wall,crontab: use xopen_as_uid_gid()

RyanMallon · Denys Vlasenko · commit 1d30b3f1f66a · 2013-10-08T14:53:29.000+02:00
This fixes a narrow security race in crontab.

function                                             old     new   delta
xopen_as_uid_gid                                       -      80     +80
seteuid                                                -      64     +64
setegid                                                -      64     +64
setreuid                                               -      37     +37
xseteuid                                               -      22     +22
xsetegid                                               -      22     +22
crontab_main                                         590     577     -13
setfsuid                                              33       -     -33
setfsgid                                              33       -     -33
wall_main                                            138     102     -36
open_as_user                                         109       -    -109

   text    data     bss     dec     hex filename
 893539     497    7568  901604   dc1e4 busybox_old
 893618     497    7568  901683   dc233 busybox_unstripped

Signed-off-by: Ryan Mallon &lt;rmallon@gmail.com&gt;
Signed-off-by: Denys Vlasenko &lt;vda.linux@googlemail.com&gt;
diff --git a/miscutils/crontab.c b/miscutils/crontab.c
@@ -55,28 +55,6 @@ static void edit_file(const struct passwd *pas, const char *file)
 	bb_perror_msg_and_die("can't execute '%s'", ptr);
 }
 
-static int open_as_user(const struct passwd *pas, const char *file)
-{
-	pid_t pid;
-	char c;
-
-	pid = xvfork();
-	if (pid) { /* PARENT */
-		if (wait4pid(pid) == 0) {
-			/* exitcode 0: child says it can read */
-			return open(file, O_RDONLY);
-		}
-		return -1;
-	}
-
-	/* CHILD */
-	/* initgroups, setgid, setuid */
-	change_identity(pas);
-	/* We just try to read one byte. If it works, file is readable
-	 * under this user. We signal that by exiting with 0. */
-	_exit(safe_read(xopen(file, O_RDONLY), &c, 1) < 0);
-}
-
 int crontab_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int crontab_main(int argc UNUSED_PARAM, char **argv)
 {
@@ -137,10 +115,7 @@ int crontab_main(int argc UNUSED_PARAM, char **argv)
 		if (!argv[0])
 			bb_show_usage();
 		if (NOT_LONE_DASH(argv[0])) {
-			src_fd = open_as_user(pas, argv[0]);
-			if (src_fd < 0)
-				bb_error_msg_and_die("user %s cannot read %s",
-						pas->pw_name, argv[0]);
+			src_fd = xopen_as_uid_gid(argv[0], O_RDONLY, pas->pw_uid, pas->pw_gid);
 		}
 	}
 
diff --git a/miscutils/wall.c b/miscutils/wall.c
@@ -41,11 +41,7 @@ int wall_main(int argc UNUSED_PARAM, char **argv)
 		/* The applet is setuid.
 		 * Access to the file must be under user's uid/gid.
 		 */
-		setfsuid(getuid());
-		setfsgid(getgid());
-		fd = xopen(argv[1], O_RDONLY);
-		setfsuid(geteuid());
-		setfsgid(getegid());
+		fd = xopen_as_uid_gid(argv[1], O_RDONLY, getuid(), getgid());
 	}
 	msg = xmalloc_read(fd, NULL);
 	if (ENABLE_FEATURE_CLEAN_UP && argv[1])
