aboutsummaryrefslogtreecommitdiffstats
path: root/main/busybox/0010-su-FEATURE_SU_NULLOK_SECURE.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/busybox/0010-su-FEATURE_SU_NULLOK_SECURE.patch')
-rw-r--r--main/busybox/0010-su-FEATURE_SU_NULLOK_SECURE.patch71
1 files changed, 0 insertions, 71 deletions
diff --git a/main/busybox/0010-su-FEATURE_SU_NULLOK_SECURE.patch b/main/busybox/0010-su-FEATURE_SU_NULLOK_SECURE.patch
deleted file mode 100644
index 13c464e4a0..0000000000
--- a/main/busybox/0010-su-FEATURE_SU_NULLOK_SECURE.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From d9c09138d91566af49ef8179d9995c84294e2486 Mon Sep 17 00:00:00 2001
-From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
-Date: Thu, 5 Nov 2015 16:27:36 +0200
-Subject: [PATCH 10/12] su: FEATURE_SU_NULLOK_SECURE
-
-When this feature is enabled, blank passwords are not accepted by su
-unless the user is on a secure TTY defined in /etc/securetty. This
-resembles the default PAM configuration of some Linux distros which
-specify the nullok_secure option for pam_unix.so.
----
- loginutils/su.c | 18 +++++++++++++-----
- 1 file changed, 13 insertions(+), 5 deletions(-)
-
-diff --git a/loginutils/su.c b/loginutils/su.c
-index 24ffbde86..086445243 100644
---- a/loginutils/su.c
-+++ b/loginutils/su.c
-@@ -24,6 +24,11 @@
- //config: bool "Enable su to check user's shell to be listed in /etc/shells"
- //config: depends on SU
- //config: default y
-+//config:config FEATURE_SU_NULLOK_SECURE
-+//config: bool "Disallow blank passwords from TTYs other than specified in /etc/securetty"
-+//config: depends on SU
-+//config: default n
-+
-
- //applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */
- //applet:IF_SU(APPLET(su, BB_DIR_BIN, BB_SUID_REQUIRE))
-@@ -76,6 +81,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
- struct passwd *pw;
- uid_t cur_uid = getuid();
- const char *tty;
-+ int allow_blank = 1;
- #if ENABLE_FEATURE_UTMP
- char user_buf[64];
- #endif
-@@ -100,6 +106,12 @@ int su_main(int argc UNUSED_PARAM, char **argv)
- argv++;
- }
-
-+ tty = xmalloc_ttyname(STDIN_FILENO);
-+ if (!tty) tty = "none";
-+ tty = skip_dev_pfx(tty);
-+
-+ if (ENABLE_FEATURE_SU_NULLOK_SECURE) allow_blank = check_securetty(tty);
-+
- if (ENABLE_FEATURE_SU_SYSLOG) {
- /* The utmp entry (via getlogin) is probably the best way to
- * identify the user, especially if someone su's from a su-shell.
-@@ -113,16 +125,12 @@ int su_main(int argc UNUSED_PARAM, char **argv)
- pw = getpwuid(cur_uid);
- old_user = pw ? xstrdup(pw->pw_name) : "";
- }
-- tty = xmalloc_ttyname(2);
-- if (!tty) {
-- tty = "none";
-- }
- openlog(applet_name, 0, LOG_AUTH);
- }
-
- pw = xgetpwnam(opt_username);
-
-- if (cur_uid == 0 || ask_and_check_password(pw) > 0) {
-+ if (cur_uid == 0 || ask_and_check_password_extended(pw, 0, allow_blank, "Password: ") > 0) {
- if (ENABLE_FEATURE_SU_SYSLOG)
- syslog(LOG_NOTICE, "%c %s %s:%s",
- '+', tty, old_user, opt_username);
---
-2.11.0
-