Changeset ffd5285 in rtems


Ignore:
Timestamp:
Nov 18, 2014, 10:07:36 AM (5 years ago)
Author:
Sebastian Huber <sebastian.huber@…>
Branches:
4.11, master
Children:
7eada71
Parents:
5c141d6a
git-author:
Sebastian Huber <sebastian.huber@…> (11/18/14 10:07:36)
git-committer:
Sebastian Huber <sebastian.huber@…> (11/20/14 09:30:25)
Message:

shell: Inherit UID and GID if no login check

Use the UID and GID of the executing user for the real and effective UID
and GID of the shell task in case no login check is present. This
prevents privilege escalation via shell scripts.

Location:
cpukit/libmisc/shell
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • cpukit/libmisc/shell/shell.c

    r5c141d6a rffd5285  
    839839          result = rtems_shell_login(shell_env, stdin,stdout);
    840840        } else {
     841          setuid(shell_env->uid);
     842          setgid(shell_env->gid);
     843          seteuid(shell_env->uid);
     844          setegid(shell_env->gid);
     845          rtems_current_user_env_getgroups();
     846
    841847          result = true;
    842848        }
     
    10111017  shell_env->wake_on_end   = wake_on_end;
    10121018  shell_env->login_check   = login_check;
     1019  shell_env->uid           = getuid();
     1020  shell_env->gid           = getgid();
    10131021
    10141022  getcwd(shell_env->cwd, sizeof(shell_env->cwd));
  • cpukit/libmisc/shell/shell.h

    r5c141d6a rffd5285  
    1818#define __RTEMS_SHELL_H__
    1919
     20#include <sys/types.h>
    2021#include <rtems.h>
    2122#include <stdio.h>
     
    200201  rtems_id wake_on_end;
    201202  rtems_shell_login_check_t login_check;
     203
     204  /**
     205   * @brief The real and effective UID of the shell task in case no login check
     206   * is present.
     207   */
     208  uid_t uid;
     209
     210  /**
     211   * @brief The real and effective GID of the shell task in case no login check
     212   * is present.
     213   */
     214  gid_t gid;
    202215} rtems_shell_env_t;
    203216
Note: See TracChangeset for help on using the changeset viewer.