diff options
| author | brian <brian@cvs.openbsd.org> | 2000-08-18 00:02:12 +0000 |
|---|---|---|
| committer | brian <brian@cvs.openbsd.org> | 2000-08-18 00:02:12 +0000 |
| commit | dbeb3c0f38e4fdb164b7a43ea1b8a2f0296b0453 (patch) | |
| tree | 212b2c5a4c66d14ffc6adf5bd0900d4d6f800ac5 /usr.sbin | |
| parent | c1dd899e5588baff9afa86f04a1347b4a8da9a1a (diff) | |
Make -DNOSUID (or -DPPP_NOSUID) possible to build ppp without SUID
capabilities.
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/ppp/ppp/bundle.c | 7 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/chap.c | 4 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/chat.c | 4 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/command.c | 4 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/exec.c | 4 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/id.h | 40 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/physical.c | 5 |
7 files changed, 61 insertions, 7 deletions
diff --git a/usr.sbin/ppp/ppp/bundle.c b/usr.sbin/ppp/ppp/bundle.c index 2594d89322f..3727ec96948 100644 --- a/usr.sbin/ppp/ppp/bundle.c +++ b/usr.sbin/ppp/ppp/bundle.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: bundle.c,v 1.45 2000/08/16 09:07:26 brian Exp $ + * $OpenBSD: bundle.c,v 1.46 2000/08/18 00:02:10 brian Exp $ */ #include <sys/param.h> @@ -51,6 +51,9 @@ #include <sys/uio.h> #include <sys/wait.h> #if defined(__FreeBSD__) && !defined(NOKLDLOAD) +#ifdef NOSUID +#include <sys/linker.h> +#endif #include <sys/module.h> #endif #include <termios.h> @@ -1852,7 +1855,9 @@ bundle_setsid(struct bundle *bundle, int holdsession) waitpid(pid, &status, 0); /* Tweak our process arguments.... */ SetTitle("session owner"); +#ifndef NOSUID setuid(ID0realuid()); +#endif /* * Hang around for a HUP. This should happen as soon as the * ppp that we passed our ctty descriptor to closes it. diff --git a/usr.sbin/ppp/ppp/chap.c b/usr.sbin/ppp/ppp/chap.c index 54ce582f2e2..f5b6122acb4 100644 --- a/usr.sbin/ppp/ppp/chap.c +++ b/usr.sbin/ppp/ppp/chap.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $OpenBSD: chap.c,v 1.22 2000/08/09 19:31:25 brian Exp $ + * $OpenBSD: chap.c,v 1.23 2000/08/18 00:02:10 brian Exp $ * * TODO: */ @@ -254,7 +254,9 @@ chap_StartChild(struct chap *chap, char *prog, const char *name) } for (fd = getdtablesize(); fd > STDERR_FILENO; fd--) fcntl(fd, F_SETFD, 1); +#ifndef NOSUID setuid(ID0realuid()); +#endif command_Expand(nargv, argc, (char const *const *)argv, chap->auth.physical->dl->bundle, 0, pid); execvp(nargv[0], nargv); diff --git a/usr.sbin/ppp/ppp/chat.c b/usr.sbin/ppp/ppp/chat.c index 20f6246505f..8328603d371 100644 --- a/usr.sbin/ppp/ppp/chat.c +++ b/usr.sbin/ppp/ppp/chat.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: chat.c,v 1.14 2000/08/09 19:31:25 brian Exp $ + * $OpenBSD: chat.c,v 1.15 2000/08/18 00:02:10 brian Exp $ */ #include <sys/param.h> @@ -733,7 +733,9 @@ ExecStr(struct physical *physical, char *command, char *out, int olen) open(_PATH_DEVNULL, O_RDWR); /* Leave it closed if it fails... */ for (i = getdtablesize(); i > 3; i--) fcntl(i, F_SETFD, 1); +#ifndef NOSUID setuid(ID0realuid()); +#endif execvp(argv[0], argv); fprintf(stderr, "execvp: %s: %s\n", argv[0], strerror(errno)); _exit(127); diff --git a/usr.sbin/ppp/ppp/command.c b/usr.sbin/ppp/ppp/command.c index a660cd7b793..8723c7da216 100644 --- a/usr.sbin/ppp/ppp/command.c +++ b/usr.sbin/ppp/ppp/command.