diff options
| author | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2011-04-23 19:47:07 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2011-04-23 19:47:07 +0000 |
| commit | 633e80833427eef32f32fd959d37e067b11a8415 (patch) | |
| tree | d53b839282dcd36dab05c6e861e40c5d2042b282 /libexec | |
| parent | a7bf1fa5939c5e24cd20a849c6d30a5cad41a6dc (diff) | |
When a device or setuid file is owned by a nonexistent user or group,
undefined data got used.
Fix this by reporting the UID/GID numerically in that case.
Problem reported and patch provided by rd at thrush dot com.
While here, use // rather than || everywhere to detect get*id failure,
as suggested by RD Thrush. The edge case where it matters - a username
of "0" - is rather insane, but the // is more precise anyway.
Diffstat (limited to 'libexec')
| -rw-r--r-- | libexec/security/security | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/libexec/security/security b/libexec/security/security index 6b74dd9858a..e46ef711883 100644 --- a/libexec/security/security +++ b/libexec/security/security @@ -1,6 +1,6 @@ #!/usr/bin/perl -T -# $OpenBSD: security,v 1.11 2011/04/23 13:43:44 schwarze Exp $ +# $OpenBSD: security,v 1.12 2011/04/23 19:47:06 schwarze Exp $ # # Copyright (c) 2011 Ingo Schwarze <schwarze@openbsd.org> # Copyright (c) 2011 Andrew Fresh <andrew@afresh1.com> @@ -383,7 +383,7 @@ sub check_homedir { my ($mode, $fuid) = (stat(_))[2,4]; nag $fuid && $fuid != $uid, "user $name home directory is owned by " . - ((getpwuid $fuid)[0] || $fuid); + ((getpwuid $fuid)[0] // $fuid); nag $mode & S_IWGRP, "user $name home directory is group writable"; nag $mode & S_IWOTH, @@ -402,7 +402,7 @@ sub check_dot_readable { my ($mode, $fuid) = (stat(_))[2,4]; nag $fuid && $fuid != $uid, "user $name $f file is owned by " . - ((getpwuid $fuid)[0] || $fuid); + ((getpwuid $fuid)[0] // $fuid); nag $mode & S_IRGRP, "user $name $f file is group readable"; nag $mode & S_IROTH, @@ -430,7 +430,7 @@ sub check_dot_writeable { my ($mode, $fuid) = (stat(_))[2,4]; nag $fuid && $fuid != $uid, "user $name $f file is owned by " . - ((getpwuid $fuid)[0] || $fuid); + ((getpwuid $fuid)[0] // $fuid); nag $mode & S_IWGRP, "user $name $f file is group writable"; nag $mode & S_IWOTH, @@ -445,8 +445,8 @@ sub check_mailboxes { foreach my $name (readdir $dh) { next if $name =~ /^\.\.?$/; my ($mode, $fuid, $fgid) = (stat "$dir/$name")[2,4,5]; - my $fname = (getpwuid $fuid)[0] || $fuid; - my $gname = (getgrgid $fgid)[0] || $fgid; + my $fname = (getpwuid $fuid)[0] // $fuid; + my $gname = (getgrgid $fgid)[0] // $fgid; nag $fname ne $name, "user $name mailbox is owned by $fname"; nag S_IMODE($mode) != (S_IRUSR | S_IWUSR), @@ -564,8 +564,8 @@ sub find_special_files { $file->{mode} = $mode; $file->{strmode} = strmode $mode; $file->{nlink} = $nlink; - $file->{user} = (getpwuid $uid)[0]; - $file->{group} = (getgrgid $gid)[0]; + $file->{user} = (getpwuid $uid)[0] // $uid; + $file->{group} = (getgrgid $gid)[0] // $gid; $file->{size} = $size; @$file{qw(wday mon day time year)} = split ' ', localtime $mtime; |