Changeset e02d5dd9 in rtems for cpukit/libcsupport/src/pwdgrp.c


Ignore:
Timestamp:
Nov 17, 2014, 12:35:58 PM (5 years ago)
Author:
Sebastian Huber <sebastian.huber@…>
Branches:
4.11, master
Children:
bac3d6d
Parents:
fa028bb
git-author:
Sebastian Huber <sebastian.huber@…> (11/17/14 12:35:58)
git-committer:
Sebastian Huber <sebastian.huber@…> (11/20/14 09:30:24)
Message:

Ensure security of default user environment

File:
1 edited

Legend:

Unmodified
Added
Removed
  • cpukit/libcsupport/src/pwdgrp.c

    rfa028bb re02d5dd9  
    2727#include <grp.h>
    2828#include <errno.h>
     29#include <fcntl.h>
    2930#include <unistd.h>
    3031#include <stdlib.h>
     
    4243static void init_file(const char *name, const char *content)
    4344{
    44   FILE *fp = fopen(name, "wx");
    45 
    46   if (fp != NULL) {
    47     fputs(content, fp);
    48     fclose(fp);
     45  /*
     46   * Unlike to standard UNIX systems, these files are only readable and
     47   * writeable for the root user.  This way we avoid the need for an
     48   * /etc/shadow.  In case more UNIX compatibility is desired, this can be
     49   * added on demand.
     50   */
     51  int fd = open(name, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR);
     52
     53  if (fd >= 0) {
     54    write(fd, content, strlen(content));
     55    close(fd);
    4956  }
    5057}
     
    5562static void pwdgrp_init(void)
    5663{
    57   mkdir("/etc", 0777);
     64  mkdir("/etc", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
    5865
    5966  /*
Note: See TracChangeset for help on using the changeset viewer.