parent
618bfa2d8d
commit
8c19dc63b6
@ -1,33 +1,3 @@ |
||||
#!/usr/bin/python2.4 -- |
||||
"""CEO SUID Python Wrapper Script""" |
||||
import os, sys |
||||
|
||||
safe_environment = ['LOGNAME', 'USERNAME', 'USER', 'HOME', 'TERM', 'LANG' |
||||
'LC_ALL', 'LC_COLLATE', 'LC_CTYPE', 'LC_MESSAGES', 'LC_MONETARY', |
||||
'LC_NUMERIC', 'LC_TIME', 'UID', 'GID', 'SSH_CONNECTION', 'SSH_AUTH_SOCK', |
||||
'SSH_CLIENT'] |
||||
|
||||
for key in os.environ.keys(): |
||||
if key not in safe_environment: |
||||
del os.environ[key] |
||||
|
||||
os.environ['LESSSECURE'] = '1' |
||||
os.environ['PATH'] = '/usr/sbin:/usr/bin:/sbin:/bin' |
||||
|
||||
for pathent in sys.path[:]: |
||||
if not pathent.find('/usr') == 0 and not pathent.find('/var') == 0: |
||||
sys.path.remove(pathent) |
||||
|
||||
euid = os.geteuid() |
||||
egid = os.getegid() |
||||
uid = os.getuid() |
||||
gid = os.getgid() |
||||
try: |
||||
os.setreuid(euid, euid) |
||||
os.setregid(egid, egid) |
||||
except OSError, e: |
||||
print str(e) |
||||
sys.exit(1) |
||||
|
||||
import csc.apps.urwid.main |
||||
csc.apps.urwid.main.start(uid, gid) |
||||
csc.apps.urwid.main.start() |
||||
|
@ -1,62 +0,0 @@ |
||||
#!/bin/bash -e |
||||
|
||||
case "$1" in |
||||
configure|upgrade) |
||||
|
||||
if getent passwd ceo > /dev/null; then |
||||
CEO=ceo |
||||
SUID=4750 |
||||
SUIDALL=4755 |
||||
else |
||||
CEO=root |
||||
SUID=755 |
||||
SUIDALL=755 |
||||
fi |
||||
|
||||
if getent group office > /dev/null; then |
||||
OFFICE=office |
||||
else |
||||
OFFICE=root |
||||
fi |
||||
|
||||
if ! dpkg-statoverride --list /usr/bin/ceo > /dev/null; then |
||||
dpkg-statoverride --add --update $CEO $OFFICE $SUID /usr/bin/ceo |
||||
fi |
||||
|
||||
if ! dpkg-statoverride --list /usr/bin/addmember > /dev/null; then |
||||
dpkg-statoverride --add --update root $OFFICE $SUID /usr/bin/addmember |
||||
fi |
||||
|
||||
if ! dpkg-statoverride --list /usr/bin/addclub > /dev/null; then |
||||
dpkg-statoverride --add --update root $OFFICE $SUID /usr/bin/addclub |
||||
fi |
||||
|
||||
if ! dpkg-statoverride --list /usr/bin/ceoquery > /dev/null; then |
||||
dpkg-statoverride --add --update root root 755 /usr/bin/ceoquery |
||||
fi |
||||
|
||||
if ! dpkg-statoverride --list /usr/bin/csc-chsh > /dev/null; then |
||||
dpkg-statoverride --add --update $CEO root $SUIDALL /usr/bin/csc-chsh |
||||
fi |
||||
|
||||
if ! dpkg-statoverride --list /usr/bin/csc-chfn > /dev/null; then |
||||
dpkg-statoverride --add --update $CEO root $SUIDALL /usr/bin/csc-chfn |
||||
fi |
||||
|
||||
if [ -f /etc/csc/ldap.cf ] && ! dpkg-statoverride --list /etc/csc/ldap.cf > /dev/null; then |
||||
dpkg-statoverride --add --update $CEO staff 640 /etc/csc/ldap.cf |
||||
fi |
||||
;; |
||||
|
||||
abort-upgrade|abort-remove|abort-deconfigure) |
||||
;; |
||||
|
||||
*) |
||||
echo "postinst called with unknown argument \"$1\"" >&2 |
||||
exit 1 |
||||
;; |
||||
esac |
||||
|
||||
#DEBHELPER# |
||||
|
||||
exit 0 |
@ -1,45 +0,0 @@ |
||||
#!/bin/bash -e |
||||
|
||||
case "$1" in |
||||
purge) |
||||
|
||||
if dpkg-statoverride --list /usr/bin/ceo > /dev/null; then |
||||
dpkg-statoverride --remove /usr/bin/ceo || true |
||||
fi |
||||
|
||||
if dpkg-statoverride --list /usr/bin/ceoquery > /dev/null; then |
||||
dpkg-statoverride --remove /usr/bin/ceoquery || true |
||||
fi |
||||
|
||||
if dpkg-statoverride --list /usr/bin/csc-chsh > /dev/null; then |
||||
dpkg-statoverride --remove /usr/bin/csc-chsh || true |
||||
fi |
||||
|
||||
if dpkg-statoverride --list /usr/bin/csc-chfn > /dev/null; then |