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $OpenBSD: command.c,v 1.49 2000/08/18 00:02:02 brian Exp $ + * $OpenBSD: command.c,v 1.50 2000/08/18 00:02:10 brian Exp $ * */ #include <sys/param.h> @@ -519,7 +519,9 @@ ShellCommand(struct cmdargs const *arg, int bg) for (i = getdtablesize(); i > STDERR_FILENO; i--) fcntl(i, F_SETFD, 1); +#ifndef NOSUID setuid(ID0realuid()); +#endif if (arg->argc > arg->argn) { /* substitute pseudo args */ char *argv[MAXARGS]; diff --git a/usr.sbin/ppp/ppp/exec.c b/usr.sbin/ppp/ppp/exec.c index 94b7d46a88c..187999e2b1d 100644 --- a/usr.sbin/ppp/ppp/exec.c +++ b/usr.sbin/ppp/ppp/exec.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: exec.c,v 1.14 2000/06/22 20:50:44 brian Exp $ + * $OpenBSD: exec.c,v 1.15 2000/08/18 00:02:11 brian Exp $ */ #include <sys/param.h> @@ -137,7 +137,9 @@ exec_Create(struct physical *p) close(pidpipe[0]); close(fids[0]); timer_TermService(); +#ifndef NOSUID setuid(ID0realuid()); +#endif child_status = 0; switch ((pid = vfork())) { diff --git a/usr.sbin/ppp/ppp/id.h b/usr.sbin/ppp/ppp/id.h index 1145f142142..c83a277e9fa 100644 --- a/usr.sbin/ppp/ppp/id.h +++ b/usr.sbin/ppp/ppp/id.h @@ -23,9 +23,10 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: id.h,v 1.5 2000/08/16 09:07:27 brian Exp $ + * $OpenBSD: id.h,v 1.6 2000/08/18 00:02:11 brian Exp $ */ +#ifndef NOSUID struct utmp; struct sockaddr_un; @@ -51,3 +52,40 @@ extern int ID0kldload(const char *); #ifndef NONETGRAPH extern int ID0NgMkSockNode(const char *, int *, int *); #endif +#else /* NOSUID */ +#define ID0init() +#define ID0realuid() (0) +#define ID0ioctl ioctl +#define ID0unlink unlink +#define ID0socket socket +#define ID0fopen fopen +#define ID0open open +#define ID0write write +#define ID0uu_lock uu_lock +#define ID0uu_lock_txfr uu_lock_txfr +#define ID0uu_unlock uu_unlock +#define ID0login(u) \ + do { \ + if (logout((u)->ut_line)) \ + logwtmp((u)->ut_line, "", ""); \ + login(u); \ + } while (0) +#define ID0logout(dev, no) \ + do { \ + struct utmp ut; \ + strncpy(ut.ut_line, dev, sizeof ut.ut_line - 1); \ + ut.ut_line[sizeof ut.ut_line - 1] = '\0'; \ + if (no || logout(ut.ut_line)) \ + logwtmp(ut.ut_line, "", ""); \ + } while (0) +#define ID0bind_un(s, n) bind(s, (const struct sockaddr *)(n), sizeof *(n)) +#define ID0connect_un(s, n) \ + connect(s, (const struct sockaddr *)(n), sizeof *(n)) +#define ID0kill kill +#if defined(__FreeBSD__) && !defined(NOKLDLOAD) +#define ID0kldload kldload +#endif +#ifndef NONETGRAPH +#define ID0NgMkSockNode NgMkSockNode +#endif +#endif diff --git a/usr.sbin/ppp/ppp/physical.c b/usr.sbin/ppp/ppp/physical.c index 7dd63824241..a590641d822 100644 --- a/usr.sbin/ppp/ppp/physical.c +++ b/usr.sbin/ppp/ppp/physical.c @@ -16,7 +16,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $OpenBSD: physical.c,v 1.24 2000/08/15 10:26:37 brian Exp $ + * $OpenBSD: physical.c,v 1.25 2000/08/18 00:02:11 brian Exp $ * */ @@ -29,6 +29,9 @@ #include <errno.h> #include <fcntl.h> #include <paths.h> +#ifdef NOSUID +#include <signal.h> +#endif #include <stdio.h> #include <stdlib.h> #include <string.h> |