If a user is missing from /etc/shadow, we used to just allow anyone to
authenticate as that user without a password.
With this patch, authentication will instead always fail.
Now that we've moved to atomic replacement of these files when altering
them, we don't need to keep them open for the lifetime of Core::Account
so just simplify this and close them when they are not needed.
Before this patch, we had a nasty race condition when changing a user's
password: there was a time window between truncating /etc/shadow and
writing out its new contents, where you could simply "su" to root
without using a password.
Instead of writing directly to /etc/passwd and /etc/shadow, we now
create temporary files in /etc and fill them with the new contents.
Those files are then atomically renamed to /etc/passwd and /etc/shadow.
Sadly, fixing this race requires giving the passwd program a lot more
privileges. This is something we can and should improve upon. :^)
Apparently memfd_create() is newish in glibc, and oss-fuzz
uses Ubuntu 16.04 as base for its docker images, which doens't
yet have memfd_create(). But, not to worry, it does have the syscall
define and that's all we really need :/
SOCK_NONBLOCK is a linux-ism that serenity and linux support. For lagom
builds, we use ioctl/fcntl to get a non-blocking socket the old
fashioned way. Some file re-org unhid the fcntl.h dependency of TcpServer,
so add the header explicitly.
This API was a mostly gratuitous deviation from POSIX that gave up some
portability in exchange for avoiding the occasional strlen().
I don't think that was actually achieving anything valuable, so let's
just chill out and have the same open() API as everyone else. :^)
