[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-multimedia
Subject: Re: [PATCH] artswrapper SUID root
From: Stefan Westerfeld <stefan () space ! twc ! de>
Date: 2000-09-07 20:08:16
[Download RAW message or body]
Hi!
On Thu, Sep 07, 2000 at 10:05:35PM +0200, Stefan Westerfeld wrote:
> The patch is attached, [...]
Damn, that happens with all the patches, well, anyway here it is.
Cu... Stefan
--
-* Stefan Westerfeld, stefan@space.twc.de (PGP!), Hamburg/Germany
KDE Developer, project infos at http://space.twc.de/~stefan/kde *-
["20000907-artswrapper-suid.diff" (text/plain)]
Index: Makefile.am
===================================================================
RCS file: /home/kde/kdelibs/arts/soundserver/Makefile.am,v
retrieving revision 1.14
diff -b -u -p -r1.14 Makefile.am
--- Makefile.am 2000/09/06 16:56:57 1.14
+++ Makefile.am 2000/09/07 19:56:39
@@ -68,3 +68,6 @@ if HAVE_WAVSUPPORT
mcopclass_DATA = WavPlayObject.mcopclass
endif
+install-exec-local: install-binPROGRAMS
+ @(chown root $(bindir)/artswrapper && chmod 4755 $(bindir)/artswrapper) \
+ || echo "please make $(bindir)/artswrapper suid root"
Index: artswrapper.c
===================================================================
RCS file: /home/kde/kdelibs/arts/soundserver/artswrapper.c,v
retrieving revision 1.4
diff -b -u -p -r1.4 artswrapper.c
--- artswrapper.c 2000/06/14 15:27:54 1.4
+++ artswrapper.c 2000/09/07 19:56:39
@@ -5,8 +5,6 @@
#include <string.h>
#include <malloc.h>
-#undef ARTSWRAPPER_DEBUG
-
/*
* adjust_priority
*
@@ -81,103 +79,17 @@ void adjust_priority()
}
#endif
-/*
- * check_security
- *
- * checks that the path (file or directory) is owned by root, which makes
- * it save to assume that nobody can temper with the files in that directory,
- * and so we can execute the program with realtime priority
- *
- * result = 0 => not secure
- * result = 1 => secure (well - reasonable secure - if root installs
- * directories as world writeable for instance, still everybody can
- * do everything)
- */
-
-int check_security(const char *path)
-{
- struct stat stat_buffer;
-
-#ifdef ARTSWRAPPER_DEBUG
- printf("Checking security for %s\n",path);
-#endif
- /*
- * No, we can't execute things in paths with zero length (for instance
- * current directory) savely. If path has length 1, it must be /, because
- * otherwise we will be executing stuff in a one
- */
-
- if(strlen(path) == 0) return 0;
- if(strlen(path) == 1 && path[0] != '/') return 0;
-
- if(strlen(path) > 1)
- {
- char *basedir = strdup(path);
- int end = 0;
- int basedir_security;
- int i;
-
- for(i=0;i<strlen(basedir);i++)
- {
- if(basedir[i] == '/') end = i;
- }
-
- if(end == 0 && basedir[0] == '/') end = 1; /* root directory */
- basedir[end] = 0;
-
- basedir_security = check_security(basedir);
- free(basedir);
-
- if(basedir_security == 0) return 0;
- }
-
- stat(path, &stat_buffer);
-
- if(stat_buffer.st_uid != 0)
- {
- fprintf(stderr,"artswrapper: can't use suid, because security for\n");
- fprintf(stderr," <%s> is critical, since it isn't owned by root\n",
- path);
- return 0;
- }
-
-#ifdef ARTSWRAPPER_DEBUG
- printf("%s passed security check\n",path);
-#endif
- /*
- * more tests here, like "not world writeable" or "only writeable by root"?
- */
- return 1;
-}
-
int main(int argc, char **argv)
{
- const char *execute = EXECUTE;
- int secure;
-
- secure = check_security(execute);
-
if(argc == 2)
{
if(strcmp(argv[1],"check") == 0)
- {
- if(secure)
{
+ /* backward compatibility with old artswrapper */
printf("okay\n");
- exit(0);
- }
- else
- {
- printf("fail\n");
- exit(1);
- }
+ return 0;
}
}
- if(!secure)
- {
- fprintf(stderr,"artswrapper: security check failed, leaving.\n");
- exit(255);
- }
adjust_priority();
@@ -185,6 +97,11 @@ int main(int argc, char **argv)
(due to realtime priority stuff) */
if (geteuid() != getuid()) setreuid(-1, getuid());
- execv(execute,argv);
- return 0;
+ if(argc == 0)
+ return 1;
+
+ argv[0] = EXECUTE;
+ execv(EXECUTE,argv);
+ perror(EXECUTE);
+ return 1;
}
_______________________________________________
Kde-multimedia mailing list
Kde-multimedia@master.kde.org
http://master.kde.org/mailman/listinfo/kde-multimedia
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic