forked from Hyperion/HyperionOS
fixed elevate VULN
This commit is contained in:
@@ -9,7 +9,7 @@ local currentUid = syscall.getuid()
|
||||
|
||||
local targetUid
|
||||
if targetName then
|
||||
targetUid = syscall.getuid(targetName)
|
||||
targetUid = syscall.getuid()
|
||||
if not targetUid then
|
||||
print("passwd: user '" .. targetName .. "' does not exist")
|
||||
syscall.exit(1); return
|
||||
@@ -36,7 +36,7 @@ if currentUid ~= 0 then
|
||||
if #cur > 0 then cur=cur:sub(1,-2); syscall.write(1,"\b \b") end
|
||||
else cur=cur..ch; syscall.write(1,"*") end
|
||||
end
|
||||
local ok, err = syscall.elevate(targetName, cur)
|
||||
local ok, err = syscall.login(targetUid, cur)
|
||||
if not ok then
|
||||
sleep(1)
|
||||
print("passwd: authentication failure")
|
||||
|
||||
@@ -1,7 +1,12 @@
|
||||
--:Minify:--
|
||||
local targetUser = ({ ... })[1] or "root"
|
||||
local targetUser = ({ ... })[1]
|
||||
local currentUid = syscall.getuid()
|
||||
local targetUid = syscall.getuidbyname(targetUser)
|
||||
local targetUid
|
||||
if targetUser then
|
||||
targetUid = syscall.getuidbyname(targetUser)
|
||||
else
|
||||
targetUid = 0
|
||||
end
|
||||
|
||||
if not targetUid then
|
||||
print("su: user '" .. targetUser .. "' does not exist")
|
||||
@@ -25,20 +30,21 @@ if currentUid ~= 0 then
|
||||
end
|
||||
end
|
||||
|
||||
local ok, err = syscall.elevate(targetUser, pw)
|
||||
local ok, err = syscall.login(targetUid, pw)
|
||||
if not ok then
|
||||
sleep(1)
|
||||
print("su: Authentication failure")
|
||||
syscall.exit(1)
|
||||
return
|
||||
end
|
||||
else
|
||||
syscall.setuid(targetUid)
|
||||
end
|
||||
|
||||
syscall.setuid(targetUid)
|
||||
|
||||
local pwent = syscall.getpasswd(targetUid)
|
||||
local shell = (pwent and pwent.shell) or "/bin/hysh"
|
||||
local homedir = (pwent and pwent.homedir) or "/"
|
||||
local username= (pwent and pwent.username)or "Unknown"
|
||||
|
||||
local ok_cd, err_cd = pcall(syscall.chdir, homedir)
|
||||
if not ok_cd then
|
||||
@@ -46,11 +52,11 @@ if not ok_cd then
|
||||
syscall.chdir(homedir)
|
||||
end
|
||||
syscall.setEnviron("HOME", homedir)
|
||||
syscall.setEnviron("USER", targetUser)
|
||||
syscall.setEnviron("USER", username)
|
||||
syscall.setEnviron("SHELL", shell)
|
||||
|
||||
local ok, err = pcall(syscall.exec, shell)
|
||||
if not ok then
|
||||
print("su: cannot exec shell '" .. shell .. "': " .. tostring(err))
|
||||
syscall.exit(1)
|
||||
end
|
||||
end
|
||||
@@ -55,7 +55,7 @@ if currentUid ~= 0 then
|
||||
end
|
||||
end
|
||||
|
||||
local ok, err = syscall.elevate("root", pw)
|
||||
local ok, err = syscall.login(0, pw)
|
||||
if not ok then
|
||||
sleep(1)
|
||||
print("sudo: Authentication failure")
|
||||
|
||||
Reference in New Issue
Block a user