|
|
23fb2f |
diff -up lockdev-scm-2011-10-07/src/lockdev.c.access lockdev-scm-2011-10-07/src/lockdev.c
|
|
|
23fb2f |
--- lockdev-scm-2011-10-07/src/lockdev.c.access 2011-07-22 09:37:10.000000000 +0200
|
|
|
23fb2f |
+++ lockdev-scm-2011-10-07/src/lockdev.c 2013-12-05 11:56:57.836961642 +0100
|
|
|
23fb2f |
@@ -95,6 +95,10 @@
|
|
|
23fb2f |
*
|
|
|
23fb2f |
*/
|
|
|
23fb2f |
|
|
|
23fb2f |
+#ifndef _GNU_SOURCE
|
|
|
23fb2f |
+ #define _GNU_SOURCE
|
|
|
23fb2f |
+#endif
|
|
|
23fb2f |
+
|
|
|
23fb2f |
#include <errno.h>
|
|
|
23fb2f |
#include <signal.h>
|
|
|
23fb2f |
#include <stdio.h>
|
|
|
23fb2f |
@@ -125,6 +125,10 @@
|
|
|
23fb2f |
#include "lockdev.h"
|
|
|
23fb2f |
#include "ttylock.h"
|
|
|
23fb2f |
|
|
|
23fb2f |
+#ifndef LOCKDEV_ACCESS
|
|
|
23fb2f |
+#define LOCKDEV_ACCESS euidaccess
|
|
|
23fb2f |
+#endif
|
|
|
23fb2f |
+
|
|
|
23fb2f |
#define LOCKDEV_PATH SBINDIR "/lockdev"
|
|
|
23fb2f |
|
|
|
23fb2f |
/*
|
|
|
23fb2f |
@@ -616,7 +620,10 @@ dev_lock (const char *devname)
|
|
|
23fb2f |
if ( stat( device, &statbuf) == -1 ) {
|
|
|
23fb2f |
close_n_return(-errno);
|
|
|
23fb2f |
}
|
|
|
23fb2f |
- if ( access( device, W_OK ) == -1 ) {
|
|
|
23fb2f |
+ /* check that the caller has write permission to the device
|
|
|
23fb2f |
+ * to prevent denial-of-service attack by unauthorized users
|
|
|
23fb2f |
+ */
|
|
|
23fb2f |
+ if ( LOCKDEV_ACCESS( device, W_OK ) == -1 ) {
|
|
|
23fb2f |
close_n_return(-errno);
|
|
|
23fb2f |
}
|
|
|
23fb2f |
|
|
|
23fb2f |
@@ -780,7 +787,10 @@ dev_relock (const char *devname,
|
|
|
23fb2f |
if ( stat( device, &statbuf) == -1 ) {
|
|
|
23fb2f |
close_n_return(-errno);
|
|
|
23fb2f |
}
|
|
|
23fb2f |
- if ( access( device, W_OK ) == -1 ) {
|
|
|
23fb2f |
+ /* check that the caller has write permission to the device
|
|
|
23fb2f |
+ * to prevent denial-of-service attack by unauthorized users
|
|
|
23fb2f |
+ */
|
|
|
23fb2f |
+ if ( LOCKDEV_ACCESS( device, W_OK ) == -1 ) {
|
|
|
23fb2f |
close_n_return(-errno);
|
|
|
23fb2f |
}
|
|
|
23fb2f |
|
|
|
23fb2f |
@@ -870,7 +880,10 @@ dev_unlock (const char *devname,
|
|
|
23fb2f |
if ( stat( device, &statbuf) == -1 ) {
|
|
|
23fb2f |
close_n_return(-errno);
|
|
|
23fb2f |
}
|
|
|
23fb2f |
- if ( access( device, W_OK ) == -1 ) {
|
|
|
23fb2f |
+ /* check that the caller has write permission to the device
|
|
|
23fb2f |
+ * to prevent denial-of-service attack by unauthorized users
|
|
|
23fb2f |
+ */
|
|
|
23fb2f |
+ if ( LOCKDEV_ACCESS( device, W_OK ) == -1 ) {
|
|
|
23fb2f |
close_n_return(-errno);
|
|
|
23fb2f |
}
|
|
|
23fb2f |
|
|
|
23fb2f |
diff -ru lockdev-save/src/Makefile.am lockdev-scm-2011-10-07/src/Makefile.am
|
|
|
23fb2f |
--- lockdev-save/src/Makefile.am 2014-09-18 13:42:00.363741658 +0200
|
|
|
23fb2f |
+++ lockdev-scm-2011-10-07/src/Makefile.am 2014-09-18 13:52:10.307868154 +0200
|
|
|
23fb2f |
@@ -6,7 +6,6 @@
|
|
|
23fb2f |
AM_CPPFLAGS = -include $(top_builddir)/config.h -DSBINDIR=\"$(sbindir)\"
|
|
|
23fb2f |
|
|
|
23fb2f |
lockdev_SOURCES = sample.c
|
|
|
23fb2f |
-lockdev_LDADD = liblockdev.la
|
|
|
23fb2f |
|
|
|
23fb2f |
baudboy_SOURCES = baudboy_test.c
|
|
|
23fb2f |
baudboy_LDADD = liblockdev.la
|
|
|
23fb2f |
Solo in lockdev-scm-2011-10-07/src: Makefile.in
|
|
|
23fb2f |
diff -ru lockdev-save/src/sample.c lockdev-scm-2011-10-07/src/sample.c
|
|
|
23fb2f |
--- lockdev-save/src/sample.c 2014-09-18 13:42:00.363741658 +0200
|
|
|
23fb2f |
+++ lockdev-scm-2011-10-07/src/sample.c 2014-09-18 14:06:03.769023380 +0200
|
|
|
23fb2f |
@@ -6,6 +6,13 @@
|
|
|
23fb2f |
#include <fcntl.h>
|
|
|
23fb2f |
#include "lockdev.h"
|
|
|
23fb2f |
|
|
|
23fb2f |
+/* ttylock functions swap the real/effective uid/gid for us, so
|
|
|
23fb2f |
+ * use access instead of euidaccess.
|
|
|
23fb2f |
+ */
|
|
|
23fb2f |
+#define LOCKDEV_ACCESS access
|
|
|
23fb2f |
+#undef TTYLOCK_USE_HELPER
|
|
|
23fb2f |
+#include "lockdev.c"
|
|
|
23fb2f |
+
|
|
|
23fb2f |
void
|
|
|
23fb2f |
usage (void)
|
|
|
23fb2f |
{
|
|
|
23fb2f |
Solo in lockdev-scm-2011-10-07: VERSION
|