Do not chdir(2) until after setuid(2), otherwise "su - username" would fail

when root doesn't have the permission to enter target user's home directory. If set, PAM environment variable HOME will be used in chdir(2) instead of pwd->pw_dir, this allows pam_chroot module to continue to function.
author: luoqi <luoqi@FreeBSD.org> 2006-09-29 04:41:37 +0000
committer: luoqi <luoqi@FreeBSD.org> 2006-09-29 04:41:37 +0000
commit: 16c630b2da91a861af574114cfd4143167108874 (patch)
tree: f39ad5e25a114f4f3639f6ff376bf6458707b48c /usr.bin/su
parent: 0c209e1877433d31af8bd30a894bd7c9b649272d (diff)
download: FreeBSD-src-16c630b2da91a861af574114cfd4143167108874.zip
FreeBSD-src-16c630b2da91a861af574114cfd4143167108874.tar.gz
1 files changed, 4 insertions, 6 deletions
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c
index 937c514..76f76b6 100644
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@@ -403,12 +403,6 @@ main(int argc, char *argv[])
 	}
 	setpriority(PRIO_PROCESS, 0, prio);
 
-	/* Switch to home directory */
-	if (asthem) {
-		if (chdir(pwd->pw_dir) < 0)
-			errx(1, "no directory");
-	}
-
 	/*
 	 * PAM modules might add supplementary groups in pam_setcred(), so
 	 * initialize them first.
@@ -540,6 +534,10 @@ main(int argc, char *argv[])
 					LOGIN_SETENV);
 				if (p)
 					setenv("TERM", p, 1);
+
+				p = pam_getenv(pamh, "HOME");
+				if (chdir(p ? p : pwd->pw_dir) < 0)
+					errx(1, "no directory");
 			}
 		}
 		login_close(lc);
author	luoqi <luoqi@FreeBSD.org>	2006-09-29 04:41:37 +0000
committer	luoqi <luoqi@FreeBSD.org>	2006-09-29 04:41:37 +0000
commit	16c630b2da91a861af574114cfd4143167108874 (patch)
tree	f39ad5e25a114f4f3639f6ff376bf6458707b48c /usr.bin/su
parent	0c209e1877433d31af8bd30a894bd7c9b649272d (diff)
download	FreeBSD-src-16c630b2da91a861af574114cfd4143167108874.zip FreeBSD-src-16c630b2da91a861af574114cfd4143167108874.tar.gz