diff options
author | jdp <jdp@FreeBSD.org> | 2000-07-26 04:47:17 +0000 |
---|---|---|
committer | jdp <jdp@FreeBSD.org> | 2000-07-26 04:47:17 +0000 |
commit | 57948511f591473b1f3a3ea05ea7aaf1c318f0b6 (patch) | |
tree | 6a9da9a628affc175137ef4f967f76d0e5f9f128 /sbin/ldconfig/ldconfig.c | |
parent | e18207aa844e85abf726c989be698fca17680bef (diff) | |
download | FreeBSD-src-57948511f591473b1f3a3ea05ea7aaf1c318f0b6.zip FreeBSD-src-57948511f591473b1f3a3ea05ea7aaf1c318f0b6.tar.gz |
If a directory is world-writable or is not owned by root, skip it
and emit a warning. This is a security measure since ldconfig
influences the shared libraries used by all programs.
I think the check should be made even more stringent by also
ignoring group-writable directories. I will make that change soon
unless we encounter a good reason not to do it.
Submitted by: Maxime Henrion <mhenrion@cybercable.fr>
Diffstat (limited to 'sbin/ldconfig/ldconfig.c')
-rw-r--r-- | sbin/ldconfig/ldconfig.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/sbin/ldconfig/ldconfig.c b/sbin/ldconfig/ldconfig.c index 76f8299..cde4f9a 100644 --- a/sbin/ldconfig/ldconfig.c +++ b/sbin/ldconfig/ldconfig.c @@ -259,6 +259,7 @@ int silent; { DIR *dd; struct dirent *dp; + struct stat stbuf; char name[MAXPATHLEN]; int dewey[MAXDEWEY], ndewey; @@ -269,6 +270,20 @@ int silent; return -1; } + /* Do some security checks */ + if (fstat(dirfd(dd), &stbuf) == -1) { + warn("%s", dir); + return -1; + } + if (stbuf.st_uid != 0) { + warnx("%s: not owned by root", dir); + return -1; + } + if ((stbuf.st_mode & S_IWOTH) != 0) { + warnx("%s: ignoring world-writable directory", dir); + return -1; + } + while ((dp = readdir(dd)) != NULL) { register int n; register char *cp; |