wall: access FILE under real user's credentials

While at it, move applet/config/kbuild bits into wall.c.
(This way, it's more visible that applet is suid'ed).

function                                             old     new   delta
wall_main                                             87     138     +51

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

diff --git a/include/applets.src.h b/include/applets.src.h
index aa319bbc974067dfe2ba81919c5433b586bd981d..3a47e15b99166c1c008c9c1ce0f3ad100233729a 100644 (file)
--- a/include/applets.src.h
+++ b/include/applets.src.h
@@ -407,8 +407,6 @@ IF_VCONFIG(APPLET(vconfig, BB_DIR_SBIN, BB_SUID_DROP))
 /* Needs to be run by root or be suid root - needs to change uid and gid: */
 IF_VLOCK(APPLET(vlock, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
 IF_VOLNAME(APPLET(volname, BB_DIR_USR_BIN, BB_SUID_DROP))
-/* Needs to be run by root or be suid root - needs to write to /dev/TTY: */
-IF_WALL(APPLET(wall, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
 IF_WATCH(APPLET(watch, BB_DIR_BIN, BB_SUID_DROP))
 IF_WATCHDOG(APPLET(watchdog, BB_DIR_SBIN, BB_SUID_DROP))
 IF_WC(APPLET(wc, BB_DIR_USR_BIN, BB_SUID_DROP))

diff --git a/miscutils/Config.src b/miscutils/Config.src
index b9fc196d8d6dee7024aabbbe41b0999455119795..117ec77397460935ad36894dc6fe3410fe467267 100644 (file)
--- a/miscutils/Config.src
+++ b/miscutils/Config.src
@@ -591,13 +591,6 @@ config VOLNAME
        help
          Prints a CD-ROM volume name.
 
-config WALL
-       bool "wall"
-       default y
-       depends on FEATURE_UTMP
-       help
-         Write a message to all users that are logged in.
-
 config WATCHDOG
        bool "watchdog"
        default y

diff --git a/miscutils/Kbuild.src b/miscutils/Kbuild.src
index 8c498643b1998738b79c793bcf29f1d0858e0749..f3954f407fe2d5c28035e893cb788d2714d581ff 100644 (file)
--- a/miscutils/Kbuild.src
+++ b/miscutils/Kbuild.src
@@ -46,5 +46,4 @@ lib-$(CONFIG_TIME)        += time.o
 lib-$(CONFIG_TIMEOUT)     += timeout.o
 lib-$(CONFIG_TTYSIZE)     += ttysize.o
 lib-$(CONFIG_VOLNAME)     += volname.o
-lib-$(CONFIG_WALL)        += wall.o
 lib-$(CONFIG_WATCHDOG)    += watchdog.o

diff --git a/miscutils/wall.c b/miscutils/wall.c
index 762f53b728d3f9c0302fa6a83f19a690ef153f20..c74f4f27b6627fe04ad2c9866a06960664056698 100644 (file)
--- a/miscutils/wall.c
+++ b/miscutils/wall.c
@@ -6,6 +6,18 @@
  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
 
+//config:config WALL
+//config:      bool "wall"
+//config:      default y
+//config:      depends on FEATURE_UTMP
+//config:      help
+//config:        Write a message to all users that are logged in.
+
+/* Needs to be run by root or be suid root - needs to write to /dev/TTY: */
+//applet:IF_WALL(APPLET(wall, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
+
+//kbuild:lib-$(CONFIG_WALL) += wall.o
+
 //usage:#define wall_trivial_usage
 //usage:       "[FILE]"
 //usage:#define wall_full_usage "\n\n"
@@ -22,8 +34,19 @@ int wall_main(int argc UNUSED_PARAM, char **argv)
 {
        struct utmp *ut;
        char *msg;
-       int fd = argv[1] ? xopen(argv[1], O_RDONLY) : STDIN_FILENO;
+       int fd;
 
+       fd = STDIN_FILENO;
+       if (argv[1]) {
+               /* The applet is setuid.
+                * Access to the file must be under user's uid/gid.
+                */
+               setfsuid(getuid());
+               setfsgid(getgid());
+               fd = xopen(argv[1], O_RDONLY);
+               setfsuid(geteuid());
+               setfsgid(getegid());
+       }
        msg = xmalloc_read(fd, NULL);
        if (ENABLE_FEATURE_CLEAN_UP && argv[1])
                close(fd);