Most distros install binaries with write permissions for the owner (root). We
don't need to check them, since the owner can always also change the permission.
Also many packaging systems use symlinks to organize different versions or
alternatives of programms. Also busybox style toolkits use symlinks, so we
should follow them.
---
Hello,
I found the sup-tool a little unusable and tried to „fix“ it as described above.
Are there any security considerations, I did not see?
Regards,
Markus
sup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sup.c b/sup.c
index b88d949..7cec6ff 100644
--- a/sup.c
+++ b/sup.c
@@ -72,9 +72,9 @@ int main(int argc, char **argv) {
else if (!(cmd = getpath (argv[1])))
return die (1, "execv", "cannot find
program");
} else cmd = rules[i].path;
- if (lstat (cmd, &st) == -1)
+ if (stat (cmd, &st) == -1)
return die (1, "lstat", "cannot stat program");
- if (st.st_mode & 0222)
+ if (st.st_mode & 0022)
return die (1, "stat", "cannot run writable
binaries.");
#endif
if (uid != SETUID && rules[i].uid != -1 && rules[i].uid
!= uid)
--
1.8.2
