secure_path(3) hasn't been called since we recognized the TOCTOU issues a few

years back, so we can remove it.  Since nothing in the ecosystem calls it, I
am not cranking the libc major as required, surely another crank will come
along soon.
noticed by Dante Catalfamo
ok millert

diff --git a/include/login_cap.h b/include/login_cap.h
index 46a8bb6..d9a4c2c 100644 (file)
--- a/include/login_cap.h
+++ b/include/login_cap.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: login_cap.h,v 1.16 2018/07/29 19:40:41 deraadt Exp $  */
+/*     $OpenBSD: login_cap.h,v 1.17 2021/06/03 13:19:45 deraadt Exp $  */
 
 /*-
  * Copyright (c) 1995,1997 Berkeley Software Design, Inc. All rights reserved.
@@ -101,7 +101,6 @@ char        *login_getcapstr(login_cap_t *, char *, char *, char *);
 quad_t  login_getcaptime(login_cap_t *, char *, quad_t, quad_t);
 char   *login_getstyle(login_cap_t *, char *, char *);
 
-int    secure_path(char *);
 int    setclasscontext(char *, unsigned int);
 int    setusercontext(login_cap_t *, struct passwd *, uid_t, unsigned int);
 

diff --git a/lib/libc/Symbols.list b/lib/libc/Symbols.list
index f9aa62a..d6a6b68 100644 (file)
--- a/lib/libc/Symbols.list
+++ b/lib/libc/Symbols.list
@@ -739,7 +739,6 @@ readdir_r
 readpassphrase
 rewinddir
 scandir
-secure_path
 seekdir
 setclasscontext
 setdomainname

diff --git a/lib/libc/gen/login_cap.c b/lib/libc/gen/login_cap.c
index 5b19f56..d3b91f1 100644 (file)
--- a/lib/libc/gen/login_cap.c
+++ b/lib/libc/gen/login_cap.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: login_cap.c,v 1.38 2019/10/18 17:14:08 tedu Exp $     */
+/*     $OpenBSD: login_cap.c,v 1.39 2021/06/03 13:19:45 deraadt Exp $  */
 
 /*
  * Copyright (c) 2000-2004 Todd C. Miller <millert@openbsd.org>
@@ -977,32 +977,6 @@ multiply(u_quad_t n1, u_quad_t n2)
        return (m);
 }
 
-int
-secure_path(char *path)
-{
-       struct stat sb;
-
-       /*
-        * If not a regular file, or is owned/writeable by someone
-        * other than root, quit.
-        */
-       if (lstat(path, &sb) == -1) {
-               syslog(LOG_ERR, "cannot stat %s: %m", path);
-               return (-1);
-       } else if (!S_ISREG(sb.st_mode)) {
-               syslog(LOG_ERR, "%s: not a regular file", path);
-               return (-1);
-       } else if (sb.st_uid != 0) {
-               syslog(LOG_ERR, "%s: not owned by root", path);
-               return (-1);
-       } else if (sb.st_mode & (S_IWGRP | S_IWOTH)) {
-               syslog(LOG_ERR, "%s: writable by non-root", path);
-               return (-1);
-       }
-       return (0);
-}
-DEF_WEAK(secure_path);
-
 /*
  * Check whether or not a tilde in a string should be expanded.
  * We only do expansion for things like "~", "~/...", ~me", "~me/...".

diff --git a/lib/libc/hidden/login_cap.h b/lib/libc/hidden/login_cap.h
index c6dcfbf..00a0e33 100644 (file)
--- a/lib/libc/hidden/login_cap.h
+++ b/lib/libc/hidden/login_cap.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: login_cap.h,v 1.1 2015/09/13 19:58:50 guenther Exp $  */
+/*     $OpenBSD: login_cap.h,v 1.2 2021/06/03 13:19:45 deraadt Exp $   */
 /*
  * Copyright (c) 2015 Philip Guenther <guenther@openbsd.org>
  *
@@ -28,7 +28,6 @@ PROTO_NORMAL(login_getcapstr);
 PROTO_NORMAL(login_getcaptime);
 PROTO_NORMAL(login_getclass);
 PROTO_NORMAL(login_getstyle);
-PROTO_NORMAL(secure_path);
 PROTO_DEPRECATED(setclasscontext);
 PROTO_NORMAL(setusercontext);