1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
| | This patch originates from the Debian project, see https://www.debian.org/
21exrc_writability_check.dpatch by <hesso@pool.math.tu-berlin.de>
Improve writability checking.
diff -Naur nvi-1.81.6.orig/ex/ex_init.c nvi-1.81.6/ex/ex_init.c
--- nvi-1.81.6.orig/ex/ex_init.c 2007-11-18 17:41:42.000000000 +0100
+++ nvi-1.81.6/ex/ex_init.c 2008-05-01 18:24:45.000000000 +0200
@@ -26,6 +26,9 @@
#include <string.h>
#include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
+
#include "../common/common.h"
#include "tag.h"
#include "pathnames.h"
@@ -346,6 +349,9 @@
int nf1, nf2;
char *a, *b, buf[MAXPATHLEN];
+ struct group *grp_p;
+ struct passwd *pwd_p;
+
/* Check for the file's existence. */
if (stat(path, sbp))
return (NOEXIST);
@@ -359,10 +365,30 @@
}
/* Check writeability. */
- if (sbp->st_mode & (S_IWGRP | S_IWOTH)) {
+ if (sbp->st_mode & S_IWOTH) {
etype = WRITER;
goto denied;
}
+ if (sbp->st_mode & S_IWGRP) {
+ /* on system error (getgrgid or getpwnam return NULL) set etype to WRITER
+ * and continue execution */
+ if( (grp_p = getgrgid(sbp->st_gid)) == NULL) {
+ etype = WRITER;
+ goto denied;
+ }
+
+ /* lookup the group members' uids for an uid different from euid */
+ while( ( *(grp_p->gr_mem) ) != NULL) { /* gr_mem is a null-terminated array */
+ if( (pwd_p = getpwnam(*(grp_p->gr_mem)++)) == NULL) {
+ etype = WRITER;
+ goto denied;
+ }
+ if(pwd_p->pw_uid != euid) {
+ etype = WRITER;
+ goto denied;
+ }
+ }
+ }
return (RCOK);
denied: a = msg_print(sp, path, &nf1);
|