summaryrefslogtreecommitdiffstats
path: root/term-utils/setterm.c
diff options
context:
space:
mode:
authorWayne Pollock2016-05-04 18:15:14 +0200
committerSami Kerola2016-05-07 23:49:41 +0200
commit3e90d04af98c476f024ec12e5296b88d6dd830bf (patch)
tree7793e0a7154f4de494714fc7f8d061cbd52e086a /term-utils/setterm.c
parentscriptreplay: avoid re-implementing strtod_or_err() (diff)
downloadkernel-qcow2-util-linux-3e90d04af98c476f024ec12e5296b88d6dd830bf.tar.gz
kernel-qcow2-util-linux-3e90d04af98c476f024ec12e5296b88d6dd830bf.tar.xz
kernel-qcow2-util-linux-3e90d04af98c476f024ec12e5296b88d6dd830bf.zip
write: fix setuid related regression
The write(1) is commonly a setuid binary, because common users cannot by default write to each others terminals. Since the commit in reference, that is part of releases v2.24 to v2.28, the write(1) has used access(2) to check capability to write to a destination terminal. The catch is that access(2) uses real UID and GID to when performing the accessibility. The obvious correction is to avoid access(2) when in context of setuid binaries. As a smaller fix, but equally important fix, ensure the 'msgsok' variable is initialized to indicate no access. Uninitialized variable will almost certainly do wrong thing at the time of check. Breaking-commit: 0233a8ea18bec17dd59cfe1fec8281 Signed-off-by: Sami Kerola <kerolasa@iki.fi> Signed-off-by: Karel Zak <kzak@redhat.com> Signed-off-by: Wayne Pollock <profwaynepollock@gmail.com>
Diffstat (limited to 'term-utils/setterm.c')
0 files changed, 0 insertions, 0 deletions