[Bug 1637] Change the context when starting internal-sftp
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Aug 28 17:38:40 EST 2009
https://bugzilla.mindrot.org/show_bug.cgi?id=1637
--- Comment #2 from Darren Tucker <dtucker at zip.com.au> 2009-08-28 17:38:39 EST ---
(From update of attachment 1681)
>diff -up openssh-5.2p1/session.c.sesftp openssh-5.2p1/session.c
>--- openssh-5.2p1/session.c.sesftp 2009-01-28 06:29:49.000000000 +0100
>+++ openssh-5.2p1/session.c 2009-08-08 13:13:54.670122454 +0200
>@@ -58,6 +58,7 @@
> #include <stdlib.h>
> #include <string.h>
> #include <unistd.h>
>+#include <selinux/selinux.h>
>
> #include "openbsd-compat/sys-queue.h"
> #include "xmalloc.h"
>@@ -1791,8 +1792,8 @@ do_child(Session *s, const char *command
>
> if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
> extern int optind, optreset;
>- int i;
>- char *p, *args;
>+ int i, l;
please don't use "l" as a variable name, my eyeballs easily misparse as
a 1.
>+ char *p, *args, *c1, *c2, *cx;
>
> setproctitle("%s at internal-sftp-server", s->pw->pw_name);
> args = xstrdup(command ? command : "sftp-server");
>@@ -1802,6 +1803,27 @@ do_child(Session *s, const char *command
> argv[i] = NULL;
> optind = optreset = 1;
> __progname = argv[0];
>+ if (getcon (&c1) < 0) {
getcon is a linux (in fact, selinux) specific function, so having this
here this will break on every other platform. Please put this in its
own function in port-linux.c with the rest of the selinux code and wrap
the call in #ifdef WITH_SELINUX
Also, the man page for getcon says the returned context must be freed.
It also says that it takes a security_context_t not a char * (typedefs
in the headers notwithstanding).
>+ logit("do_child: getcon failed witch %s", strerror (errno));
>+ } else {
>+ c2 = xmalloc (strlen (c1) + 8);
8 is a magic number. I assume it's sizeof("sftpd_t"), in which case
you should make sftpd_t a #define and use the sizeof.
c2 is never freed.
>+ if (!(cx = index (c1, ':')))
>+ goto badcontext;
>+ if (!(cx = index (cx + 1, ':'))) {
>+badcontext:
>+ logit ("do_child: unparseable context %s", c1);
>+ } else {
>+ l = cx - c1 + 1;
>+ memcpy (c2, c1, l);
>+ strcpy (c2 + l, "sftpd_t");
unbounded str* functions are poor form even if this particular one is
safe. Please use strl{cat,cpy}.
>+ if ((cx = index (cx + 1, ':')))
>+ strcat (c2, cx);
ditto.
>+ if (setcon (c2) < 0)
>+ logit("do_child: setcon failed witch %s", strerror (errno));
s/witch/with/
>+
>+ }
>+ }
>+
> exit(sftp_server_main(i, argv, s->pw));
> }
>
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list