||||
dpkg-statoverride --remove /usr/bin/csc-chfn || true |
||||
fi |
||||
|
||||
if dpkg-statoverride --list /etc/csc/ldap.cf > /dev/null; then |
||||
dpkg-statoverride --remove /etc/csc/ldap.cf || true |
||||
fi |
||||
|
||||
if dpkg-statoverride --list /etc/csc/ceo.keytab > /dev/null; then |
||||
dpkg-statoverride --remove /etc/csc/ceo.keytab || true |
||||
fi |
||||
|
||||
rmdir --ignore-fail-on-non-empty /etc/csc |
||||
|
||||
;; |
||||
|
||||
remove|failed-upgrade|upgrade) |
||||
;; |
||||
|
||||
*) |
||||
echo "postrm called with invalid argument \"$1\"" >&2 |
||||
exit 1 |
||||
;; |
||||
esac |
||||
|
||||
#DEBHELPER# |
||||
|
||||
exit 0 |
@ -1,176 +0,0 @@ |
||||
/*
|
||||
Template for a setuid program that calls a script. |
||||
|
||||
The script should be in an unwritable directory and should itself |
||||
be unwritable. In fact all parent directories up to the root |
||||
should be unwritable. The script must not be setuid, that's what |
||||
this program is for. |
||||
|
||||
This is a template program. You need to fill in the name of the |
||||
script that must be executed. This is done by changing the |
||||
definition of FULL_PATH below. |
||||
|
||||
There are also some rules that should be adhered to when writing |
||||
the script itself. |
||||
|
||||
The first and most important rule is to never, ever trust that the |
||||
user of the program will behave properly. Program defensively. |
||||
Check your arguments for reasonableness. If the user is allowed to |
||||
create files, check the names of the files. If the program depends |
||||
on argv[0] for the action it should perform, check it. |
||||
|
||||
Assuming the script is a Bourne shell script, the first line of the |
||||
script should be |
||||
#!/bin/sh - |
||||
The - is important, don't omit it. If you're using esh, the first |
||||
line should be |
||||
#!/usr/local/bin/esh -f |
||||
and for ksh, the first line should be |
||||
#!/usr/local/bin/ksh -p |
||||
The script should then set the variable IFS to the string |
||||
consisting of <space>, <tab>, and <newline>. After this (*not* |
||||
before!), the PATH variable should be set to a reasonable value and |
||||
exported. Do not expect the PATH to have a reasonable value, so do |
||||
not trust the old value of PATH. You should then set the umask of |
||||
the program by calling |
||||
umask 077 # or 022 if you want the files to be readable |
||||
If you plan to change directories, you should either unset CDPATH |
||||
or set it to a good value. Setting CDPATH to just ``.'' (dot) is a |
||||
good idea. |
||||
If, for some reason, you want to use csh, the first line should be |
||||
#!/bin/csh -fb |
||||
You should then set the path variable to something reasonable, |
||||
without trusting the inherited path. Here too, you should set the |
||||
umask using the command |
||||
umask 077 # or 022 if you want the files to be readable |
||||
*/ |
||||
|
||||
#include <unistd.h> |
||||
#include <stdlib.h> |
||||
#include <stdio.h> |
||||
#include <sys/types.h> |
||||
#include <sys/stat.h> |
||||
#include <string.h> |
||||
|
||||
/* CONFIGURATION SECTION */ |
||||
|
||||
#ifndef FULL_PATH /* so that this can be specified from the Makefile */ |
||||
/* Uncomment the following line:
|
||||
#define FULL_PATH "/full/path/of/script" |
||||
* Then comment out the #error line. */ |
||||
#error "You must define FULL_PATH somewhere" |
||||
#endif |
||||
#ifndef UMASK |
||||
#define UMASK 077 |
||||
#endif |
||||
|
||||
/* END OF CONFIGURATION SECTION */ |
||||
|
||||
