diff options
| author | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2014-11-18 11:07:36 +0100 |
|---|---|---|
| committer | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2014-11-20 10:30:25 +0100 |
| commit | ffd52858449d58111581d5ee82ff1c3ffba585a5 (patch) | |
| tree | b125a84336e3a14efaa081fe9f502c967dadf67a /cpukit/libmisc/shell/shell.c | |
| parent | shell: Add and use rtems_shell_execute_cmd() (diff) | |
| download | rtems-ffd52858449d58111581d5ee82ff1c3ffba585a5.tar.bz2 | |
shell: Inherit UID and GID if no login check
Use the UID and GID of the executing user for the real and effective UID
and GID of the shell task in case no login check is present. This
prevents privilege escalation via shell scripts.
Diffstat (limited to 'cpukit/libmisc/shell/shell.c')
| -rw-r--r-- | cpukit/libmisc/shell/shell.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/cpukit/libmisc/shell/shell.c b/cpukit/libmisc/shell/shell.c index 5b742575e9..14d4b5f674 100644 --- a/cpukit/libmisc/shell/shell.c +++ b/cpukit/libmisc/shell/shell.c @@ -838,6 +838,12 @@ bool rtems_shell_main_loop( if (shell_env->login_check != NULL) { result = rtems_shell_login(shell_env, stdin,stdout); } else { + setuid(shell_env->uid); + setgid(shell_env->gid); + seteuid(shell_env->uid); + setegid(shell_env->gid); + rtems_current_user_env_getgroups(); + result = true; } } @@ -1010,6 +1016,8 @@ static rtems_status_code rtems_shell_run ( shell_env->output_append = output_append; shell_env->wake_on_end = wake_on_end; shell_env->login_check = login_check; + shell_env->uid = getuid(); + shell_env->gid = getgid(); getcwd(shell_env->cwd, sizeof(shell_env->cwd)); |