pyceo-broken/bin/ceo

#!/usr/bin/python2.4 --
"""CEO SUID Python Wrapper Script"""
import os, sys

safe_environment = ['LOGNAME', 'USERNAME', 'USER', 'HOME', 'TERM', 'LANG'
    'LC_ALL', 'LC_COLLATE', 'LC_CTYPE', 'LC_MESSAGES', 'LC_MONETARY',
    'LC_NUMERIC', 'LC_TIME', 'UID', 'GID', 'SSH_CONNECTION', 'SSH_AUTH_SOCK',
    'SSH_CLIENT']

for key in os.environ.keys():
    if key not in safe_environment:
        del os.environ[key]

os.environ['LESSSECURE'] = '1'
os.environ['PATH'] = '/usr/sbin:/usr/bin:/sbin:/bin'

for pathent in sys.path[:]:
    if not pathent.find('/usr') == 0 and not pathent.find('/var') == 0:
        sys.path.remove(pathent)

euid = os.getuid()
egid = os.getgid()
try:
    os.setreuid(euid, euid)
    os.setregid(egid, egid)
except OSError, e:
    print str(e)
    sys.exit(1)

import csc.apps.urwid.main
csc.apps.urwid.main.start(euid, egid)
Initial import (version 0.1). 2007-01-27 18:41:51 -05:00			`#!/usr/bin/python2.4 --`
New release (version 0.2). Updates in this version: * Tests added to most Python modules. * Split configuration files. * Added maintainer scripts to manage permissions during install and purge. * Added functions for use by tools planned for next release (chfn, etc). ceo: * Added support for account "repair", which will recreate LDAP entries and Kerberos principals if necessary. * The recreate account menu option is now active. Miscellaneous: * Replaced instances of "== None" and "!= None" with "is None" and "is not None", respectively (thanks to: Nick Guenther). * Renamed terms.valid() to terms.validate() (thanks to: Nick Guenther). 2007-01-27 19:23:18 -05:00			`"""CEO SUID Python Wrapper Script"""`
Initial import (version 0.1). 2007-01-27 18:41:51 -05:00			`import os, sys`

New release (version 0.2). Updates in this version: * Tests added to most Python modules. * Split configuration files. * Added maintainer scripts to manage permissions during install and purge. * Added functions for use by tools planned for next release (chfn, etc). ceo: * Added support for account "repair", which will recreate LDAP entries and Kerberos principals if necessary. * The recreate account menu option is now active. Miscellaneous: * Replaced instances of "== None" and "!= None" with "is None" and "is not None", respectively (thanks to: Nick Guenther). * Renamed terms.valid() to terms.validate() (thanks to: Nick Guenther). 2007-01-27 19:23:18 -05:00			`safe_environment = ['LOGNAME', 'USERNAME', 'USER', 'HOME', 'TERM', 'LANG'`
Update of setuid cleanup code. 2007-02-04 00:46:05 -05:00			`'LC_ALL', 'LC_COLLATE', 'LC_CTYPE', 'LC_MESSAGES', 'LC_MONETARY',`
New release (version 0.2). Updates in this version: * Tests added to most Python modules. * Split configuration files. * Added maintainer scripts to manage permissions during install and purge. * Added functions for use by tools planned for next release (chfn, etc). ceo: * Added support for account "repair", which will recreate LDAP entries and Kerberos principals if necessary. * The recreate account menu option is now active. Miscellaneous: * Replaced instances of "== None" and "!= None" with "is None" and "is not None", respectively (thanks to: Nick Guenther). * Renamed terms.valid() to terms.validate() (thanks to: Nick Guenther). 2007-01-27 19:23:18 -05:00			`'LC_NUMERIC', 'LC_TIME', 'UID', 'GID', 'SSH_CONNECTION', 'SSH_AUTH_SOCK',`
			`'SSH_CLIENT']`
Update of setuid cleanup code. 2007-02-04 00:46:05 -05:00
Initial import (version 0.1). 2007-01-27 18:41:51 -05:00			`for key in os.environ.keys():`
New release (version 0.2). Updates in this version: * Tests added to most Python modules. * Split configuration files. * Added maintainer scripts to manage permissions during install and purge. * Added functions for use by tools planned for next release (chfn, etc). ceo: * Added support for account "repair", which will recreate LDAP entries and Kerberos principals if necessary. * The recreate account menu option is now active. Miscellaneous: * Replaced instances of "== None" and "!= None" with "is None" and "is not None", respectively (thanks to: Nick Guenther). * Renamed terms.valid() to terms.validate() (thanks to: Nick Guenther). 2007-01-27 19:23:18 -05:00			`if key not in safe_environment:`
Initial import (version 0.1). 2007-01-27 18:41:51 -05:00			`del os.environ[key]`

Run less in "secure" mode. 2007-05-23 17:04:18 -04:00			`os.environ['LESSSECURE'] = '1'`
Update of setuid cleanup code. 2007-02-04 00:46:05 -05:00			`os.environ['PATH'] = '/usr/sbin:/usr/bin:/sbin:/bin'`

			`for pathent in sys.path[:]:`
Add experimental urwid-based GUI 2007-09-23 22:32:56 -04:00			`if not pathent.find('/usr') == 0 and not pathent.find('/var') == 0:`
Update of setuid cleanup code. 2007-02-04 00:46:05 -05:00			`sys.path.remove(pathent)`
Initial import (version 0.1). 2007-01-27 18:41:51 -05:00
Bug fix 2007-11-28 03:41:44 -05:00			`euid = os.getuid()`
			`egid = os.getgid()`
Update of setuid cleanup code. 2007-02-04 00:46:05 -05:00			`try:`
			`os.setreuid(euid, euid)`
			`os.setregid(egid, egid)`
			`except OSError, e:`
			`print str(e)`
			`sys.exit(1)`
Initial import (version 0.1). 2007-01-27 18:41:51 -05:00
Add experimental urwid-based GUI 2007-09-23 22:32:56 -04:00			`import csc.apps.urwid.main`
Restrict non-club modifications to syscom 2007-11-28 03:06:21 -05:00			`csc.apps.urwid.main.start(euid, egid)`