su: move restricted_shell into su.c (the only user)

function                                             old     new   delta
su_main                                              448     468     +20
buffer_fill_and_print                                179     196     +17
scriptreplay_main                                    205     208      +3
localcmd                                             275     277      +2
hash_find                                            233     234      +1
devmem_main                                          469     463      -6
install_main                                         724     716      -8
setusershell                                          11       -     -11
find_pair                                            187     169     -18
restricted_shell                                      49       -     -49
------------------------------------------------------------------------------
(add/remove: 0/3 grow/shrink: 5/3 up/down: 43/-92)            Total: -49 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

diff --git a/include/libbb.h b/include/libbb.h
index 98080e841ecf15f40591c6a2ab60bdeb423953b8..515e995d0bf6117eaef0ab50a8c46473d1192582 100644 (file)
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -1139,7 +1139,6 @@ extern void selinux_preserve_fcontext(int fdesc) FAST_FUNC;
 #define selinux_preserve_fcontext(fdesc) ((void)0)
 #endif
 extern void selinux_or_die(void) FAST_FUNC;
-extern int restricted_shell(const char *shell) FAST_FUNC;
 
 /* setup_environment:
  * if chdir pw->pw_dir: ok: else if to_tmp == 1: goto /tmp else: goto / or die

diff --git a/libbb/Kbuild b/libbb/Kbuild
index c205ceb4cf2573c980503cc6c5cd1eb734a4e95f..49cf4b8add631f491df58876bed65cadcf7c7231 100644 (file)
--- a/libbb/Kbuild
+++ b/libbb/Kbuild
@@ -84,7 +84,6 @@ lib-y += read.o
 lib-y += read_key.o
 lib-y += recursive_action.o
 lib-y += remove_file.o
-lib-y += restricted_shell.o
 lib-y += run_shell.o
 lib-y += safe_gethostname.o
 lib-y += safe_poll.o

diff --git a/libbb/restricted_shell.c b/libbb/restricted_shell.c
deleted file mode 100644 (file)
index 2a5073f..0000000
--- a/libbb/restricted_shell.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/* vi: set sw=4 ts=4: */
-/*
- * Copyright 1989 - 1991, Julianne Frances Haugh <jockgrrl@austin.rr.com>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "libbb.h"
-
-/* Return 1 if SHELL is a restricted shell (one not returned by
-   getusershell), else 0, meaning it is a standard shell.  */
-int FAST_FUNC restricted_shell(const char *shell)
-{
-       char *line;
-
-       setusershell();
-       while ((line = getusershell())) {
-               if (*line != '#' && strcmp(line, shell) == 0)
-                       return 0;
-       }
-       endusershell();
-       return 1;
-}

diff --git a/loginutils/su.c b/loginutils/su.c
index 6356631b8f8cb0d16426a09aefaab4530f9fa7cd..af25655fd4986ca4eba4523917c42b9e26a0ceb1 100644 (file)
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -8,6 +8,23 @@
 #include "libbb.h"
 #include <syslog.h>
 
+#if ENABLE_FEATURE_SU_CHECKS_SHELLS
+/* Return 1 if SHELL is a restricted shell (one not returned by
+   getusershell), else 0, meaning it is a standard shell.  */
+static int restricted_shell(const char *shell)
+{
+       char *line;
+
+       /*setusershell(); - getusershell does it itself*/
+       while ((line = getusershell()) != NULL) {
+               if (/* *line != '#' && */ strcmp(line, shell) == 0)
+                       return 0;
+       }
+       endusershell();
+       return 1;
+}
+#endif
+
 #define SU_OPT_mp (3)
 #define SU_OPT_l (4)
 
@@ -89,7 +106,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
                opt_shell = getenv("SHELL");
 
 #if ENABLE_FEATURE_SU_CHECKS_SHELLS
-       if (opt_shell && cur_uid && restricted_shell(pw->pw_shell)) {
+       if (opt_shell && cur_uid != 0 && restricted_shell(pw->pw_shell)) {
                /* The user being su'd to has a nonstandard shell, and so is
                   probably a uucp account or has restricted access.  Don't
                   compromise the account by allowing access with a standard