1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 20:57:35 +00:00

LibCore: Enforce correct mode when creating new passwd and shadow files

- Use umask() to prevent the parent process from tampering with the mode
  bits of replacement passwd and shadow files.
- Use fchmod() to set new shadow files to mode 0600.
This commit is contained in:
Andreas Kling 2022-01-01 20:12:41 +01:00
parent edd8f19a1b
commit 63e8cf8d59

View file

@ -9,6 +9,7 @@
#include <AK/ScopeGuard.h>
#include <LibCore/Account.h>
#include <LibCore/System.h>
#include <LibCore/UmaskScope.h>
#include <errno.h>
#include <grp.h>
#include <pwd.h>
@ -260,6 +261,8 @@ ErrorOr<String> Account::generate_shadow_file() const
ErrorOr<void> Account::sync()
{
Core::UmaskScope umask_scope(0777);
auto new_passwd_file_content = TRY(generate_passwd_file());
#ifndef AK_OS_BSD_GENERIC
auto new_shadow_file_content = TRY(generate_shadow_file());
@ -273,13 +276,14 @@ ErrorOr<void> Account::sync()
{
auto new_passwd_fd = TRY(Core::System::mkstemp(new_passwd_name));
ScopeGuard new_passwd_fd_guard = [new_passwd_fd] { close(new_passwd_fd); };
TRY(Core::System::fchmod(new_passwd_fd, 0644));
#ifndef AK_OS_BSD_GENERIC
auto new_shadow_fd = TRY(Core::System::mkstemp(new_shadow_name));
ScopeGuard new_shadow_fd_guard = [new_shadow_fd] { close(new_shadow_fd); };
TRY(Core::System::fchmod(new_shadow_fd, 0600));
#endif
TRY(Core::System::fchmod(new_passwd_fd, 0644));
auto nwritten = TRY(Core::System::write(new_passwd_fd, new_passwd_file_content.bytes()));
VERIFY(static_cast<size_t>(nwritten) == new_passwd_file_content.length());