run_part: skip scripts with insecure ownership/permission

cgzones · cgzones · commit 0534a1d5abd6 · 2023-04-17T18:38:12.000+02:00
Skip scripts that are either
  - not owned be the executing user or root,
  - not owned by the executing group or root,
  - world-writable.
diff --git a/lib/run_part.c b/lib/run_part.c
@@ -81,10 +81,24 @@ int run_parts (const char *directory, const char *name, const char *action)
 			return (1);
 		}
 
-		if (S_ISREG (sb.st_mode)) {
-			execute_result = run_part (s, name, action);
+		if (!S_ISREG (sb.st_mode)) {
+			free(s);
+			free (namelist[n]);
+			continue;
 		}
 
+		if ((sb.st_uid != 0 && sb.st_uid != getuid()) ||
+		    (sb.st_gid != 0 && sb.st_gid != getgid()) ||
+		    (sb.st_mode & 0002)) {
+			fprintf (shadow_logfd, "skipping %s due to insecure ownership/permission\n",
+			         namelist[n]->d_name);
+			free(s);
+			free (namelist[n]);
+			continue;
+		}
+
+		execute_result = run_part (s, name, action);
+
 		free (s);
 
 		if (execute_result!=0) {
