subsystem: Prevent endless loop

If a user has home directory "/" and login shell "*" then login and su
enter an endless loop by constantly switching to the next subsystem.

This could also be achieved with a layered approach so just checking
for "/" as home directory is not enough to protect against such a
misconfiguration.

Just break the loop if it progressed too far. I doubt that this has
negative impact on any real setup.

Signed-off-by: Samanta Navarro <ferivoz@riseup.net>

diff --git a/libmisc/sub.c b/libmisc/sub.c
index d30c4c76841b3eaaa7918f7a8a1c99ef974d3949..821596d134b65f38544be856b947f86e57728a29 100644 (file)
--- a/libmisc/sub.c
+++ b/libmisc/sub.c
@@ -15,8 +15,10 @@
 #include <sys/types.h>
 #include "prototypes.h"
 #include "defines.h"
+#define        MAX_SUBROOT2    "maximum subsystem depth reached\n"
 #define        BAD_SUBROOT2    "invalid root `%s' for user `%s'\n"
 #define        NO_SUBROOT2     "no subsystem root `%s' for user `%s'\n"
+#define        MAX_DEPTH       1024
 /*
  * subsystem - change to subsystem root
  *
@@ -27,6 +29,18 @@
  */
 void subsystem (const struct passwd *pw)
 {
+       static int depth = 0;
+
+       /*
+        * Prevent endless loop on misconfigured systems.
+        */
+       if (++depth > MAX_DEPTH) {
+               printf (_("Maximum subsystem depth reached\n"));
+               SYSLOG ((LOG_WARN, MAX_SUBROOT2));
+               closelog ();
+               exit (EXIT_FAILURE);
+       }
+
        /*
         * The new root directory must begin with a "/" character.
         */