aboutsummaryrefslogtreecommitdiffstats
path: root/main/busybox/3003-su-FEATURE_SU_NULLOK_SECURE.patch
blob: bb0e1c64ce6347008677d8c5fd4744c75c5444a3 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
From 0acd825122c5e2d1b2ba6a0d0f42960cefaafa88 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Thu, 5 Nov 2015 16:27:36 +0200
Subject: [PATCH 3003/3003] su: FEATURE_SU_NULLOK_SECURE

When this feature is enabled, blank passwords are not accepted by su
unless the user is on a secure TTY defined in /etc/securetty. This
resembles the default PAM configuration of some Linux distros which
specify the nullok_secure option for pam_unix.so.
---
 loginutils/Config.src |  5 +++++
 loginutils/su.c       | 13 ++++++++-----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/loginutils/Config.src b/loginutils/Config.src
index fa2b4f8..a150899 100644
--- a/loginutils/Config.src
+++ b/loginutils/Config.src
@@ -311,6 +311,11 @@ config FEATURE_SU_CHECKS_SHELLS
 	depends on SU
 	default y
 
+config FEATURE_SU_NULLOK_SECURE
+	bool "Disallow blank passwords from TTYs other than specified in /etc/securetty"
+	depends on SU
+	default n
+
 config SULOGIN
 	bool "sulogin"
 	default y
diff --git a/loginutils/su.c b/loginutils/su.c
index f812505..bd0cb35 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -51,6 +51,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
 	struct passwd *pw;
 	uid_t cur_uid = getuid();
 	const char *tty;
+	int allow_blank = 1;
 #if ENABLE_FEATURE_UTMP
 	char user_buf[64];
 #endif
@@ -71,6 +72,12 @@ int su_main(int argc UNUSED_PARAM, char **argv)
 		argv++;
 	}
 
+	tty = xmalloc_ttyname(STDIN_FILENO);
+	if (!tty) tty = "none";
+	tty = skip_dev_pfx(tty);
+
+	if (ENABLE_FEATURE_SU_NULLOK_SECURE) allow_blank = check_securetty(tty);
+
 	if (ENABLE_FEATURE_SU_SYSLOG) {
 		/* The utmp entry (via getlogin) is probably the best way to
 		 * identify the user, especially if someone su's from a su-shell.
@@ -84,16 +91,12 @@ int su_main(int argc UNUSED_PARAM, char **argv)
 			pw = getpwuid(cur_uid);
 			old_user = pw ? xstrdup(pw->pw_name) : "";
 		}
-		tty = xmalloc_ttyname(2);
-		if (!tty) {
-			tty = "none";
-		}
 		openlog(applet_name, 0, LOG_AUTH);
 	}
 
 	pw = xgetpwnam(opt_username);
 
-	if (cur_uid == 0 || ask_and_check_password(pw) > 0) {
+	if (cur_uid == 0 || ask_and_check_password_extended(pw, 0, allow_blank, "Password: ") > 0) {
 		if (ENABLE_FEATURE_SU_SYSLOG)
 			syslog(LOG_NOTICE, "%c %s %s:%s",
 				'+', tty, old_user, opt_username);
-- 
2.6.3