RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 19:27:45 +00:00
Code Issues Activity Actions

SystemServer: Create accounts with Account::Read::PasswdOnly

Browse source 
This prevents non-root instances of SystemServer to try to open
`/etc/shadow`.
This commit is contained in:
Lucas CHOLLET 2022-07-24 13:18:07 +02:00 committed by Linus Groh
parent a3b8a9a142
commit f0012c2162
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Userland/Services/SystemServer/Service.cpp
View file

@ -299,7 +299,7 @@ Service::Service(Core::ConfigFile const& config, StringView name)
m_user = config.read_entry(name, "User"); m_user = config.read_entry(name, "User");
if (!m_user.is_null()) { if (!m_user.is_null()) {
auto result = Core::Account::from_name(m_user.characters()); auto result = Core::Account::from_name(m_user.characters(), Core::Account::Read::PasswdOnly);
if (result.is_error()) if (result.is_error())
warnln("Failed to resolve user {}: {}", m_user, result.error()); warnln("Failed to resolve user {}: {}", m_user, result.error());
else else
@ -417,7 +417,7 @@ ErrorOr<void> Service::determine_account(int fd)
auto const directory_name = String::formatted("/proc/{}/", creds.pid); auto const directory_name = String::formatted("/proc/{}/", creds.pid);
auto const stat = TRY(Core::System::stat(directory_name)); auto const stat = TRY(Core::System::stat(directory_name));
m_account = TRY(Core::Account::from_uid(stat.st_uid)); m_account = TRY(Core::Account::from_uid(stat.st_uid, Core::Account::Read::PasswdOnly));
return {}; return {};
} }