#if defined(__STDC__) && defined(__sgi) |
||||
#define environ _environ |
||||
#endif |
||||
|
||||
/* don't change def_IFS */ |
||||
char def_IFS[] = "IFS= \t\n"; |
||||
/* you may want to change def_PATH, but you should really change it in */ |
||||
/* your script */ |
||||
#ifdef __sgi |
||||
char def_PATH[] = "PATH=/usr/bsd:/usr/bin:/bin:/usr/local/bin:/usr/sbin"; |
||||
#else |
||||
char def_PATH[] = "PATH=/usr/ucb:/usr/bin:/bin:/usr/local/bin"; |
||||
#endif |
||||
/* don't change def_CDPATH */ |
||||
char def_CDPATH[] = "CDPATH=."; |
||||
/* don't change def_ENV */ |
||||
char def_ENV[] = "ENV=:"; |
||||
|
||||
/*
|
||||
This function changes all environment variables that start with LD_ |
||||
into variables that start with XD_. This is important since we |
||||
don't want the script that is executed to use any funny shared |
||||
libraries. |
||||
|
||||
The other changes to the environment are, strictly speaking, not |
||||
needed here. They can safely be done in the script. They are done |
||||
here because we don't trust the script writer (just like the script |
||||
writer shouldn't trust the user of the script). |
||||
If IFS is set in the environment, set it to space,tab,newline. |
||||
If CDPATH is set in the environment, set it to ``.''. |
||||
Set PATH to a reasonable default. |
||||
*/ |
||||
void |
||||
clean_environ(void) |
||||
{ |
||||
char **p; |
||||
extern char **environ; |
||||
|
||||
for (p = environ; *p; p++) { |
||||
if (strncmp(*p, "LD_", 3) == 0) |
||||
**p = 'X'; |
||||
else if (strncmp(*p, "_RLD", 4) == 0) |
||||
**p = 'X'; |
||||
else if (strncmp(*p, "PYTHON", 6) == 0) |
||||
**p = 'X'; |
||||
else if (strncmp(*p, "IFS=", 4) == 0) |
||||
*p = def_IFS; |
||||
else if (strncmp(*p, "CDPATH=", 7) == 0) |
||||
*p = def_CDPATH; |
||||
else if (strncmp(*p, "ENV=", 4) == 0) |
||||
*p = def_ENV; |
||||
} |
||||
putenv(def_PATH); |
||||
} |
||||
|
||||
int |
||||
main(int argc, char **argv) |
||||
{ |
||||
struct stat statb; |
||||
gid_t egid = getegid(); |
||||
uid_t euid = geteuid(); |
||||
|
||||
/*
|
||||
Sanity check #1. |
||||
This check should be made compile-time, but that's not possible. |
||||
If you're sure that you specified a full path name for FULL_PATH, |
||||
you can omit this check. |
||||
*/ |
||||
if (FULL_PATH[0] != '/') { |
||||
fprintf(stderr, "%s: %s is not a full path name\n", argv[0], |
||||
FULL_PATH); |
||||
fprintf(stderr, "You can only use this wrapper if you\n"); |
||||
fprintf(stderr, "compile it with an absolute path.\n"); |
||||
exit(1); |
||||
} |
||||
|
||||
/*
|
||||
Sanity check #2. |
||||
Check that the owner of the script is equal to either the |
||||
effective uid or the super user. |
||||
*/ |
||||
if (stat(FULL_PATH, &statb) < 0) { |
||||
perror("stat"); |
||||
exit(1); |
||||
} |
||||
if (statb.st_uid != 0 && statb.st_uid != euid) { |
||||
fprintf(stderr, "%s: %s has the wrong owner\n", argv[0], |
||||
FULL_PATH); |
||||
fprintf(stderr, "The script should be owned by root,\n"); |
||||
fprintf(stderr, "and shouldn't be writeable by anyone.\n"); |
||||
exit(1); |
||||
} |
||||
|
||||
//if (setregid(egid, egid) < 0)
|
||||
// perror("setregid");
|
||||
//if (setreuid(euid, euid) < 0)
|
||||
// perror("setreuid");
|
||||
|
||||
clean_environ(); |
||||
|
||||
umask(UMASK); |
||||
|
||||
while (**argv == '-') /* don't let argv[0] start with '-' */ |
||||
(*argv)++; |
||||
execv(FULL_PATH, argv); |
||||
fprintf(stderr, "%s: could not execute the script\n", argv[0]); |
||||
exit(1); |
||||
} |
Loading…
Reference in new issue