X-Git-Url: https://ruderich.org/simon/gitweb/?p=ptyas%2Fptyas.git;a=blobdiff_plain;f=ptyas.c;h=4b7b208856e88f53a43abc833ea4dde6a7c5bcdb;hp=c21c6ae35036af64b627aebf583d5980518ae5a7;hb=558cfda92d46baf905c1fad7814b1c92d1ce752f;hpb=7b101456491c5fcaa5b7f275bef98fe8fe012273

diff --git a/ptyas.c b/ptyas.c
index c21c6ae..4b7b208 100644
--- a/ptyas.c
+++ b/ptyas.c
@@ -2,7 +2,7 @@
  * Run the login shell or command as the given user in a new pty to prevent
  * terminal injection attacks.
  *
- * Copyright (C) 2016-2017  Simon Ruderich
+ * Copyright (C) 2016-2018  Simon Ruderich
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -82,9 +82,11 @@ static void open_pty_or_die(int *pty_master, int *pty_slave, uid_t uid) {
     if (*pty_slave == -1) {
         die("open slave tty");
     }
-    /* The user must be able to write to the new TTY. Normally grantpt() would
+    /*
+     * The user must be able to write to the new TTY. Normally grantpt() would
      * do this for us, but we don't trust the user and thus don't want to pass
-     * the pty_master to a process running under that uid. */
+     * the pty_master to a process running under that uid.
+     */
     if (chown(slave_path, uid, (gid_t)-1) != 0) {
         die("chown slave tty");
     }
@@ -222,8 +224,10 @@ static void proxy_input_between_ttys(int pty_master, int ctty, volatile pid_t *p
             break;
         }
 
-        /* Handle errors first. (Data available before the error occurred
-         * might be dropped, but shouldn't matter here.) */
+        /*
+         * Handle errors first. (Data available before the error occurred
+         * might be dropped, but shouldn't matter here.)
+         */
         if (fds[0].revents & (POLLERR | POLLNVAL)) {
             fprintf(stderr, "poll: error on master: %d\n", fds[0].revents);
             break;
@@ -359,9 +363,11 @@ int main(int argc, char **argv) {
         if (pid == -1) {
             die("fork child");
         } else if (pid == 0) {
-            /* Drop the privileges just now so that the other user doesn't get
+            /*
+             * Drop the privileges just now so that the other user doesn't get
              * access to the master TTY or the session leader (which might
-             * have additional privileges). */
+             * have additional privileges).
+             */
             drop_privileges_or_die(uid, gid);
 
             dup2_or_die(pty_slave, STDIN_FILENO);
@@ -376,6 +382,14 @@ int main(int argc, char **argv) {
             }
             const char *home = passwd->pw_dir;
 
+            /*
+             * Ignore errors here as we don't want to die on non-existent home
+             * directories to allow running as any user (think "/nonexistent"
+             * as home) and an error message will be annoying to ignore when
+             * running this command in scripts.
+             */
+            chdir(home);
+
             char envp_user[strlen("USER=") + strlen(user) + 1];
             char envp_home[strlen("HOME=") + strlen(home) + 1];
             char envp_term[strlen("TERM=") + strlen(term) + 1];
@@ -444,8 +458,10 @@ int main(int argc, char **argv) {
         die("tcsetattr restore");
     }
 
-    /* Wait until we got the status code from our child. poll() might already
-     * exit after POLLHUP while we haven't collected the child yet. */
+    /*
+     * Wait until we got the status code from our child. poll() might already
+     * exit after POLLHUP while we haven't collected the child yet.
+     */
     if (sigprocmask(SIG_BLOCK, &sigset, &sigset_old) != 0) {
         die("sigprocmask block sigchld loop");
     }