Changeset e02d5dd9 in rtems


Ignore:
Timestamp:
Nov 17, 2014, 12:35:58 PM (5 years ago)
Author:
Sebastian Huber <sebastian.huber@…>
Branches:
4.11, master
Children:
bac3d6d
Parents:
fa028bb
git-author:
Sebastian Huber <sebastian.huber@…> (11/17/14 12:35:58)
git-committer:
Sebastian Huber <sebastian.huber@…> (11/20/14 09:30:24)
Message:

Ensure security of default user environment

Files:
4 added
4 edited

Legend:

Unmodified
Added
Removed
  • cpukit/libcsupport/src/base_fs.c

    rfa028bb re02d5dd9  
    5050   *
    5151   *  If the mkdir() fails, we can't print anything so just fatal error.
    52    *
    53    *  NOTE: UNIX root is 755 and owned by root/root (0/0).  It is actually
    54    *        created that way by the IMFS.
    5552   */
    5653
    57   rv = mkdir( "/dev", 0777);
     54  rv = mkdir( "/dev", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH );
    5855  if ( rv != 0 )
    5956    rtems_fatal_error_occurred( 0xABCD0003 );
  • cpukit/libcsupport/src/pwdgrp.c

    rfa028bb re02d5dd9  
    2727#include <grp.h>
    2828#include <errno.h>
     29#include <fcntl.h>
    2930#include <unistd.h>
    3031#include <stdlib.h>
     
    4243static void init_file(const char *name, const char *content)
    4344{
    44   FILE *fp = fopen(name, "wx");
    45 
    46   if (fp != NULL) {
    47     fputs(content, fp);
    48     fclose(fp);
     45  /*
     46   * Unlike to standard UNIX systems, these files are only readable and
     47   * writeable for the root user.  This way we avoid the need for an
     48   * /etc/shadow.  In case more UNIX compatibility is desired, this can be
     49   * added on demand.
     50   */
     51  int fd = open(name, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR);
     52
     53  if (fd >= 0) {
     54    write(fd, content, strlen(content));
     55    close(fd);
    4956  }
    5057}
     
    5562static void pwdgrp_init(void)
    5663{
    57   mkdir("/etc", 0777);
     64  mkdir("/etc", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
    5865
    5966  /*
  • testsuites/libtests/Makefile.am

    rfa028bb re02d5dd9  
    22
    33_SUBDIRS = POSIX
     4_SUBDIRS += pwdgrp02
    45_SUBDIRS += shell01
    56_SUBDIRS += pwdgrp01
  • testsuites/libtests/configure.ac

    rfa028bb re02d5dd9  
    6767# Explicitly list all Makefiles here
    6868AC_CONFIG_FILES([Makefile
     69pwdgrp02/Makefile
    6970shell01/Makefile
    7071pwdgrp01/Makefile
Note: See TracChangeset for help on using the changeset viewer.