Src/Hyperion-kernel/lib/modules/hyperion/40_auth.kmod

@@ -236,19 +236,18 @@ local function nextUID()
     return max + 1
 end
 
-function auth.login(username, password)
-    if type(username) ~= "string" or type(password) ~= "string" then
+function auth.login(uid, password)
+    if type(uid) ~= "number" or type(password) ~= "string" then
         return nil, "Authentication failure"
     end
 
-    local entry = getPasswdByUsername(username)
+    local entry = getPasswdByUID(uid)
     if not entry then
         -- timing attack resistance
         hashPassword(password, "aaaaaaaaaaaaaaaa")
         return nil, "Authentication failure"
     end
 
-    local uid = tonumber(entry[1])
     local sEntry = getShadowByUID(uid)
     if not sEntry then
         hashPassword(password, "aaaaaaaaaaaaaaaa")
@@ -273,7 +272,7 @@ function auth.login(username, password)
         _task.egid = tonumber(entry[2]) or uid
     end
 
-    kernel.log("AUTH: login uid=" .. tostring(uid) .. " (" .. username .. ")")
+    kernel.log("AUTH: login uid=" .. tostring(uid) .. " (" .. getPasswdByUID(uid)[3] .. ")")
     return true
 end
 

Src/Hyperion-kernel/lib/modules/hyperion/92_setup.kmod

@@ -96,8 +96,8 @@ if kernel.firstBoot then
         {"sbin", REG, 0, 0, RWX_RX_RX},
         {"tmp",  REG, 0, 0, RWXRWXRWX},
         {"usr",  REG, 0, 0, RWX_RX_RX},
-        {"var",  REG, 0, 0, RWX_RX_RX},
-        {"opt",  REG, 0, 0, RWXRWXRWX},
+        {"var",  REG, 0, 0, RWXRWXRWX},
+        {"opt",  REG, 0, 0, RWX_RX_RX},
     })
 
     mergeMeta("/bin", {

Src/hysh/bin/login

@@ -130,8 +130,9 @@ local function doLogin()
 
         syscall.write(1, "Password: ")
         local password = readLine("*")
+        local uid = syscall.getuidbyname(username)
         
-        local ok, err = syscall.login(username, password)
+        local ok, err = syscall.login(uid, password)
         if ok then
             local uid     = syscall.getuid()
             local pwent   = syscall.getpasswd(uid)

Src/hysh/bin/passwd

@@ -9,7 +9,7 @@ local currentUid = syscall.getuid()
 
 local targetUid
 if targetName then
-    targetUid = syscall.getuid(targetName)
+    targetUid = syscall.getuid()
     if not targetUid then
         print("passwd: user '" .. targetName .. "' does not exist")
         syscall.exit(1); return
@@ -36,7 +36,7 @@ if currentUid ~= 0 then
             if #cur > 0 then cur=cur:sub(1,-2); syscall.write(1,"\b \b") end
         else cur=cur..ch; syscall.write(1,"*") end
     end
-    local ok, err = syscall.elevate(targetName, cur)
+    local ok, err = syscall.login(targetUid, cur)
     if not ok then
         sleep(1)
         print("passwd: authentication failure")

Src/hysh/bin/su

@@ -1,7 +1,12 @@
 --:Minify:--
-local targetUser = ({ ... })[1] or "root"
+local targetUser = ({ ... })[1]
 local currentUid = syscall.getuid()
-local targetUid  = syscall.getuidbyname(targetUser)
+local targetUid
+if targetUser then
+    targetUid = syscall.getuidbyname(targetUser)
+else
+    targetUid = 0
+end
 
 if not targetUid then
     print("su: user '" .. targetUser .. "' does not exist")
@@ -25,20 +30,21 @@ if currentUid ~= 0 then
         end
     end
 
-    local ok, err = syscall.elevate(targetUser, pw)
+    local ok, err = syscall.login(targetUid, pw)
     if not ok then
         sleep(1)
         print("su: Authentication failure")
         syscall.exit(1)
         return
     end
+else
+    syscall.setuid(targetUid)
 end
 
-syscall.setuid(targetUid)
-
 local pwent   = syscall.getpasswd(targetUid)
 local shell   = (pwent and pwent.shell)   or "/bin/hysh"
 local homedir = (pwent and pwent.homedir) or "/"
+local username= (pwent and pwent.username)or "Unknown"
 
 local ok_cd, err_cd = pcall(syscall.chdir, homedir)
 if not ok_cd then
@@ -46,7 +52,7 @@ if not ok_cd then
     syscall.chdir(homedir)
 end
 syscall.setEnviron("HOME",  homedir)
-syscall.setEnviron("USER",  targetUser)
+syscall.setEnviron("USER",  username)
 syscall.setEnviron("SHELL", shell)
 
 local ok, err = pcall(syscall.exec, shell)

Src/hysh/bin/sudo

@@ -55,7 +55,7 @@ if currentUid ~= 0 then
         end
     end
 
-    local ok, err = syscall.elevate("root", pw)
+    local ok, err = syscall.login(0, pw)
     if not ok then
         sleep(1)
         print("sudo: Authentication failure")

manifest.lua

@@ -3,6 +3,8 @@
 --- @diagnostic disable: duplicate-set-field
 syscall={}
 
+--- @alias userinfo {username:string,homedir:string,shell:string,uid:number,gid:number}
+
 --- Sets home directory of User with corresponding uid to homedir
 --- @param uid integer
 --- @param homedir string
@@ -164,7 +166,7 @@ syscall.setpassword=function(uid, newPassword) end
 
 --- Set environment variable
 --- @param key string
---- @param value string
+--- @param value any
 --- @return boolean
 syscall.setEnviron=function(key, value) end
 
@@ -197,7 +199,7 @@ syscall.exit=function(code) end
 
 --- Get environment variable
 --- @param key string
---- @return string|nil
+--- @return any
 syscall.getEnviron=function(key) end
 
 --- Continue a stopped task
@@ -337,7 +339,7 @@ syscall.remove=function(path) end
 --- @return string|nil
 syscall.type=function(path) end
 
---- Elevate to another user with password
+--- Elevate to root with password (Disabled due to VULN)
 --- @param targetUsername string
 --- @param password string
 --- @return boolean
@@ -374,11 +376,11 @@ syscall.setusername=function(uid, newUsername) end
 --- @return integer
 syscall.geteuid=function() end
 
---- Login user
---- @param username string
+--- Login as user
+--- @param uid integer
 --- @param password string
 --- @return boolean
-syscall.login=function(username, password) end
+syscall.login=function(uid, password) end
 
 --- Get system hostname
 --- @return string
@@ -514,9 +516,9 @@ syscall.access=function(path, mode) end
 --- Ignore current signal
 syscall.sigignore=function() end
 
---- Get user password hash
+--- Get user information
 --- @param uid integer
---- @return string|nil
+--- @return userinfo|nil
 syscall.getpasswd=function(uid) end
 
 --- Get OS version