diff options
| author |   millert <millert@openbsd.org> | 2019-03-23 17:03:00 +0000 |
|---|---|---|
| committer | millert <millert@openbsd.org> | 2019-03-23 17:03:00 +0000 |
| commit | 2f5786cf9e8ac4c2c65d1d2b1ab04537ce47d7eb (patch) | |
| tree | a2b0c55d28be102057de1a584fab05718f7124e6 /lib/libc | |
| parent | indents and reflows around ERR*() and LOG*(); ok benno (diff) | |
| download | wireguard-openbsd-2f5786cf9e8ac4c2c65d1d2b1ab04537ce47d7eb.tar.xz wireguard-openbsd-2f5786cf9e8ac4c2c65d1d2b1ab04537ce47d7eb.zip | |
Remove useless secure_path(3) calls.
There is no point in checking permissions of files in root-owned
directories. If it even was a problem, secure_path(3) suffers from
unsolvable TOCTOU issues. OK deraadt@
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/gen/auth_subr.c | 8 | ||||
| -rw-r--r-- | lib/libc/gen/login_cap.c | 29 |
2 files changed, 12 insertions, 25 deletions
diff --git a/lib/libc/gen/auth_subr.c b/lib/libc/gen/auth_subr.c index 03ac0d6107b..a1a2e5a7b69 100644 --- a/lib/libc/gen/auth_subr.c +++ b/lib/libc/gen/auth_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth_subr.c,v 1.51 2019/01/25 00:19:25 millert Exp $ */ +/* $OpenBSD: auth_subr.c,v 1.52 2019/03/23 17:03:00 millert Exp $ */ /* * Copyright (c) 2000-2002,2004 Todd C. Miller <millert@openbsd.org> @@ -848,12 +848,6 @@ auth_call(auth_session_t *as, char *path, ...) argv[argc] = NULL; - if (secure_path(path) < 0) { - syslog(LOG_ERR, "%s: path not secure", path); - warnx("invalid script: %s", path); - goto fail; - } - if (socketpair(PF_LOCAL, SOCK_STREAM, 0, pfd) < 0) { syslog(LOG_ERR, "unable to create backchannel %m"); warnx("internal resource failure"); diff --git a/lib/libc/gen/login_cap.c b/lib/libc/gen/login_cap.c index 87627e5db04..59652f006a0 100644 --- a/lib/libc/gen/login_cap.c +++ b/lib/libc/gen/login_cap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login_cap.c,v 1.35 2019/01/25 00:19:25 millert Exp $ */ +/* $OpenBSD: login_cap.c,v 1.36 2019/03/23 17:03:00 millert Exp $ */ /* * Copyright (c) 2000-2004 Todd C. Miller <millert@openbsd.org> @@ -80,21 +80,15 @@ static int gsetrl(login_cap_t *, int, char *, int); login_cap_t * login_getclass(char *class) { - char *classfiles[2] = {NULL, NULL}; + char *classfiles[2] = {_PATH_LOGIN_CONF, NULL}; login_cap_t *lc; int res; - if (secure_path(_PATH_LOGIN_CONF) == 0) - classfiles[0] = _PATH_LOGIN_CONF; - - if ((lc = malloc(sizeof(login_cap_t))) == NULL) { + if ((lc = calloc(1, sizeof(login_cap_t))) == NULL) { syslog(LOG_ERR, "%s:%d malloc: %m", __FILE__, __LINE__); return (0); } - lc->lc_cap = 0; - lc->lc_style = 0; - if (class == NULL || class[0] == '\0') class = LOGIN_DEFCLASS; @@ -104,14 +98,6 @@ login_getclass(char *class) return (0); } - /* - * Not having a login.conf file is not an error condition. - * The individual routines deal reasonably with missing - * capabilities and use default values. - */ - if (classfiles[0] == NULL) - return(lc); - if ((res = cgetent(&lc->lc_cap, classfiles, lc->lc_class)) != 0) { lc->lc_cap = 0; switch (res) { @@ -128,8 +114,15 @@ login_getclass(char *class) syslog(LOG_ERR, "%s: unknown class", lc->lc_class); break; case -2: + /* + * A missing login.conf file is not an error condition. + * The individual routines deal reasonably with missing + * capabilities and use default values. + */ + if (errno == ENOENT) + return (lc); syslog(LOG_ERR, "%s: getting class information: %m", - lc->lc_class); + lc->lc_class); break; case -3: syslog(LOG_ERR, "%s: 'tc' reference loop", |