2011-12-20 18:29:17 +01:00
|
|
|
/*
|
2012-04-27 17:49:04 +02:00
|
|
|
* Public For user root run a specific program as user nobody
|
|
|
|
* for user root and others use group public and umask 0002
|
2011-12-20 18:29:17 +01:00
|
|
|
*
|
2012-04-27 17:49:04 +02:00
|
|
|
* Usage: public -> [texhash|mktexlsr|mktexmf|mktexpk|mktextfm]
|
|
|
|
*
|
|
|
|
* Note: This program has to set sgid public!
|
2011-12-20 18:29:17 +01:00
|
|
|
*
|
2012-04-23 15:24:05 +02:00
|
|
|
* Copyright (C) 2010,2012 Werner Fink
|
2011-12-20 18:29:17 +01:00
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <errno.h>
|
2012-04-23 15:24:05 +02:00
|
|
|
#include <limits.h>
|
2011-12-20 18:29:17 +01:00
|
|
|
#include <grp.h>
|
|
|
|
#include <pwd.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <sys/types.h>
|
2012-04-28 17:32:44 +02:00
|
|
|
#include <sys/stat.h>
|
2011-12-20 18:29:17 +01:00
|
|
|
|
2012-05-14 17:07:02 +02:00
|
|
|
#ifndef TEXGRP
|
|
|
|
# define TEXGRP "public"
|
|
|
|
#endif
|
2012-06-12 19:56:21 +02:00
|
|
|
#ifndef MKTEX
|
|
|
|
# define "/usr/lib/mktex"
|
|
|
|
#endif
|
2012-05-14 17:07:02 +02:00
|
|
|
|
2011-12-20 18:29:17 +01:00
|
|
|
extern char **environ;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This list is used to authenticate the program running.
|
|
|
|
* It is fixed at compile time to avoid a full class of
|
|
|
|
* dangers ...
|
|
|
|
*/
|
|
|
|
static struct {
|
|
|
|
const char *prog;
|
|
|
|
const char *run;
|
|
|
|
} *lp, list[] =
|
|
|
|
{ /* prog run */
|
2012-06-12 19:56:21 +02:00
|
|
|
{ "texhash", MKTEX "/mktexlsr" },
|
|
|
|
{ "mktexlsr", MKTEX "/mktexlsr" },
|
|
|
|
{ "mktexmf", MKTEX "/mktexmf" },
|
|
|
|
{ "mktexpk", MKTEX "/mktexpk" },
|
|
|
|
{ "mktextfm", MKTEX "/mktextfm" },
|
|
|
|
{ "false", "/bin/false" },
|
|
|
|
{ "true", "/bin/true" },
|
|
|
|
{ "public", "/bin/true" },
|
2011-12-20 18:29:17 +01:00
|
|
|
#ifdef DEBUG
|
2012-06-12 19:56:21 +02:00
|
|
|
{ "id", "/usr/bin/id" },
|
|
|
|
{ "printenv", "/usr/bin/printenv" },
|
2011-12-20 18:29:17 +01:00
|
|
|
#endif
|
2012-06-12 19:56:21 +02:00
|
|
|
{ 0, 0, }};
|
2011-12-20 18:29:17 +01:00
|
|
|
|
|
|
|
static struct {
|
|
|
|
const char *name;
|
|
|
|
const char *value;
|
|
|
|
} *ep, envp[] =
|
|
|
|
{ { "TERM", 0 },
|
|
|
|
{ "PATH", "/bin:/usr/bin" },
|
|
|
|
{ "POSIXLY_CORRECT",0 },
|
|
|
|
{ "NLSPATH", 0 },
|
|
|
|
{ "LANG", 0 },
|
|
|
|
{ "LC_ALL", 0 },
|
|
|
|
{ "LC_CTYPE", 0 },
|
|
|
|
{ "LC_COLLATE", 0 },
|
|
|
|
{ "LC_MESSAGES", 0 },
|
|
|
|
{ "COLUMNS", 0 },
|
|
|
|
{ "TABSIZE", 0 },
|
|
|
|
{ "TIME_STYLE", 0 },
|
|
|
|
{ "LS_COLORS", 0 },
|
|
|
|
{ "LS_BLOCK_SIZE", 0 },
|
|
|
|
{ "BLOCK_SIZE", 0 },
|
|
|
|
{ "BLOCKSIZE", 0 },
|
|
|
|
{ 0, 0 }};
|
|
|
|
|
|
|
|
int main(int argc, char *argv[])
|
|
|
|
{
|
2012-04-27 17:49:04 +02:00
|
|
|
char *program_name, *slash;
|
2011-12-20 18:29:17 +01:00
|
|
|
struct passwd *pwd;
|
2012-04-27 17:49:04 +02:00
|
|
|
struct group *grp;
|
2011-12-20 18:29:17 +01:00
|
|
|
uid_t ruid = getuid();
|
|
|
|
uid_t euid = geteuid();
|
|
|
|
gid_t rgid = getgid();
|
2012-04-27 17:49:04 +02:00
|
|
|
gid_t egid = getegid();
|
2011-12-20 18:29:17 +01:00
|
|
|
|
2012-04-27 17:49:04 +02:00
|
|
|
if ((slash = strrchr(argv[0], '/'))) {
|
|
|
|
program_name = ++slash;
|
2011-12-20 18:29:17 +01:00
|
|
|
} else {
|
2012-04-27 17:49:04 +02:00
|
|
