]> sourceware.org Git - newlib-cygwin.git/commit
git://sourceware.org / newlib-cygwin.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2166f7d) | patch
Cygwin: seteuid: refuse changing uid to disabled or locked out user
authorCorinna Vinschen <corinna@vinschen.de>
Thu, 24 Jan 2019 15:22:49 +0000 (16:22 +0100)
committerCorinna Vinschen <corinna@vinschen.de>
Thu, 24 Jan 2019 15:24:35 +0000 (16:24 +0100)
commit2c12a2c32a6fe43f8a74e2792ad15c65116c6e2c
tree7777f28600a8fbcaa2c0da0f8f8b6df6a4a818a2tree
parent2166f7dc0d9ae212d9f663241501f6fd17b71e50commit | diff
Cygwin: seteuid: refuse changing uid to disabled or locked out user

So far seteuid could change uid to any existing account, given
sufficient permissions of the caller.  This is kind of bad since
it disallows admins to refuse login to disabled or locked out
accounts.

Add check for the account's UF_ACCOUNTDISABLE or UF_LOCKOUT flags
and don't let the user in, if one of the flags is set.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
winsup/cygwin/release/2.12.0 diff | blob | blame | history
winsup/cygwin/sec_auth.cc diff | blob | blame | history
newlib and cygwin
This page took 0.034874 seconds and 5 git commands to generate.