/etc/nologin must be world-readable which is not totally clear

[Darren Tucker]

On Tue, Jan 12, 2010 at 04:29:05AM +0300, Dmitry V. Levin wrote:
> On Tue, Jan 12, 2010 at 12:24:20PM +1100, Darren Tucker wrote:
[...]
> > The simple solution is to check errno for EPERM.  I'm about to apply the
> > following patch which should cover it.
> 
> Please check for EACCES, too.

Jan Pechanec pointed this out too.  After thinking about it some more I'm
mildly concerned about failure scenarios involving the other path
components (eg root accidentally chmods /etc or something).  After
discussing it with Damien I thing we should add an explict stat().

Index: session.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/session.c,v
retrieving revision 1.250
diff -u -p -r1.250 session.c
--- session.c	12 Jan 2010 01:31:05 -0000	1.250
+++ session.c	12 Jan 2010 03:39:03 -0000
@@ -1100,12 +1100,15 @@ static void
 do_nologin(struct passwd *pw)
 {
 	FILE *f = NULL;
-	char buf[1024];
+	char buf[1024], *nologin;
+	struct stat sb;
 
-	if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid)
-		f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN,
-		    _PATH_NOLOGIN), "r");
-	if (f != NULL || errno == EPERM) {
+	if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid) {
+		nologin = login_getcapstr(lc, "nologin", _PATH_NOLOGIN,
+		    _PATH_NOLOGIN);
+		f = fopen(nologin, "r");
+	}
+	if (f != NULL || stat(nologin, &sb) == 0) {
 		/* /etc/nologin exists.  Print its contents and exit. */
 		logit("User %.100s not allowed because %s exists",
 		    pw->pw_name, _PATH_NOLOGIN);


-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.