]>
git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - src/misc-progs/setuid.c
1 /* This file is part of the IPCop Firewall.
3 * IPCop is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
8 * IPCop is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with IPCop; if not, write to the Free Software
15 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 * Copyright (C) 2003-04-22 Robert Kerr <rkerr@go.to>
19 * $Id: setuid.c,v 1.2.2.1 2005/11/18 14:51:43 franck78 Exp $
28 #include <sys/types.h>
31 #include <sys/resource.h>
44 /* Trusted environment for executing commands */
45 char * trusted_env
[4]={
46 "PATH=/usr/bin:/usr/sbin:/sbin:/bin",
51 /* Spawns a child process that uses /bin/sh to interpret a command.
52 * This is much the same in use and purpose as system(), yet as it uses execve
53 * to pass a trusted environment it's immune to attacks based upon changing
54 * IFS, ENV, BASH_ENV and other such variables.
55 * Note this does NOT guard against any other attacks, inparticular you MUST
56 * validate the command you are passing. If the command is formed from user
57 * input be sure to check this input is what you expect. Nasty things can
58 * happen if a user can inject ; or `` into your command for example */
59 int safe_system(char* command
)
61 return system_core( command
, 0, 0, "safe_system" );
64 /* Much like safe_system but lets you specify a non-root uid and gid to run
66 int unpriv_system(char* command
, uid_t uid
, gid_t gid
)
68 return system_core(command
, uid
, gid
, "unpriv_system" );
71 int system_core(char* command
, uid_t uid
, gid_t gid
, char *error
)
78 switch( pid
= fork() )
85 if (gid
&& setgid(gid
))
87 fprintf(stderr
, "%s: ", error
);
88 perror("Couldn't setgid");
91 if (uid
&& setuid(uid
))
93 fprintf(stderr
, "%s: ", error
);
94 perror("Couldn't setuid");
101 execve("/bin/sh", argv
, trusted_env
);
102 fprintf(stderr
, "%s: ", error
);
103 perror("execve failed");
106 default: /* parent */
108 if( waitpid(pid
, &status
, 0) == -1 ) {
118 /* BSD style safe strcat; from the secure programming cookbook */
119 size_t strlcat(char *dst
, const char *src
, size_t len
) {
121 size_t dstlen
, tocopy
= len
;
122 const char *srcptr
= src
;
124 while (tocopy
-- && *dstptr
) dstptr
++;
125 dstlen
= dstptr
- dst
;
126 if (!(tocopy
= len
- dstlen
)) return (dstlen
+ strlen(src
));
136 return (dstlen
+ (srcptr
- src
));
139 /* General routine to initialise a setuid root program, and put the
140 * environment in a known state. Returns 1 on success, if initsetuid() returns
141 * 0 then you should exit(1) immediately, DON'T attempt to recover from the
149 /* Prevent signal tricks by ignoring all except SIGKILL and SIGCHILD */
150 for( i
= 0; i
< NSIG
; i
++ ) {
151 if( i
!= SIGKILL
&& i
!= SIGCHLD
)
155 /* dump all non-standard file descriptors (a full descriptor table could
156 * lead to DoS by preventing us opening files) */
157 if ((fds
= getdtablesize()) == -1) fds
= OPEN_MAX
;
158 for( i
= 3; i
< fds
; i
++ ) close(i
);
160 /* check stdin, stdout & stderr are open before going any further */
161 for( i
= 0; i
< 3; i
++ )
162 if( fstat(i
, &st
) == -1 && ((errno
!= EBADF
) || (close(i
), open("/dev/null", O_RDWR
, 0)) != i
))
165 /* disable core dumps in case we're processing sensitive information */
166 rlim
.rlim_cur
= rlim
.rlim_max
= 0;
167 if(setrlimit(RLIMIT_CORE
, &rlim
))
168 { perror("Couldn't disable core dumps"); return 0; }
170 /* drop any supplementary groups, set uid & gid to root */
171 if (setgroups(0, NULL
)) { perror("Couldn't clear group list"); return 0; }
172 if (setgid(0)) { perror("Couldn't setgid(0)"); return 0; }
173 if (setuid(0)) { perror("Couldn't setuid(0)"); return 0; }
178 /* check whether a file exists */
179 int file_exists(const char *fname
) {
182 return S_ISREG(st
.st_mode
) ? 1 : 0;
185 /* check whether a file exists. fname is wildcard eg: file_exists (/tmp/foo*) */
186 int file_exists_w(const char *fname
)
188 /* do a quick check first */
191 if (S_ISREG(st
.st_mode
))
194 /* check for possible wild cards in name */
197 if (glob(fname
, GLOB_ERR
, NULL
, &globbuf
)==0) {
198 if (globbuf
.gl_pathc
>0) {