diff options
author | luoqi <luoqi@FreeBSD.org> | 2006-09-29 04:41:37 +0000 |
---|---|---|
committer | luoqi <luoqi@FreeBSD.org> | 2006-09-29 04:41:37 +0000 |
commit | 16c630b2da91a861af574114cfd4143167108874 (patch) | |
tree | f39ad5e25a114f4f3639f6ff376bf6458707b48c | |
parent | 0c209e1877433d31af8bd30a894bd7c9b649272d (diff) | |
download | FreeBSD-src-16c630b2da91a861af574114cfd4143167108874.zip FreeBSD-src-16c630b2da91a861af574114cfd4143167108874.tar.gz |
Do not chdir(2) until after setuid(2), otherwise "su - username" would fail
when root doesn't have the permission to enter target user's home directory.
If set, PAM environment variable HOME will be used in chdir(2) instead of
pwd->pw_dir, this allows pam_chroot module to continue to function.
-rw-r--r-- | usr.bin/su/su.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index 937c514..76f76b6 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -403,12 +403,6 @@ main(int argc, char *argv[]) } setpriority(PRIO_PROCESS, 0, prio); - /* Switch to home directory */ - if (asthem) { - if (chdir(pwd->pw_dir) < 0) - errx(1, "no directory"); - } - /* * PAM modules might add supplementary groups in pam_setcred(), so * initialize them first. @@ -540,6 +534,10 @@ main(int argc, char *argv[]) LOGIN_SETENV); if (p) setenv("TERM", p, 1); + + p = pam_getenv(pamh, "HOME"); + if (chdir(p ? p : pwd->pw_dir) < 0) + errx(1, "no directory"); } } login_close(lc); |