secure_path(3) hasn't been called since we recognized the TOCTOU issues a few

years back, so we can remove it. Since nothing in the ecosystem calls it, I am not cranking the libc major as required, surely another crank will come along soon. noticed by Dante Catalfamo ok millert
2025-01-04 23:35:36 -08:00 · 2021-06-03 13:19:45 +00:00 · 2021-06-03 13:19:45 +00:00 · c0455c86ed
commit c0455c86ed
parent 5ce8929879
4 changed files with 3 additions and 32 deletions
--- a/include/login_cap.h
+++ b/include/login_cap.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: login_cap.h,v 1.16 2018/07/29 19:40:41 deraadt Exp $	*/
+/*	$OpenBSD: login_cap.h,v 1.17 2021/06/03 13:19:45 deraadt Exp $	*/

 /*-
 * Copyright (c) 1995,1997 Berkeley Software Design, Inc. All rights reserved.
@ -101,7 +101,6 @@ char	*login_getcapstr(login_cap_t *, char *, char *, char *);
 quad_t	 login_getcaptime(login_cap_t *, char *, quad_t, quad_t);
 char	*login_getstyle(login_cap_t *, char *, char *);

-int	secure_path(char *);
 int	setclasscontext(char *, unsigned int);
 int	setusercontext(login_cap_t *, struct passwd *, uid_t, unsigned int);

--- a/lib/libc/Symbols.list
+++ b/lib/libc/Symbols.list
@ -739,7 +739,6 @@ readdir_r
 readpassphrase
 rewinddir
 scandir
-secure_path
 seekdir
 setclasscontext
 setdomainname
--- a/lib/libc/gen/login_cap.c
+++ b/lib/libc/gen/login_cap.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: login_cap.c,v 1.38 2019/10/18 17:14:08 tedu Exp $	*/
+/*	$OpenBSD: login_cap.c,v 1.39 2021/06/03 13:19:45 deraadt Exp $	*/

 /*
 * Copyright (c) 2000-2004 Todd C. Miller <millert@openbsd.org>
@ -977,32 +977,6 @@ multiply(u_quad_t n1, u_quad_t n2)
 	return (m);
 }

-int
-secure_path(char *path)
-{
-	struct stat sb;
-
-	/*
-	 * If not a regular file, or is owned/writeable by someone
-	 * other than root, quit.
-	 */
-	if (lstat(path, &sb) == -1) {
-		syslog(LOG_ERR, "cannot stat %s: %m", path);
-		return (-1);
-	} else if (!S_ISREG(sb.st_mode)) {
-		syslog(LOG_ERR, "%s: not a regular file", path);
-		return (-1);
-	} else if (sb.st_uid != 0) {
-		syslog(LOG_ERR, "%s: not owned by root", path);
-		return (-1);
-	} else if (sb.st_mode & (S_IWGRP | S_IWOTH)) {
-		syslog(LOG_ERR, "%s: writable by non-root", path);
-		return (-1);
-	}
-	return (0);
-}
-DEF_WEAK(secure_path);
-
 /*
 * Check whether or not a tilde in a string should be expanded.
 * We only do expansion for things like "~", "~/...", ~me", "~me/...".
--- a/lib/libc/hidden/login_cap.h
+++ b/lib/libc/hidden/login_cap.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: login_cap.h,v 1.1 2015/09/13 19:58:50 guenther Exp $	*/
+/*	$OpenBSD: login_cap.h,v 1.2 2021/06/03 13:19:45 deraadt Exp $	*/
 /*
 * Copyright (c) 2015 Philip Guenther <guenther@openbsd.org>
 *
@ -28,7 +28,6 @@ PROTO_NORMAL(login_getcapstr);
 PROTO_NORMAL(login_getcaptime);
 PROTO_NORMAL(login_getclass);
 PROTO_NORMAL(login_getstyle);
-PROTO_NORMAL(secure_path);
 PROTO_DEPRECATED(setclasscontext);
 PROTO_NORMAL(setusercontext);