diff options
| author | Mattias Andrée <maandree@operamail.com> | 2013-11-18 18:29:22 +0100 | 
|---|---|---|
| committer | Mattias Andrée <maandree@operamail.com> | 2013-11-18 18:29:22 +0100 | 
| commit | 44716a78aa42f999ac618cec1dc04ddb0c2c42e0 (patch) | |
| tree | 47fe1fe4a3bbfdad403308e6565aebccd8d5ba01 | |
| parent | confs (diff) | |
| download | libpassphrase-44716a78aa42f999ac618cec1dc04ddb0c2c42e0.tar.gz libpassphrase-44716a78aa42f999ac618cec1dc04ddb0c2c42e0.tar.bz2 libpassphrase-44716a78aa42f999ac618cec1dc04ddb0c2c42e0.tar.xz | |
use tty group
Signed-off-by: Mattias Andrée <maandree@operamail.com>
| -rw-r--r-- | configurable-definitions | 5 | ||||
| -rw-r--r-- | src/cerberus.c | 17 | ||||
| -rw-r--r-- | src/cerberus.h | 3 | ||||
| -rw-r--r-- | src/security.c | 8 | ||||
| -rw-r--r-- | src/security.h | 4 | 
5 files changed, 32 insertions, 5 deletions
| diff --git a/configurable-definitions b/configurable-definitions index a26a551..751e192 100644 --- a/configurable-definitions +++ b/configurable-definitions @@ -3,6 +3,11 @@ TTY_PERM  (default: 0600, type: int)     Mode for TTY devices +USE_TTY_GROUP (default: undefinied, type: #ifdef) + +   Use the group tty for group ownership of TTY devices + +  FAILURE_SLEEP  (default: 5, type: float)     Number of seconds to sleep on login failure. diff --git a/src/cerberus.c b/src/cerberus.c index 2199d7b..e3f3f95 100644 --- a/src/cerberus.c +++ b/src/cerberus.c @@ -19,6 +19,11 @@  #include "cerberus.h" +#ifndef USE_TTY_GROUP +#define tty_group  0 +#endif + +  /**   * Mane method   *  @@ -33,6 +38,10 @@ int main(int argc, char** argv)    char* passphrase = NULL;    char preserve_env = 0;    char skip_auth = 0; +  #ifdef USE_TTY_GROUP +  gid_t tty_group = 0; +  struct group* group; +  #endif    struct passwd* entry; @@ -117,7 +126,11 @@ int main(int argc, char** argv)    /* Make sure nopony is spying */ -  secure_tty(); +  #ifdef USE_TTY_GROUP +  if ((group = getgrnam("tty"))) +    tty_group = group->gr_gid; +  #endif +  secure_tty(tty_group);    /* Set up clean quiting and time out */ @@ -170,7 +183,7 @@ int main(int argc, char** argv)    /* Reset terminal ownership and mode */ -  chown_tty(0, -1, 0); +  chown_tty(0, tty_group, 0);    return 0;  } diff --git a/src/cerberus.h b/src/cerberus.h index 1dbd029..4f7b7b9 100644 --- a/src/cerberus.h +++ b/src/cerberus.h @@ -21,6 +21,9 @@  #include <signal.h>  #include <pwd.h>  #include <errno.h> +#ifdef USE_TTY_GROUP +#include <grp.h> +#endif  #include "passphrase.h"  #include "quit.h" diff --git a/src/security.c b/src/security.c index af7df30..1e1dd9e 100644 --- a/src/security.c +++ b/src/security.c @@ -29,8 +29,10 @@ static inline void fail(char* str)  /**   * Secure the TTY from spying + *  + * @param  group  The group, -1 for unchanged   */ -void secure_tty(void) +void secure_tty(gid_t group)  {    struct termios tty;    struct termios saved_tty; @@ -38,7 +40,7 @@ void secure_tty(void)    int fd, i;    /* Set ownership of this TTY to root:root */ -  chown_tty(0, -1, 1); +  chown_tty(0, group, 1);    /* Get TTY name for last part of this functions */    tty_device = ttyname(STDIN_FILENO); @@ -80,7 +82,9 @@ void secure_tty(void)   */  void chown_tty(uid_t owner, gid_t group, int with_fail)   { +  #if defined(OWN_VCSA) || defined(OWN_VCS)    struct vt_stat vtstat; +  #endif    /* Set ownership of this TTY */    if (fchown(STDIN_FILENO, owner, group) && with_fail) diff --git a/src/security.h b/src/security.h index b16ef1b..5e291ff 100644 --- a/src/security.h +++ b/src/security.h @@ -38,8 +38,10 @@  /**   * Secure the TTY from spying + *  + * @param  group  The group, -1 for unchanged   */ -void secure_tty(void); +void secure_tty(gid_t group);  /**   * Set ownership and mode of the TTY | 
