From 28e860abcac823de43ab16a391cd538c6afa9f81 Mon Sep 17 00:00:00 2001
From: Michael Spang <mspang@csclub.uwaterloo.ca>
Date: Tue, 4 Dec 2007 21:57:51 -0500
Subject: [PATCH] Make ceoquery non-SUID

---
 bin/ceoquery    | 25 -------------------------
 debian/postinst |  2 +-
 debian/rules    |  5 ++---
 3 files changed, 3 insertions(+), 29 deletions(-)

diff --git a/bin/ceoquery b/bin/ceoquery
index a9ceeed..e16c0e4 100755
--- a/bin/ceoquery
+++ b/bin/ceoquery
@@ -3,31 +3,6 @@
 ceoquery - a script to lookup member and account information
 """
 import os, sys
-
-safe_environment = ['LOGNAME', 'USERNAME', 'USER', 'HOME', 'TERM', 'LANG'
-    'LC_ALL', 'LC_COLLATE', 'LC_CTYPE', 'LC_MESSAGES', 'LC_MONETARY',
-    'LC_NUMERIC', 'LC_TIME', 'UID', 'GID', 'SSH_CONNECTION', 'SSH_AUTH_SOCK',
-    'SSH_CLIENT']
-
-for key in os.environ.keys():
-    if key not in safe_environment:
-        del os.environ[key]
-
-os.environ['PATH'] = '/usr/sbin:/usr/bin:/sbin:/bin'
-
-for pathent in sys.path[:]:
-    if not pathent.find('/usr') == 0:
-        sys.path.remove(pathent)
-
-euid = os.geteuid()
-egid = os.getegid()
-try:
-    os.setreuid(euid, euid)
-    os.setregid(egid, egid)
-except OSError, e:
-    print str(e)
-    sys.exit(1)
-
 from csc.adm import members, terms
 
 try:
diff --git a/debian/postinst b/debian/postinst
index f34a2f8..ff51da0 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -28,7 +28,7 @@ case "$1" in
         fi
 
         if ! dpkg-statoverride --list /usr/bin/ceoquery > /dev/null; then
-            dpkg-statoverride --add --update $CEO root $SUIDALL /usr/bin/ceoquery
+            dpkg-statoverride --add --update root root 755 /usr/bin/ceoquery
         fi
 
         if ! dpkg-statoverride --list /usr/bin/csc-chsh > /dev/null; then
diff --git a/debian/rules b/debian/rules
index 4344045..a8e3fe1 100755
--- a/debian/rules
+++ b/debian/rules
@@ -8,7 +8,6 @@ build-stamp:
 	mkdir build
 	$(CC) -DFULL_PATH='"/usr/lib/csc/ceo"' -o build/ceo misc/setuid-prog.c
 	$(CC) -DFULL_PATH='"/usr/lib/csc/addhomedir"' -o build/addhomedir misc/setuid-prog.c
-	$(CC) -DFULL_PATH='"/usr/lib/csc/ceoquery"' -o build/ceoquery misc/setuid-prog.c
 	$(CC) -DFULL_PATH='"/usr/lib/csc/csc-chfn"' -o build/csc-chfn misc/setuid-prog.c
 	$(CC) -DFULL_PATH='"/usr/lib/csc/csc-chsh"' -o build/csc-chsh misc/setuid-prog.c
 	touch build-stamp
@@ -30,8 +29,8 @@ install: build
 	dh_install pylib/* usr/lib/$(PYTHON)/site-packages/
 	dh_install etc/* etc/csc/
 
-	dh_install bin/ceo bin/addhomedir bin/ceoquery bin/csc-chsh bin/csc-chfn usr/lib/csc/
-	dh_install build/ceo build/addhomedir build/ceoquery build/csc-chsh build/csc-chfn usr/bin/
+	dh_install bin/ceo bin/addhomedir bin/csc-chsh bin/csc-chfn usr/lib/csc/
+	dh_install build/ceo build/addhomedir bin/ceoquery build/csc-chsh build/csc-chfn usr/bin/
 	dh_install misc/csc.schema etc/ldap/schema/
 	
 binary-arch: build install