Make ceoquery non-SUID
This commit is contained in:
parent
fc2c42ae19
commit
28e860abca
25
bin/ceoquery
25
bin/ceoquery
|
@ -3,31 +3,6 @@
|
||||||
ceoquery - a script to lookup member and account information
|
ceoquery - a script to lookup member and account information
|
||||||
"""
|
"""
|
||||||
import os, sys
|
import os, sys
|
||||||
|
|
||||||
safe_environment = ['LOGNAME', 'USERNAME', 'USER', 'HOME', 'TERM', 'LANG'
|
|
||||||
'LC_ALL', 'LC_COLLATE', 'LC_CTYPE', 'LC_MESSAGES', 'LC_MONETARY',
|
|
||||||
'LC_NUMERIC', 'LC_TIME', 'UID', 'GID', 'SSH_CONNECTION', 'SSH_AUTH_SOCK',
|
|
||||||
'SSH_CLIENT']
|
|
||||||
|
|
||||||
for key in os.environ.keys():
|
|
||||||
if key not in safe_environment:
|
|
||||||
del os.environ[key]
|
|
||||||
|
|
||||||
os.environ['PATH'] = '/usr/sbin:/usr/bin:/sbin:/bin'
|
|
||||||
|
|
||||||
for pathent in sys.path[:]:
|
|
||||||
if not pathent.find('/usr') == 0:
|
|
||||||
sys.path.remove(pathent)
|
|
||||||
|
|
||||||
euid = os.geteuid()
|
|
||||||
egid = os.getegid()
|
|
||||||
try:
|
|
||||||
os.setreuid(euid, euid)
|
|
||||||
os.setregid(egid, egid)
|
|
||||||
except OSError, e:
|
|
||||||
print str(e)
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
||||||
from csc.adm import members, terms
|
from csc.adm import members, terms
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
|
@ -28,7 +28,7 @@ case "$1" in
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! dpkg-statoverride --list /usr/bin/ceoquery > /dev/null; then
|
if ! dpkg-statoverride --list /usr/bin/ceoquery > /dev/null; then
|
||||||
dpkg-statoverride --add --update $CEO root $SUIDALL /usr/bin/ceoquery
|
dpkg-statoverride --add --update root root 755 /usr/bin/ceoquery
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! dpkg-statoverride --list /usr/bin/csc-chsh > /dev/null; then
|
if ! dpkg-statoverride --list /usr/bin/csc-chsh > /dev/null; then
|
||||||
|
|
|
@ -8,7 +8,6 @@ build-stamp:
|
||||||
mkdir build
|
mkdir build
|
||||||
$(CC) -DFULL_PATH='"/usr/lib/csc/ceo"' -o build/ceo misc/setuid-prog.c
|
$(CC) -DFULL_PATH='"/usr/lib/csc/ceo"' -o build/ceo misc/setuid-prog.c
|
||||||
$(CC) -DFULL_PATH='"/usr/lib/csc/addhomedir"' -o build/addhomedir misc/setuid-prog.c
|
$(CC) -DFULL_PATH='"/usr/lib/csc/addhomedir"' -o build/addhomedir misc/setuid-prog.c
|
||||||
$(CC) -DFULL_PATH='"/usr/lib/csc/ceoquery"' -o build/ceoquery misc/setuid-prog.c
|
|
||||||
$(CC) -DFULL_PATH='"/usr/lib/csc/csc-chfn"' -o build/csc-chfn misc/setuid-prog.c
|
$(CC) -DFULL_PATH='"/usr/lib/csc/csc-chfn"' -o build/csc-chfn misc/setuid-prog.c
|
||||||
$(CC) -DFULL_PATH='"/usr/lib/csc/csc-chsh"' -o build/csc-chsh misc/setuid-prog.c
|
$(CC) -DFULL_PATH='"/usr/lib/csc/csc-chsh"' -o build/csc-chsh misc/setuid-prog.c
|
||||||
touch build-stamp
|
touch build-stamp
|
||||||
|
@ -30,8 +29,8 @@ install: build
|
||||||
dh_install pylib/* usr/lib/$(PYTHON)/site-packages/
|
dh_install pylib/* usr/lib/$(PYTHON)/site-packages/
|
||||||
dh_install etc/* etc/csc/
|
dh_install etc/* etc/csc/
|
||||||
|
|
||||||
dh_install bin/ceo bin/addhomedir bin/ceoquery bin/csc-chsh bin/csc-chfn usr/lib/csc/
|
dh_install bin/ceo bin/addhomedir bin/csc-chsh bin/csc-chfn usr/lib/csc/
|
||||||
dh_install build/ceo build/addhomedir build/ceoquery build/csc-chsh build/csc-chfn usr/bin/
|
dh_install build/ceo build/addhomedir bin/ceoquery build/csc-chsh build/csc-chfn usr/bin/
|
||||||
dh_install misc/csc.schema etc/ldap/schema/
|
dh_install misc/csc.schema etc/ldap/schema/
|
||||||
|
|
||||||
binary-arch: build install
|
binary-arch: build install
|
||||||
|
|
Loading…
Reference in New Issue