From 57948511f591473b1f3a3ea05ea7aaf1c318f0b6 Mon Sep 17 00:00:00 2001
From: jdp <jdp@FreeBSD.org>
Date: Wed, 26 Jul 2000 04:47:17 +0000
Subject: If a directory is world-writable or is not owned by root, skip it and
 emit a warning.  This is a security measure since ldconfig influences the
 shared libraries used by all programs.

I think the check should be made even more stringent by also
ignoring group-writable directories.  I will make that change soon
unless we encounter a good reason not to do it.

Submitted by:	Maxime Henrion <mhenrion@cybercable.fr>
---
 sbin/ldconfig/ldconfig.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'sbin/ldconfig/ldconfig.c')

diff --git a/sbin/ldconfig/ldconfig.c b/sbin/ldconfig/ldconfig.c
index 76f8299..cde4f9a 100644
--- a/sbin/ldconfig/ldconfig.c
+++ b/sbin/ldconfig/ldconfig.c
@@ -259,6 +259,7 @@ int	silent;
 {
 	DIR		*dd;
 	struct dirent	*dp;
+	struct stat	stbuf;
 	char		name[MAXPATHLEN];
 	int		dewey[MAXDEWEY], ndewey;
 
@@ -269,6 +270,20 @@ int	silent;
 		return -1;
 	}
 
+	/* Do some security checks */
+	if (fstat(dirfd(dd), &stbuf) == -1) {
+		warn("%s", dir);
+		return -1;
+	}
+	if (stbuf.st_uid != 0) {
+		warnx("%s: not owned by root", dir);
+		return -1;
+	}
+	if ((stbuf.st_mode & S_IWOTH) != 0) {
+		warnx("%s: ignoring world-writable directory", dir);
+		return -1;
+	}
+
 	while ((dp = readdir(dd)) != NULL) {
 		register int n;
 		register char *cp;
-- 
cgit v1.1