forked from pool/texlive
730439ad02
OBS-URL: https://build.opensuse.org/package/show/Publishing:TeXLive/texlive?expand=0&rev=28
204 lines
4.7 KiB
C
204 lines
4.7 KiB
C
/*
|
|
* Nobody For user root run a specific program as user nobody
|
|
*
|
|
* Usage: nobody [texhash|ls|find|false|true]
|
|
*
|
|
* Copyright (C) 2010,2012 Werner Fink
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*
|
|
*/
|
|
|
|
#include <errno.h>
|
|
#include <limits.h>
|
|
#include <grp.h>
|
|
#include <pwd.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
#include <sys/types.h>
|
|
|
|
extern char **environ;
|
|
|
|
/*
|
|
* This list is used to authenticate the program running.
|
|
* It is fixed at compile time to avoid a full class of
|
|
* dangers ...
|
|
*/
|
|
static struct {
|
|
const char *prog;
|
|
const char *run;
|
|
} *lp, list[] =
|
|
{ /* prog run */
|
|
{ "mktexlsr", "/usr/bin/mktexlsr" },
|
|
{ "texhash", "/usr/bin/mktexlsr" },
|
|
{ "ls", "/bin/ls" },
|
|
{ "true", "/bin/true" },
|
|
{ "false", "/bin/false" },
|
|
{ "find", "/usr/bin/find" },
|
|
#ifdef DEBUG
|
|
{ "id", "/usr/bin/id" },
|
|
{ "printenv", "/usr/bin/printenv" },
|
|
#endif
|
|
{ 0, 0, }};
|
|
|
|
static struct {
|
|
const char *name;
|
|
const char *value;
|
|
} *ep, envp[] =
|
|
{ { "TERM", 0 },
|
|
{ "PATH", "/bin:/usr/bin" },
|
|
{ "POSIXLY_CORRECT",0 },
|
|
{ "NLSPATH", 0 },
|
|
{ "LANG", 0 },
|
|
{ "LC_ALL", 0 },
|
|
{ "LC_CTYPE", 0 },
|
|
{ "LC_COLLATE", 0 },
|
|
{ "LC_MESSAGES", 0 },
|
|
{ "COLUMNS", 0 },
|
|
{ "TABSIZE", 0 },
|
|
{ "TIME_STYLE", 0 },
|
|
{ "LS_COLORS", 0 },
|
|
{ "LS_BLOCK_SIZE", 0 },
|
|
{ "BLOCK_SIZE", 0 },
|
|
{ "BLOCKSIZE", 0 },
|
|
{ 0, 0 }};
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
char *program_name;
|
|
struct passwd *pwd;
|
|
uid_t ruid = getuid();
|
|
uid_t euid = geteuid();
|
|
gid_t rgid = getgid();
|
|
|
|
if (argc > 1)
|
|
program_name = argv[1];
|
|
else
|
|
program_name = "true";
|
|
argv++;
|
|
argc--;
|
|
|
|
if (*program_name == '/') {
|
|
for (lp = list; lp->run && strcmp(program_name, lp->run ); lp++) ;
|
|
} else {
|
|
for (lp = list; lp->prog && strcmp(program_name, lp->prog); lp++) ;
|
|
}
|
|
|
|
if (!lp->prog) {
|
|
errno = EBADRQC;
|
|
fprintf(stderr, "nobody: Usage:\n");
|
|
fprintf(stderr, " nobody [");
|
|
for (lp = list; lp->prog; lp++)
|
|
fprintf(stderr, "%s%c", lp->prog, (lp+1)->prog ? '|' : '\0');
|
|
fprintf(stderr, "]\n");
|
|
goto err;
|
|
}
|
|
|
|
if ((pwd = getpwnam("nobody")) == (struct passwd*)0)
|
|
goto err;
|
|
|
|
if (ruid != pwd->pw_uid || euid != pwd->pw_gid) {
|
|
int initgrp = 0;
|
|
|
|
if (ruid != pwd->pw_uid) {
|
|
initgrp = 1;
|
|
ruid = pwd->pw_uid;
|
|
rgid = pwd->pw_gid;
|
|
} else {
|
|
pwd->pw_uid = ruid;
|
|
pwd->pw_gid = rgid;
|
|
}
|
|
|
|
if (setregid(rgid, pwd->pw_gid))
|
|
goto err;
|
|
if (initgrp && initgroups(pwd->pw_name, rgid))
|
|
goto err;
|
|
if (setreuid(ruid, pwd->pw_uid))
|
|
goto err;
|
|
|
|
if (initgrp) {
|
|
|
|
for (ep = envp; ep->name; ep++) {
|
|
if (ep->value)
|
|
continue;
|
|
ep->value = getenv(ep->name);
|
|
}
|
|
|
|
clearenv();
|
|
|
|
if (setenv("HOME", pwd->pw_dir, 1) < 0)
|
|
goto err;
|
|
if (setenv("USER", pwd->pw_name, 1) < 0)
|
|
goto err;
|
|
if (setenv("LOGNAME", pwd->pw_name, 1) < 0)
|
|
goto err;
|
|
if (setenv("GROUP", pwd->pw_name, 1) < 0)
|
|
goto err;
|
|
if (setenv("SHELL", pwd->pw_shell, 1) < 0)
|
|
goto err;
|
|
|
|
for (ep = envp; ep->name; ep++) {
|
|
if (!ep->value)
|
|
continue;
|
|
setenv(ep->name, ep->value, 1);
|
|
}
|
|
|
|
if (strcmp(lp->prog, "find") == 0) {
|
|
int n;
|
|
for (n = 0; n < argc; n++) {
|
|
if (!argv[n] || *argv[n] == '\0')
|
|
continue;
|
|
if (strncmp(argv[n], "-exec", 5) == 0) {
|
|
errno = ENOTSUP;
|
|
goto err;
|
|
}
|
|
if (strncmp(argv[n], "-ok", 3) == 0) {
|
|
errno = ENOTSUP;
|
|
goto err;
|
|
}
|
|
}
|
|
}
|
|
if (strcmp(lp->prog, "texhash") == 0 || strcmp(lp->prog, "mktexlsr") == 0) {
|
|
int n;
|
|
char buf[PATH_MAX+1], *lsr, *base;
|
|
for (n = 1; n < argc; n++) {
|
|
if (!argv[n] || *argv[n] == '\0')
|
|
continue;
|
|
if ((lsr = realpath(argv[n], buf)) == NULL)
|
|
goto err;
|
|
if ((base = strrchr(lsr, '/')) == NULL) {
|
|
errno = ENOTSUP;
|
|
goto err;
|
|
}
|
|
if (strcmp(base, "/ls-R") != 0) {
|
|
errno = ENOTSUP;
|
|
goto err;
|
|
}
|
|
if (access(lsr, W_OK) != 0)
|
|
goto err;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
execve(lp->run, argv, environ);
|
|
err:
|
|
fprintf(stderr, "nobody: ");
|
|
perror(program_name);
|
|
return 1;
|
|
}
|