid() != 0) { + warnx(_("Sorry, only the superuser can use the Hardware Clock.")); + hwclock_exit(EX_NOPERM); + } + #ifdef HAVE_LIBAUDIT if (testing != TRUE) { if (adjust == TRUE || hctosys == TRUE || systohc == TRUE || @@ -1904,28 +1907,6 @@ int main(int argc, char **argv) | setepoch | predict | compare | get)) show = 1; /* default to show */ - if (getuid() == 0) - permitted = TRUE; - else { - /* program is designed to run setuid (in some situations) */ - if ((set || systohc || adjust) && !testing) { - warnx(_("Sorry, only the superuser can change " - "the Hardware Clock.")); - permitted = FALSE; - } else if ((systz || hctosys) && !testing) { - warnx(_("Sorry, only the superuser can change " - "the System Clock.")); - permitted = FALSE; - } else if (setepoch && !testing) { - warnx(_("Sorry, only the superuser can change the " - "Hardware Clock epoch in the kernel.")); - permitted = FALSE; - } else - permitted = TRUE; - } - - if (!permitted) - hwclock_exit(EX_NOPERM); #ifdef __linux__ if (getepoch || setepoch) { @@ -2028,11 +2009,6 @@ void __attribute__((__noreturn__)) hwaudit_exit(int status) * with any functions by these names, you will have unresolved external * references when you link. * - * The program is designed to run setuid superuser, since we need to be able - * to do direct I/O. (More to the point: we need permission to execute the - * iopl() system call). (However, if you use one of the methods other than - * direct ISA I/O to access the clock, no setuid is required). - * * Here's some info on how we must deal with the time that elapses while * this program runs: There are two major delays as we run: * |