From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 30 Apr 2019 17:26:14 +0000 (+0200)
Subject: terminal-util: reset access mode in vt_restore(), too
X-Git-Tag: v243-rc1~360^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1802d5f2cf24e43a81502fbeaa839d9b9eb7e361;p=thirdparty%2Fsystemd.git

terminal-util: reset access mode in vt_restore(), too

Only changing ownership back to root is not enough we also need to
change the access mode, otherwise the user might have set 666 first, and
thus allow everyone access before and after the chown().
---

diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c
index 71238ac9c43..3a0d16a74f5 100644
--- a/src/basic/terminal-util.c
+++ b/src/basic/terminal-util.c
@@ -1291,8 +1291,7 @@ int vt_restore(int fd) {
         };
         int r, q = 0;
 
-        r = ioctl(fd, KDSETMODE, KD_TEXT);
-        if (r < 0)
+        if (ioctl(fd, KDSETMODE, KD_TEXT) < 0)
                 q = log_debug_errno(errno, "Failed to set VT in text mode, ignoring: %m");
 
         r = vt_reset_keyboard(fd);
@@ -1302,18 +1301,17 @@ int vt_restore(int fd) {
                         q = r;
         }
 
-        r = ioctl(fd, VT_SETMODE, &mode);
-        if (r < 0) {
+        if (ioctl(fd, VT_SETMODE, &mode) < 0) {
                 log_debug_errno(errno, "Failed to set VT_AUTO mode, ignoring: %m");
                 if (q >= 0)
                         q = -errno;
         }
 
-        r = fchown(fd, 0, (gid_t) -1);
+        r = fchmod_and_chown(fd, TTY_MODE, 0, (gid_t) -1);
         if (r < 0) {
-                log_debug_errno(errno, "Failed to chown VT, ignoring: %m");
+                log_debug_errno(r, "Failed to chmod()/chown() VT, ignoring: %m");
                 if (q >= 0)
-                        q = -errno;
+                        q = r;
         }
 
         return q;
diff --git a/src/basic/terminal-util.h b/src/basic/terminal-util.h
index 90adc14d176..87d09f87598 100644
--- a/src/basic/terminal-util.h
+++ b/src/basic/terminal-util.h
@@ -163,3 +163,6 @@ int vt_restore(int fd);
 int vt_release(int fd, bool restore_vt);
 
 void get_log_colors(int priority, const char **on, const char **off, const char **highlight);
+
+/* This assumes there is a 'tty' group */
+#define TTY_MODE 0620
diff --git a/src/core/execute.c b/src/core/execute.c
index ab2a4de37a5..640efac295d 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -97,9 +97,6 @@
 #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
 #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
 
-/* This assumes there is a 'tty' group */
-#define TTY_MODE 0620
-
 #define SNDBUF_SIZE (8*1024*1024)
 
 static int shift_fds(int fds[], size_t n_fds) {