From c0455c86ed02512eef3780b913f87c539b4bc573 Mon Sep 17 00:00:00 2001 From: deraadt Date: Thu, 3 Jun 2021 13:19:45 +0000 Subject: [PATCH] secure_path(3) hasn't been called since we recognized the TOCTOU issues a few years back, so we can remove it. Since nothing in the ecosystem calls it, I am not cranking the libc major as required, surely another crank will come along soon. noticed by Dante Catalfamo ok millert --- include/login_cap.h | 3 +-- lib/libc/Symbols.list | 1 - lib/libc/gen/login_cap.c | 28 +--------------------------- lib/libc/hidden/login_cap.h | 3 +-- 4 files changed, 3 insertions(+), 32 deletions(-) diff --git a/include/login_cap.h b/include/login_cap.h index 46a8bb6311b..d9a4c2c349c 100644 --- a/include/login_cap.h +++ b/include/login_cap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: login_cap.h,v 1.16 2018/07/29 19:40:41 deraadt Exp $ */ +/* $OpenBSD: login_cap.h,v 1.17 2021/06/03 13:19:45 deraadt Exp $ */ /*- * Copyright (c) 1995,1997 Berkeley Software Design, Inc. All rights reserved. @@ -101,7 +101,6 @@ char *login_getcapstr(login_cap_t *, char *, char *, char *); quad_t login_getcaptime(login_cap_t *, char *, quad_t, quad_t); char *login_getstyle(login_cap_t *, char *, char *); -int secure_path(char *); int setclasscontext(char *, unsigned int); int setusercontext(login_cap_t *, struct passwd *, uid_t, unsigned int); diff --git a/lib/libc/Symbols.list b/lib/libc/Symbols.list index f9aa62ab6e8..d6a6b684827 100644 --- a/lib/libc/Symbols.list +++ b/lib/libc/Symbols.list @@ -739,7 +739,6 @@ readdir_r readpassphrase rewinddir scandir -secure_path seekdir setclasscontext setdomainname diff --git a/lib/libc/gen/login_cap.c b/lib/libc/gen/login_cap.c index 5b19f56749a..d3b91f1955c 100644 --- a/lib/libc/gen/login_cap.c +++ b/lib/libc/gen/login_cap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login_cap.c,v 1.38 2019/10/18 17:14:08 tedu Exp $ */ +/* $OpenBSD: login_cap.c,v 1.39 2021/06/03 13:19:45 deraadt Exp $ */ /* * Copyright (c) 2000-2004 Todd C. Miller @@ -977,32 +977,6 @@ multiply(u_quad_t n1, u_quad_t n2) return (m); } -int -secure_path(char *path) -{ - struct stat sb; - - /* - * If not a regular file, or is owned/writeable by someone - * other than root, quit. - */ - if (lstat(path, &sb) == -1) { - syslog(LOG_ERR, "cannot stat %s: %m", path); - return (-1); - } else if (!S_ISREG(sb.st_mode)) { - syslog(LOG_ERR, "%s: not a regular file", path); - return (-1); - } else if (sb.st_uid != 0) { - syslog(LOG_ERR, "%s: not owned by root", path); - return (-1); - } else if (sb.st_mode & (S_IWGRP | S_IWOTH)) { - syslog(LOG_ERR, "%s: writable by non-root", path); - return (-1); - } - return (0); -} -DEF_WEAK(secure_path); - /* * Check whether or not a tilde in a string should be expanded. * We only do expansion for things like "~", "~/...", ~me", "~me/...". diff --git a/lib/libc/hidden/login_cap.h b/lib/libc/hidden/login_cap.h index c6dcfbfc8fb..00a0e33223c 100644 --- a/lib/libc/hidden/login_cap.h +++ b/lib/libc/hidden/login_cap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: login_cap.h,v 1.1 2015/09/13 19:58:50 guenther Exp $ */ +/* $OpenBSD: login_cap.h,v 1.2 2021/06/03 13:19:45 deraadt Exp $ */ /* * Copyright (c) 2015 Philip Guenther * @@ -28,7 +28,6 @@ PROTO_NORMAL(login_getcapstr); PROTO_NORMAL(login_getcaptime); PROTO_NORMAL(login_getclass); PROTO_NORMAL(login_getstyle); -PROTO_NORMAL(secure_path); PROTO_DEPRECATED(setclasscontext); PROTO_NORMAL(setusercontext); -- 2.20.1