4 changed files with 20 additions and 49 deletions
--- a/apps/src/init.c
+++ b/apps/src/init.c
@ -53,6 +53,8 @@ int main()

    show_motd();

+    msleep(200);
+
    pid_t child = fork();
    if (child < 0)
    {
--- a/apps/src/session.c
+++ b/apps/src/session.c
@ -39,24 +39,6 @@ static void strip_newline(char* str)
    if (str[len - 1] == '\n') str[len - 1] = 0;
 }

-static char* collect_password()
-{
-    static char buf[BUFSIZ];
-
-    printf("Password: ");
-    fgets(buf, BUFSIZ, stdin);
-
-    strip_newline(buf);
-    putchar('\n');
-
-    char* copy = strdup(
-        buf); // The password only stays in a caller-controlled heap-allocated buffer, where it can be freed at will.
-
-    memset(buf, 0, BUFSIZ);
-
-    return copy;
-}
-
 static void login_as(struct passwd* user)
 {
    pid_t child = fork();
@ -92,19 +74,18 @@ static int login()
            printf("Unknown user %s\n", username);
        return 0;
    }
-    char* password = collect_password();
-    putchar('\n');
+    printf("Password: ");
+    char password[BUFSIZ];
+    fgets(password, BUFSIZ, stdin);
+    strip_newline(password);
+    puts("\n");
    if (strcmp(user->pw_passwd, password) == 0)
    {
-        free(password);
        login_as(user);
        puts("logout\n");
    }
    else
-    {
-        free(password);
        puts("Invalid password.\n");
-    }
    return 0;
 }

--- a/apps/src/sh.c
+++ b/apps/src/sh.c
@ -87,7 +87,6 @@ void show_prompt()
            username = "??";
        }
        else { username = user->pw_name; }
-        atexit(endpwent);
    }
    if (WEXITSTATUS(status)) { printf("%d [%s]> ", WEXITSTATUS(status), username); }
    else
--- a/apps/src/su.c
+++ b/apps/src/su.c
@ -19,26 +19,13 @@ void strip_newline(char* str)
    if (str[len - 1] == '\n') str[len - 1] = 0;
 }

-static const char* collect_password()
-{
-    static char buf[BUFSIZ];
-
-    printf("Password: ");
-    fgets(buf, BUFSIZ, stdin);
-
-    strip_newline(buf);
-    putchar('\n');
-
-    return buf;
-}
-
 int main(int argc, char** argv)
 {
-    const char* username;
-
-    if (argc == 1) username = "root";
-    else
-        username = argv[1];
+    if (argc == 1)
+    {
+        fprintf(stderr, "Usage: %s [username] [command | login shell]\n", argv[0]);
+        return EXIT_FAILURE;
+    }

    if (getuid() != 0)
    {
@ -46,22 +33,24 @@ int main(int argc, char** argv)
        return EXIT_FAILURE;
    }

-    struct passwd* user = getpwnam(username);
-
-    endpwent();
+    struct passwd* user = getpwnam(argv[1]);

    if (!user)
    {
        if (errno) perror("getpwnam");
        else
-            fprintf(stderr, "Unknown user %s\n", username);
+            fprintf(stderr, "Unknown user %s\n", argv[1]);
        return EXIT_FAILURE;
    }

    if (getuid() != geteuid()) // we were started from a non-root user
    {
-        const char* pw = collect_password();
-        if (strcmp(pw, user->pw_passwd) != 0)
+        printf("Password: ");
+        char buf[BUFSIZ];
+        fgets(buf, BUFSIZ, stdin);
+        strip_newline(buf);
+        putchar('\n');
+        if (strcmp(buf, user->pw_passwd) != 0)
        {
            fprintf(stderr, "Invalid password\n");
            return EXIT_FAILURE;