remove the isatty() call so it's easier to audit the helper

The isatty() check is just to catch users poking around; it provides little or no real security. With this change, you can do stuff like $ /usr/libexec/polkit-grant-helper-pam davidz PAM_PROMPT_ECHO_OFF Password: <enter real password here> SUCCESS $ /usr/libexec/polkit-grant-helper-pam davidz PAM_PROMPT_ECHO_OFF Password: not_my_password polkit-grant-helper-pam: pam_authenticated failed: Authentication failure FAILURE which is useful for auditing.
author: David Zeuthen <davidz@redhat.com> 2007-07-30 19:08:58 -0400
committer: David Zeuthen <davidz@redhat.com> 2007-07-30 19:08:58 -0400
commit: 1ac3268b7a787d2a9ae641355b80b7f3131bea71 (patch)
tree: e76005d12f9220b615775ed80c286670684679d4
parent: 368397f96a472bfedd596c8890586cc4fd9a0428 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/polkit-grant/polkit-grant-helper-pam.c b/polkit-grant/polkit-grant-helper-pam.c
index 184960f..16d53cb 100644
--- a/polkit-grant/polkit-grant-helper-pam.c
+++ b/polkit-grant/polkit-grant-helper-pam.c
@@ -71,12 +71,14 @@ main (int argc, char *argv[])
                 goto error;
         }
 
+#if 0
         /* check we're running with a non-tty stdin */
         if (isatty (STDIN_FILENO) != 0) {
                 syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
                 fprintf (stderr, "polkit-grant-helper-pam: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
                 goto error;
         }
+#endif
 
         /* get user to auth */
         if (fgets (user_to_auth, sizeof user_to_auth, stdin) == NULL)
author	David Zeuthen <davidz@redhat.com>	2007-07-30 19:08:58 -0400
committer	David Zeuthen <davidz@redhat.com>	2007-07-30 19:08:58 -0400
commit	1ac3268b7a787d2a9ae641355b80b7f3131bea71 (patch)
tree	e76005d12f9220b615775ed80c286670684679d4
parent	368397f96a472bfedd596c8890586cc4fd9a0428 (diff)