This prevents nonlocal users and groups from disturbing a command like
‘chown 0:0 file’.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
enum nss_status
check_nonlocal_group(const char *user, struct group *grp, int *errnop)
{
+ enum nss_status status = NSS_STATUS_SUCCESS;
+ int old_errno = errno;
+ char *end;
+ unsigned long gid;
+
+ errno = 0;
+ gid = strtoul(grp->gr_name, &end, 10);
+ if (errno == 0 && *end == '\0' && (gid_t)gid == gid)
+ status = check_nonlocal_gid(user, gid, errnop);
+ errno = old_errno;
+ if (status != NSS_STATUS_SUCCESS)
+ return status;
+
return check_nonlocal_gid(user, grp->gr_gid, errnop);
}
enum nss_status
check_nonlocal_passwd(const char *user, struct passwd *pwd, int *errnop)
{
+ enum nss_status status = NSS_STATUS_SUCCESS;
+ int old_errno = errno;
+ char *end;
+ unsigned long uid;
+
+ errno = 0;
+ uid = strtoul(pwd->pw_name, &end, 10);
+ if (errno == 0 && *end == '\0' && (uid_t)uid == uid)
+ status = check_nonlocal_uid(user, uid, errnop);
+ errno = old_errno;
+ if (status != NSS_STATUS_SUCCESS)
+ return status;
+
return check_nonlocal_uid(user, pwd->pw_uid, errnop);
}