mirror of
https://github.com/leahneukirchen/cwm.git
synced 2023-08-10 21:13:12 +03:00
we are not doing access control here, so replace the "check if file is
executable" goo with access(2). originally from jacekm@ long time ago. "i can live with that" oga@
This commit is contained in:
parent
1968561fcc
commit
0a44f2e5c4
35
kbfunc.c
35
kbfunc.c
@ -228,14 +228,11 @@ kbfunc_exec(struct client_ctx *scratch, union arg *arg)
|
||||
#define NPATHS 256
|
||||
char **ap, *paths[NPATHS], *path, *pathcpy, *label;
|
||||
char tpath[MAXPATHLEN];
|
||||
int l, i, j, ngroups;
|
||||
gid_t mygroups[NGROUPS_MAX];
|
||||
uid_t ruid, euid, suid;
|
||||
int l, i;
|
||||
DIR *dirp;
|
||||
struct dirent *dp;
|
||||
struct menu *mi;
|
||||
struct menu_q menuq;
|
||||
struct stat sb;
|
||||
|
||||
int cmd = arg->i;
|
||||
switch (cmd) {
|
||||
@ -250,11 +247,6 @@ kbfunc_exec(struct client_ctx *scratch, union arg *arg)
|
||||
/*NOTREACHED*/
|
||||
}
|
||||
|
||||
if (getgroups(0, mygroups) == -1)
|
||||
err(1, "getgroups failure");
|
||||
if ((ngroups = getresuid(&ruid, &euid, &suid)) == -1)
|
||||
err(1, "getresuid failure");
|
||||
|
||||
TAILQ_INIT(&menuq);
|
||||
|
||||
if ((path = getenv("PATH")) == NULL)
|
||||
@ -281,33 +273,12 @@ kbfunc_exec(struct client_ctx *scratch, union arg *arg)
|
||||
/* check for truncation etc */
|
||||
if (l == -1 || l >= (int)sizeof(tpath))
|
||||
continue;
|
||||
/* just ignore on stat failure */
|
||||
if (stat(tpath, &sb) == -1)
|
||||
continue;
|
||||
/* may we execute this file? */
|
||||
if (euid == sb.st_uid) {
|
||||
if (sb.st_mode & S_IXUSR)
|
||||
goto executable;
|
||||
else
|
||||
continue;
|
||||
}
|
||||
for (j = 0; j < ngroups; j++) {
|
||||
if (mygroups[j] == sb.st_gid) {
|
||||
if (sb.st_mode & S_IXGRP)
|
||||
goto executable;
|
||||
else
|
||||
continue;
|
||||
}
|
||||
}
|
||||
if (sb.st_mode & S_IXOTH)
|
||||
goto executable;
|
||||
continue;
|
||||
executable:
|
||||
/* the thing in tpath, we may execute */
|
||||
if (access(tpath, X_OK) == 0) {
|
||||
mi = xcalloc(1, sizeof(*mi));
|
||||
strlcpy(mi->text, dp->d_name, sizeof(mi->text));
|
||||
TAILQ_INSERT_TAIL(&menuq, mi, entry);
|
||||
}
|
||||
}
|
||||
(void)closedir(dirp);
|
||||
}
|
||||
xfree(path);
|
||||
|
Loading…
Reference in New Issue
Block a user