|
|
868f7a8 |
diff -up mgetty-1.1.36/login.c.167830_tty_access mgetty-1.1.36/login.c
|
|
|
868f7a8 |
--- mgetty-1.1.36/login.c.167830_tty_access 2008-10-09 22:57:18.000000000 +0200
|
|
|
868f7a8 |
+++ mgetty-1.1.36/login.c 2008-10-09 22:57:18.000000000 +0200
|
|
|
868f7a8 |
@@ -256,6 +256,12 @@ void login_dispatch _P3( (user, is_callb
|
|
jvdias |
6909da9 |
{
|
|
jvdias |
6909da9 |
lprintf( L_NOISE, "login: user id: %s (uid %d, gid %d)",
|
|
jvdias |
6909da9 |
user_id, pw->pw_uid, pw->pw_gid );
|
|
jvdias |
6909da9 |
+ /* get tty device name */
|
|
jvdias |
6909da9 |
+ char devname[MAXLINE+1], stdinname[128];
|
|
jvdias |
6909da9 |
+ snprintf(stdinname,128,"/proc/%d/fd/0",getpid());
|
|
jvdias |
6909da9 |
+ int r = readlink(&(stdinname[0]),&(devname[0]),MAXLINE);
|
|
jvdias |
6909da9 |
+ devname[r]='\0';
|
|
jvdias |
6909da9 |
+
|
|
jvdias |
6909da9 |
#if SECUREWARE
|
|
jvdias |
6909da9 |
if ( setluid( pw->pw_uid ) == -1 )
|
|
jvdias |
6909da9 |
{
|
|
|
868f7a8 |
@@ -266,9 +272,15 @@ void login_dispatch _P3( (user, is_callb
|
|
jvdias |
6909da9 |
{
|
|
jvdias |
6909da9 |
lprintf( L_ERROR, "cannot set gid %d", pw->pw_gid );
|
|
jvdias |
6909da9 |
}
|
|
jvdias |
6909da9 |
+ initgroups(pw->pw_name,pw->pw_gid);
|
|
jvdias |
6909da9 |
if ( setuid( pw->pw_uid ) == -1 )
|
|
jvdias |
6909da9 |
{
|
|
jvdias |
6909da9 |
lprintf( L_ERROR, "cannot set uid %d", pw->pw_uid );
|
|
jvdias |
6909da9 |
+ }
|
|
jvdias |
6909da9 |
+ if ( ( r > 0) && (access(devname, R_OK | W_OK) != 0) )
|
|
jvdias |
6909da9 |
+ {
|
|
jvdias |
6909da9 |
+ lprintf( L_FATAL, "user %s denied rw access to %s", user_id, devname );
|
|
jvdias |
6909da9 |
+ exit(FAIL);
|
|
jvdias |
6909da9 |
}
|
|
jvdias |
6909da9 |
}
|
|
jvdias |
6909da9 |
} /* end if (uid given) */
|