| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Found with scan-build.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The utils when compiled WITHOUT libuser then mkostemp()ing
"/etc/%s.XXXXXX" where the filename prefix is argv[0] basename.
An attacker could repeatedly execute the util with modified argv[0]
and after many many attempts mkostemp() may generate suffix which
makes sense. The result maybe temporary file with name like rc.status
ld.so.preload or krb5.keytab, etc.
Note that distros usually use libuser based ch{sh,fn} or stuff from
shadow-utils.
It's probably very minor security bug.
Addresses: CVE-2015-5224
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
| |
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
We can not let the user control where TMPDIR is for this tempfile.
This will be where we write the updated passwd file, and must be
capable of being moved atomically with rename(2). Therefore, it
cannot be on a different device, or setpwnam() and vipw/vigr programs
will invariably fail with EXDEV.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
| |
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Let developer to choose, case by case, what sort of return value is
best in her code. The xmkstemp() is for users who want file
descriptor as return value of the function, xfmkstemp() will return
FILE pointer.
Proposed-By: Karel Zak <kzak@redhat.com>
CC: Davidlohr Bueso <dave@gnu.org>
Reference: http://marc.info/?l=util-linux-ng&m=133129570124003&w=2
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
|
|
| |
Get rid private locking schema and use libc instead.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
|
|
| |
access FILE pointer after failed fclose() results in undefined behavior
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
| |
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
| |
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
|
|
|
| |
The autotools will set _GNU_SOURCE which removes necessity to have
any _*_SOURCE definition in *.c files.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
|
|
| |
Requires C99, which should not be a problem.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
|
|
| |
setpwnam.c:176:9: warning: ignoring return value of ‘link’, declared with attribute warn_unused_result
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
| |
Reported-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
E.g., in this example, the "if (p)" test is useless.
if (p)
free (p);
I've been removing such tests systematically.
Here's where I proposed it to the git folks, along with justification
for why it's ok to perform this transformation, these days (no one
uses SunOS4 anymore):
http://thread.gmane.org/gmane.comp.version-control.git/74187
Signed-off-by: Jim Meyering <meyering@redhat.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
