chkpath: Add options for trusting other groups.

diff --git a/chkpath.1 b/chkpath.1
index 3668936ebc53544312a6af9a8d1febee7e0b8e21..181cc0970260a22066a44b6b26068a16c5740179 100644 (file)
--- a/chkpath.1
+++ b/chkpath.1
@@ -5,6 +5,8 @@ chkpath \- check a path string for security
 .SH SYNOPSIS
 .B chkpath
 .RB [ \-vqstp ]
 .SH SYNOPSIS
 .B chkpath
 .RB [ \-vqstp ]

+.RB [ \-g
+.IR group ]

 .RI [ path ...]
 .SH USAGE
 The
 .RI [ path ...]
 .SH USAGE
 The


@@ -60,6 +62,19 @@ effect, so put more in for more verbosity.  Note that verbose doesn't
 mean the same as interesting.  The default is to report problems with
 directories and system errors.
 .TP
 mean the same as interesting.  The default is to report problems with
 directories and system errors.
 .TP

+.B "\-g, \-\-group " group
+Consider members of
+.I group
+to be trustworthy:
+.B chkpath
+won't warn about a directory being group-writable if its gid matches
+.IR group .
+The
+.I group
+may be a group name (looked up in
+.BR /etc/group )
+or a numeric gid in decimal.
+.TP

 .B "\-q, \-\-quiet"
 Makes
 .B chkpath
 .B "\-q, \-\-quiet"
 Makes
 .B chkpath

diff --git a/chkpath.c b/chkpath.c
index 65d939057a8e9e55a278aac782cb9340993f5624..08c39c7ecdeeb0c3264af62261098db820a732ec 100644 (file)
--- a/chkpath.c
+++ b/chkpath.c
@@ -34,6 +34,9 @@
 #include <stdlib.h>
 #include <string.h>
 
 #include <stdlib.h>
 #include <string.h>
 

+#include <pwd.h>
+#include <grp.h>
+

 #include <mLib/alloc.h>
 #include <mLib/mdwopt.h>
 #include <mLib/quis.h>
 #include <mLib/alloc.h>
 #include <mLib/mdwopt.h>
 #include <mLib/quis.h>


@@ -53,7 +56,7 @@ static void report(unsigned what, int verbose,
 /* --- @usage@ --- */
 
 static void usage(FILE *fp)
 /* --- @usage@ --- */
 
 static void usage(FILE *fp)

-  { fprintf(fp, "Usage: %s [-vqstp] [PATH...]\n", QUIS); }
+  { fprintf(fp, "Usage: %s [-vqstp] [-g NAME] [PATH...]\n", QUIS); }

 
 /* --- @version@ --- */
 
 
 /* --- @version@ --- */
 


@@ -84,6 +87,7 @@ Options provided are:\n\
 -s, --sticky           Consider sticky directories secure against\n\
                        modification by world and group (not recommended).\n\
 -t, --trust-group      Consider other members of your group trustworthy.\n\
 -s, --sticky           Consider sticky directories secure against\n\
                        modification by world and group (not recommended).\n\
 -t, --trust-group      Consider other members of your group trustworthy.\n\

+-g, --group NAME       Consider members of group NAME trustworthy.\n\

 -p, --print            Write the secure path elements to standard output.\n\
 ",
        fp);
 -p, --print            Write the secure path elements to standard output.\n\
 ",
        fp);


@@ -107,10 +111,11 @@ int main(int argc, char *argv[])
   /* --- Set up path scanning defaults --- */
 
   cp.cp_verbose = 1;
   /* --- Set up path scanning defaults --- */
 
   cp.cp_verbose = 1;

-  cp.cp_what = CP_PROBLEMS | CP_REPORT | CP_SYMLINK;
+  cp.cp_what = (CP_PROBLEMS | CP_REPORT | CP_SYMLINK) & ~CP_WRGRP;

   cp.cp_report = report;
   cp.cp_arg = 0;
   cp.cp_report = report;
   cp.cp_arg = 0;

-  checkpath_setids(&cp);
+  cp.cp_gids = 0;
+  checkpath_setuid(&cp);

 
   /* --- Parse the options --- */
 
 
   /* --- Parse the options --- */
 


@@ -126,7 +131,7 @@ int main(int argc, char *argv[])
       { "print",       0,              0,      'p' },
       { 0,             0,              0,      0 }
     };
       { "print",       0,              0,      'p' },
       { 0,             0,              0,      0 }
     };

-    int i = mdwopt(argc, argv, "hVu" "vqstp", opts, 0, 0, 0);
+    int i = mdwopt(argc, argv, "hVu" "vqstpg:", opts, 0, 0, 0);

 
     if (i < 0)
       break;
 
     if (i < 0)
       break;


@@ -151,7 +156,11 @@ int main(int argc, char *argv[])
        cp.cp_what |= CP_STICKYOK;
        break;
       case 't':
        cp.cp_what |= CP_STICKYOK;
        break;
       case 't':

-       cp.cp_what = (cp.cp_what & ~CP_WRGRP) | CP_WROTHGRP;
+       if (checkpath_setgid(&cp) || checkpath_setgroups(&cp))
+         die(1, "too many groups");
+       break;
+      case 'g':
+       allowgroup(&cp, optarg);

        break;
       case 'p':
        f |= f_print;
        break;
       case 'p':
        f |= f_print;