chiark
/
gitweb
/
~ian
/
chiark-utils.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
xacpi-simple close bug
[chiark-utils.git]
/
cprogs
/
really.c
diff --git
a/cprogs/really.c
b/cprogs/really.c
index f4cfa08692a99821f9309680d719da7d48456c47..46db5749510169b2302bb826d694bd749be3de56 100644
(file)
--- a/
cprogs/really.c
+++ b/
cprogs/really.c
@@
-1,11
+1,11
@@
/*
* really.c - program for gaining privilege
*
/*
* really.c - program for gaining privilege
*
- * Copyright (C) 1992-3 Ian Jackson <i
wj10@cus.cam.ac
.uk>
+ * Copyright (C) 1992-3 Ian Jackson <i
an@davenant.greenend.org
.uk>
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version
2
,
+ * published by the Free Software Foundation; either version
3
,
* or (at your option) any later version.
*
* This is distributed in the hope that it will be useful, but
* or (at your option) any later version.
*
* This is distributed in the hope that it will be useful, but
@@
-14,8
+14,9
@@
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * License along with this file; if not, consult the Free Software
+ * Foundation's website at www.fsf.org, or the GNU Project website at
+ * www.gnu.org.
*/
#include <stdio.h>
*/
#include <stdio.h>
@@
-30,21
+31,24
@@
#include "myopt.h"
void usagemessage(void) {
#include "myopt.h"
void usagemessage(void) {
- if (fputs("usage: really [<
user-option>] [<group
-option> ...] [--]"
+ if (fputs("usage: really [<
really
-option> ...] [--]"
" [<command> [<argument/option> ...]]\n"
" [<command> [<argument/option> ...]]\n"
- "
user-options
:\n"
+ "
really-options specifying the user
:\n"
" if no options given, set the uid to 0;\n"
" -u|--user <username> also sets their default group list\n"
" -i|--useronly <username> } set the uid\n"
" -I|--uidonly <uid> } but inherits the group list\n"
" if no options given, set the uid to 0;\n"
" -u|--user <username> also sets their default group list\n"
" -i|--useronly <username> } set the uid\n"
" -I|--uidonly <uid> } but inherits the group list\n"
- "
group-options
:\n"
+ "
really-options specifying the group
:\n"
" -z|--groupsclear only groups specified are to be used\n"
" -g|--group <groupname> } add this to\n"
" -z|--groupsclear only groups specified are to be used\n"
" -g|--group <groupname> } add this to\n"
- " -G|--gid <gid> } the group list\n",
+ " -G|--gid <gid> } the group list\n"
+ "other really-options:\n"
+ " -h|--help display this message\n"
+ " -R|--chroot <dir> chroot (but *not* chdir)\n",
stderr) == EOF) { perror("write usage"); exit(-1); }
}
stderr) == EOF) { perror("write usage"); exit(-1); }
}
-static const char *opt_user, *opt_useronly;
+static const char *opt_user, *opt_useronly
, *opt_chroot
;
static int opt_groupsclear= 0, opt_ngids= 0, opt_uidonly= -1;
static int opt_gids[512];
static int opt_groupsclear= 0, opt_ngids= 0, opt_uidonly= -1;
static int opt_gids[512];
@@
-89,33
+93,36
@@
static const struct cmdinfo cmdinfos[]= {
{ "groupsclear", 'z', 0, &opt_groupsclear, 0, 0, 1 },
{ "group", 'g', 1, 0, 0, af_group },
{ "gid", 'G', 1, 0, 0, af_gid },
{ "groupsclear", 'z', 0, &opt_groupsclear, 0, 0, 1 },
{ "group", 'g', 1, 0, 0, af_group },
{ "gid", 'G', 1, 0, 0, af_gid },
+ { "chroot", 'R', 1, 0, &opt_chroot, 0 },
{ "help", 'h', 0, 0, 0, af_help },
{ 0, 0 }
};
#ifdef REALLY_CHECK_FILE
{ "help", 'h', 0, 0, 0, af_help },
{ 0, 0 }
};
#ifdef REALLY_CHECK_FILE
-static
void
checkroot(void) {
+static
int
checkroot(void) {
int r;
r= access(REALLY_CHECK_FILE,W_OK);
int r;
r= access(REALLY_CHECK_FILE,W_OK);
- if (r) { perror("sorry"); exit(-1); }
+ if (r) return -1;
+ return 0;
}
#endif
#ifdef REALLY_CHECK_GID
}
#endif
#ifdef REALLY_CHECK_GID
-static
void
checkroot(void) {
+static
int
checkroot(void) {
gid_t groups[512];
int r, i;
gid_t groups[512];
int r, i;
- r= getgid(); if (r==REALLY_CHECK_GID) return;
+ r= getgid(); if (r==REALLY_CHECK_GID) return
0
;
if (r<0) { perror("getgid check"); exit(-1); }
r= getgroups(sizeof(groups)/sizeof(groups[0]),groups);
if (r<0) { perror("getgroups check"); exit(-1); }
for (i=0; i<r; i++)
if (r<0) { perror("getgid check"); exit(-1); }
r= getgroups(sizeof(groups)/sizeof(groups[0]),groups);
if (r<0) { perror("getgroups check"); exit(-1); }
for (i=0; i<r; i++)
- if (groups[i] == REALLY_CHECK_GID) return;
-
fputs("sorry\n",stderr); exit(-1)
;
+ if (groups[i] == REALLY_CHECK_GID) return
0
;
+
return -1
;
}
#endif
#ifdef REALLY_CHECK_NONE
}
#endif
#ifdef REALLY_CHECK_NONE
-static void checkroot(void) {
+static int checkroot(void) {
+ return 0;
}
#endif
}
#endif
@@
-125,7
+132,8
@@
int main(int argc, const char *const *argv) {
int i, j, ngroups, ngroups_in, maingid, orgmaingid, mainuid, orgmainuid, r;
const char *cp;
int i, j, ngroups, ngroups_in, maingid, orgmaingid, mainuid, orgmainuid, r;
const char *cp;
- checkroot();
+ orgmainuid= getuid();
+ if (orgmainuid && checkroot()) { perror("sorry"); exit(-1); }
myopt(&argv,cmdinfos);
if (opt_groupsclear && !opt_ngids)
myopt(&argv,cmdinfos);
if (opt_groupsclear && !opt_ngids)
@@
-146,8
+154,10
@@
int main(int argc, const char *const *argv) {
if (!pw) { fprintf(stderr,"unknown user `%s'\n",cp); exit(-1); }
opt_uidonly= pw->pw_uid;
}
if (!pw) { fprintf(stderr,"unknown user `%s'\n",cp); exit(-1); }
opt_uidonly= pw->pw_uid;
}
+ if (opt_chroot) {
+ if (chroot(opt_chroot)) { perror("chroot failed"); exit(-1); }
+ }
orgmaingid= getgid();
orgmaingid= getgid();
- orgmainuid= getuid();
if (orgmaingid<0) { perror("getgid failed"); exit(-1); }
if (opt_user) {
r= initgroups(opt_user,pw->pw_gid);
if (orgmaingid<0) { perror("getgid failed"); exit(-1); }
if (opt_user) {
r= initgroups(opt_user,pw->pw_gid);