Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 16 Jun 2004 17:52:52 +0400
From:      Denis Antrushin <DAntrushin@mail.ru>
To:        Richard Caley <rjc@interactive.co.uk>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: Bug in PW
Message-ID:  <40D050B4.2070907@mail.ru>
In-Reply-To: <200406160912.i5G9CoDe059562@pele.r.caley.org.uk>
References:  <200406160912.i5G9CoDe059562@pele.r.caley.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is a multi-part message in MIME format.
--------------020900000207070408050305
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Richard Caley wrote:
> I thin this exists in both -STABLE and -CURRENT, but I don't have a
> bang up to date instalation of either, so appologies if it has been
> fixed.
No, it still present in current version (pw_user.c, as of ver. 1.55)

> Tested on 5.2.1 and 4.8. may have some security implications in that
> someone may think they have changed a shell (eg to /nonexistant) but
> they haven't really.
> 
> Apparently, supplying -d EXITING_HOME_DIR stops -s from setting the
> shell. 
Well, it cause some other option to work as well. :-)

This is because 'edited' flags which shows whether something has changed
is set this way in -d option handling:
     edited = strcmp(pwd->pw_dir, arg->val) != 0;
so it sets 'edited' to false, if home directory not changed regardless
of its previous value.

Attached patch should fix this bug (untested)







--------------020900000207070408050305
Content-Type: text/plain;
 name="pw_user.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="pw_user.diff"

*** pw_user.c	Wed Jun 16 17:38:22 2004
--- pw_user.c.new	Wed Jun 16 17:41:37 2004
***************
*** 537,543 ****
  		}
  
  		if ((arg  = getarg(args, 'd')) != NULL) {
! 			edited = strcmp(pwd->pw_dir, arg->val) != 0;
  			if (stat(pwd->pw_dir = arg->val, &st) == -1) {
  				if (getarg(args, 'm') == NULL && strcmp(pwd->pw_dir, "/nonexistent") != 0)
  				  warnx("WARNING: home `%s' does not exist", pwd->pw_dir);
--- 537,544 ----
  		}
  
  		if ((arg  = getarg(args, 'd')) != NULL) {
! 			if (strcmp(pwd->pw_dir, arg->val) != 0)
! 				edited = 1;
  			if (stat(pwd->pw_dir = arg->val, &st) == -1) {
  				if (getarg(args, 'm') == NULL && strcmp(pwd->pw_dir, "/nonexistent") != 0)
  				  warnx("WARNING: home `%s' does not exist", pwd->pw_dir);

--------------020900000207070408050305--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40D050B4.2070907>