Eric,
> diff --git a/lib/pt_chown.c b/lib/pt_chown.c
> index ccc04fd..f654b2d 100644
> --- a/lib/pt_chown.c
> +++ b/lib/pt_chown.c
> @@ -30,22 +30,18 @@
>
> static int
> -do_pt_chown (void)
> +do_pt_chown (char *pty)
> {
> - char *pty;
> struct stat st;
> struct group *p;
> gid_t gid;
>
> - /* Check that PTY_FILENO is a valid master pseudo terminal. */
> - pty = ptsname (PTY_FILENO);
> - if (pty == NULL)
> - return errno == EBADF ? FAIL_EBADF : FAIL_EINVAL;
> -
> /* Check that the returned slave pseudo terminal is a
> character device. */
> if (stat (pty, &st) < 0 || !S_ISCHR (st.st_mode))
> @@ -75,11 +71,11 @@ main (int argc, char *argv[])
> {
> uid_t euid = geteuid ();
>
> - if (argc == 1 && euid == 0)
> + if (argc == 2 && argv[1][0] != '-' && euid == 0)
> {
> /* Normal invocation of this program is with no arguments and
> with privileges. */
> - return do_pt_chown ();
> + return do_pt_chown (argv[1]);
> }
>
> /* It would be possible to drop setuid/setgid privileges here. But it is
> not
> @@ -123,11 +119,11 @@ main (int argc, char *argv[])
>
> if (do_help)
> {
> - printf ("Usage: pt_chown [OPTION...]\n");
> + printf ("Usage: pt_chown [OPTION...] PTSNAME\n");
With this patch, 'pt_chown' would be a setuid-root executable that changes
the group id of the file passed as argument, and the only restriction would
be that it must be a character device. On Linux, this would include
/dev/audio, /dev/mixer (sound devices), /dev/fb0 (the framebuffer console),
/dev/nvram, and /dev/ttyS0 (serial connections). Malicious people can
certainly find ways to damage a system by using such a program. Therefore
such a program is a no-no, for security reasons.
Bruno
--
In memoriam Eduard Brücklmeier <http://en.wikipedia.org/wiki/Eduard_Brücklmeier>
