1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 19:37:35 +00:00

SystemServer: Create accounts with Account::Read::PasswdOnly

This prevents non-root instances of SystemServer to try to open
`/etc/shadow`.
This commit is contained in:
Lucas CHOLLET 2022-07-24 13:18:07 +02:00 committed by Linus Groh
parent a3b8a9a142
commit f0012c2162

View file

@ -299,7 +299,7 @@ Service::Service(Core::ConfigFile const& config, StringView name)
m_user = config.read_entry(name, "User");
if (!m_user.is_null()) {
auto result = Core::Account::from_name(m_user.characters());
auto result = Core::Account::from_name(m_user.characters(), Core::Account::Read::PasswdOnly);
if (result.is_error())
warnln("Failed to resolve user {}: {}", m_user, result.error());
else
@ -417,7 +417,7 @@ ErrorOr<void> Service::determine_account(int fd)
auto const directory_name = String::formatted("/proc/{}/", creds.pid);
auto const stat = TRY(Core::System::stat(directory_name));
m_account = TRY(Core::Account::from_uid(stat.st_uid));
m_account = TRY(Core::Account::from_uid(stat.st_uid, Core::Account::Read::PasswdOnly));
return {};
}