|
program_name = argv[0];
|
2011-12-20 18:29:17 +01:00
|
|
|
}
|
|
|
|
|
2012-04-27 17:49:04 +02:00
|
|
|
for (lp = list; lp->prog && strcmp(program_name, lp->prog); lp++) ;
|
|
|
|
|
2011-12-20 18:29:17 +01:00
|
|
|
if (!lp->prog) {
|
|
|
|
errno = EBADRQC;
|
2012-04-27 17:49:04 +02:00
|
|
|
fprintf(stderr, "public: Usage:\n");
|
|
|
|
fprintf(stderr, " public linked to one of [");
|
2011-12-20 18:29:17 +01:00
|
|
|
for (lp = list; lp->prog; lp++)
|
|
|
|
fprintf(stderr, "%s%c", lp->prog, (lp+1)->prog ? '|' : '\0');
|
2012-04-27 17:49:04 +02:00
|
|
|
fprintf(stderr, "] names\n");
|
2011-12-20 18:29:17 +01:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2012-05-14 17:07:02 +02:00
|
|
|
if ((grp = getgrnam(TEXGRP)) == (struct group*)0)
|
2012-04-23 15:24:05 +02:00
|
|
|
goto err;
|
2011-12-20 18:29:17 +01:00
|
|
|
|
2012-04-27 17:49:04 +02:00
|
|
|
if (ruid == 0 || euid == 0) { /* If user is root switch over to nobody:public */
|
2012-04-23 15:24:05 +02:00
|
|
|
int initgrp = 0;
|
2011-12-20 18:29:17 +01:00
|
|
|
|
2012-04-27 17:49:04 +02:00
|
|
|
if ((pwd = getpwnam("nobody")) == (struct passwd*)0)
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
if (ruid != pwd->pw_uid)
|
2011-12-20 18:29:17 +01:00
|
|
|
ruid = pwd->pw_uid;
|
2012-04-27 17:49:04 +02:00
|
|
|
|
|
|
|
if (rgid != grp->gr_gid || egid != grp->gr_gid) {
|
|
|
|
initgrp = 1;
|
|
|
|
rgid = grp->gr_gid;
|
2011-12-20 18:29:17 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (setregid(rgid, pwd->pw_gid))
|
|
|
|
goto err;
|
|
|
|
if (initgrp && initgroups(pwd->pw_name, rgid))
|
|
|
|
goto err;
|
|
|
|
if (setreuid(ruid, pwd->pw_uid))
|
|
|
|
goto err;
|
|
|
|
|
2012-04-27 17:49:04 +02:00
|
|
|
for (ep = envp; ep->name; ep++) {
|
|
|
|
if (ep->value)
|
|
|
|
continue;
|
|
|
|
ep->value = getenv(ep->name);
|
|
|
|
}
|
2011-12-20 18:29:17 +01:00
|
|
|
|
2012-04-27 17:49:04 +02:00
|
|
|
clearenv();
|
2011-12-20 18:29:17 +01:00
|
|
|
|
2012-04-27 17:49:04 +02:00
|
|
|
if (setenv("HOME", pwd->pw_dir, 1) < 0)
|
2011-12-20 18:29:17 +01:00
|
|
|
goto err;
|
2012-04-27 17:49:04 +02:00
|
|
|
if (setenv("USER", pwd->pw_name, 1) < 0)
|
2011-12-20 18:29:17 +01:00
|
|
|
goto err;
|
2012-04-27 17:49:04 +02:00
|
|
|
if (setenv("LOGNAME", pwd->pw_name, 1) < 0)
|
2011-12-20 18:29:17 +01:00
|
|
|
goto err;
|
2012-04-27 17:49:04 +02:00
|
|
|
if (setenv("GROUP", pwd->pw_name, 1) < 0)
|
2011-12-20 18:29:17 +01:00
|
|
|
goto err;
|
2012-04-27 17:49:04 +02:00
|
|
|
if (setenv("SHELL", pwd->pw_shell, 1) < 0)
|
2011-12-20 18:29:17 +01:00
|
|
|
goto err;
|
|
|
|
|
2012-04-27 17:49:04 +02:00
|
|
|
for (ep = envp; ep->name; ep++) {
|
|
|
|
if (!ep->value)
|
|
|
|
continue;
|
|
|
|
setenv(ep->name, ep->value, 1);
|
2011-12-20 18:29:17 +01:00
|
|
|
}
|
2012-04-27 17:49:04 +02:00
|
|
|
|
2012-05-14 17:07:02 +02:00
|
|
|
} else if (rgid != grp->gr_gid && egid == grp->gr_gid) {
|
2012-04-27 17:49:04 +02:00
|
|
|
rgid = grp->gr_gid;
|
|
|
|
|
|
|
|
if (setregid(rgid, grp->gr_gid))
|
|
|
|
goto err;
|
|
|
|
|
2011-12-20 18:29:17 +01:00
|
|
|
}
|
|
|
|
|
2012-04-27 17:49:04 +02:00
|
|
|
umask(0002);
|
2011-12-20 18:29:17 +01:00
|
|
|
execve(lp->run, argv, environ);
|
|
|
|
err:
|
2012-04-27 17:49:04 +02:00
|
|
|
fprintf(stderr, "public: ");
|
2011-12-20 18:29:17 +01:00
|
|
|
perror(program_name);
|
|
|
|
return 1;
|
|
|
|
}
|