lib/commonio.c: Drop lrename

The lrename function follows symlinks when renaming files. Since the
source is a temporary file and the target is the database file itself,
which is opened with O_NOFOLLOW, this function is only useful for an
attacker who manages to win some form of race.

Fixes: 0fa908302660 (2007-10-07; "[svn-upgrade] Integrating new upstream version, shadow (4.0.16)")
Fixes: 391a3847157c (2010-03-04; "2010-01-30  Paweł Hajdan, Jr.  <phajdan.jr@gentoo.org>")
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

diff --git a/lib/commonio.c b/lib/commonio.c
index 4131a2e096298403a6f2ecca8a13bbb92c16d8b7..28dc7324cf10f2dba2ab877ee10b78ba1d481995 100644 (file)
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -45,7 +45,6 @@
 
 
 /* local function prototypes */
-static int lrename (const char *, const char *);
 static int check_link_count (const char *file, bool log);
 static int do_lock_file (const char *file, const char *lock, bool log);
 static /*@null@*/ /*@dependent@*/FILE *fmkstemp_set_perms (
@@ -69,32 +68,6 @@ static /*@dependent@*/ /*@null@*/struct commonio_entry *next_entry_by_name (
 static int lock_count = 0;
 static bool nscd_need_reload = false;
 
-/*
- * Simple rename(P) alternative that attempts to rename to symlink
- * target.
- */
-int lrename (const char *old, const char *new)
-{
-       int res;
-       char *r = NULL;
-       struct stat sb;
-
-       if (lstat (new, &sb) == 0 && S_ISLNK (sb.st_mode)) {
-               r = realpath (new, NULL);
-               if (NULL == r) {
-                       perror ("realpath in lrename()");
-               } else {
-                       new = r;
-               }
-       }
-
-       res = rename (old, new);
-
-       free (r);
-
-       return res;
-}
-
 static int check_link_count (const char *file, bool log)
 {
        struct stat sb;
@@ -311,7 +284,7 @@ static int create_backup (const char *name, FILE * fp)
        }
 
        stprintf_a(target, "%s-", name);
-       if (lrename(tmpf, target) != 0) {
+       if (rename(tmpf, target) != 0) {
                unlink(tmpf);
                return -1;
        }
@@ -975,7 +948,7 @@ commonio_close(struct commonio_db *db, MAYBE_UNUSED bool process_selinux)
                goto fail;
        }
 
-       if (lrename(tmpf, db->filename) != 0) {
+       if (rename(tmpf, db->filename) != 0) {
                goto fail;
        }