… | |
… | |
55 | user starting the program there is less to gain, as only the helper |
55 | user starting the program there is less to gain, as only the helper |
56 | process runs with privileges (e.g. setuid/setgid), which reduces the |
56 | process runs with privileges (e.g. setuid/setgid), which reduces the |
57 | area of attack immensely. |
57 | area of attack immensely. |
58 | |
58 | |
59 | Libptytty is written in C++, but it also offers a C-only API. |
59 | Libptytty is written in C++, but it also offers a C-only API. |
|
|
60 | |
|
|
61 | INSTALLATION |
|
|
62 | libptytty uses "CMake" as build system. To build libptytty, install |
|
|
63 | "CMake" and run the following commands from either the libptytty source |
|
|
64 | directory or a separate build directory: |
|
|
65 | |
|
|
66 | cmake -DCMAKE_INSTALL_PREFIX=<prefix> -DBUILD_SHARED_LIBS=ON <path/to/libptytty> |
|
|
67 | cmake --build . |
|
|
68 | cmake --install . |
60 | |
69 | |
61 | SECURITY CONSIDERATIONS |
70 | SECURITY CONSIDERATIONS |
62 | *It is of paramount importance that you at least read the following |
71 | *It is of paramount importance that you at least read the following |
63 | paragraph!* |
72 | paragraph!* |
64 | |
73 | |
… | |
… | |
93 | This method calls "sanitise_stdfd" and then checks whether the |
102 | This method calls "sanitise_stdfd" and then checks whether the |
94 | program runs with setuid/setgid permissions and, if yes, spawns a |
103 | program runs with setuid/setgid permissions and, if yes, spawns a |
95 | helper process for pty/tty management. It then drops the privileges |
104 | helper process for pty/tty management. It then drops the privileges |
96 | completely, so the actual program runs without setuid/setgid |
105 | completely, so the actual program runs without setuid/setgid |
97 | privileges. |
106 | privileges. |
|
|
107 | |
|
|
108 | On failure, this method throws a "ptytty_error" exception. |
98 | |
109 | |
99 | ptytty::use_helper () |
110 | ptytty::use_helper () |
100 | Tries to start a helper process that retains privileges even when |
111 | Tries to start a helper process that retains privileges even when |
101 | the calling process does not. This is usually called from |
112 | the calling process does not. This is usually called from |
102 | "ptytty::init" when it detects that the program is running setuid or |
113 | "ptytty::init" when it detects that the program is running setuid or |
… | |
… | |
107 | |
118 | |
108 | This method will try not to start more than one helper process. The |
119 | This method will try not to start more than one helper process. The |
109 | same helper process can usually be used both from the process |
120 | same helper process can usually be used both from the process |
110 | starting it and all its fork'ed (not exec'ed) children. |
121 | starting it and all its fork'ed (not exec'ed) children. |
111 | |
122 | |
|
|
123 | On failure, this method throws a "ptytty_error" exception. |
|
|
124 | |
112 | ptytty::drop_privileges () |
125 | ptytty::drop_privileges () |
113 | Drops privileges completely, i.e. sets real, effective and saved |
126 | Drops privileges completely, i.e. sets real, effective and saved |
114 | user id to the real user id. Also aborts if this cannot be achieved. |
127 | user id to the real user id. Useful to make sure that the process |
115 | Useful to make sure that the process doesn't run with special |
128 | doesn't run with special privileges. |
116 | privileges. |
129 | |
|
|
130 | On failure, this method throws a "ptytty_error" exception. |
117 | |
131 | |
118 | ptytty::sanitise_stdfd () |
132 | ptytty::sanitise_stdfd () |
119 | Checks whether file descriptors 0, 1 and 2 (stdin, stdout and |
133 | Checks whether file descriptors 0, 1 and 2 (stdin, stdout and |
120 | stderr) are valid (open) and, if not, connects them to /dev/tty or |
134 | stderr) are valid (open) and, if not, connects them to /dev/tty or |
121 | /dev/null if possible (and aborts otherwise). This is necessary |
135 | /dev/null if possible. This is necessary because libptytty might |
122 | because libptytty might want to output error messages to those |
136 | want to output error messages to those descriptors, which at the |
123 | descriptors, which at the time of outputting the error message, |
137 | time of outputting the error message, might be connected to |
124 | might be connected to something unsuitable opened by the |
138 | something unsuitable opened by the unsuspecting program itself (this |
125 | unsuspecting program itself (this can be a security issue). |
139 | can be a security issue). |
|
|
140 | |
|
|
141 | On failure, this method throws a "ptytty_error" exception. |
126 | |
142 | |
127 | bool success = ptytty::send_fd (int socket, int fd) |
143 | bool success = ptytty::send_fd (int socket, int fd) |
128 | Utility method to send a file descriptor over a unix domain socket. |
144 | Utility method to send a file descriptor over a unix domain socket. |
129 | Returns true if successful, false otherwise. This method is only |
145 | Returns true if successful, false otherwise. This method is only |
130 | exposed for your convenience and is not required for normal |
146 | exposed for your convenience and is not required for normal |
… | |
… | |
145 | |
161 | |
146 | DYNAMIC/SESSION-RELATED DATA MEMBERS AND METHODS |
162 | DYNAMIC/SESSION-RELATED DATA MEMBERS AND METHODS |
147 | int pty_fd = pty->pty |
163 | int pty_fd = pty->pty |
148 | int tty_fd = pty->tty |
164 | int tty_fd = pty->tty |
149 | These members contain the pty and tty file descriptors, |
165 | These members contain the pty and tty file descriptors, |
150 | respectively. They initially contain -1 until a successful to |
166 | respectively. They initially contain -1 until a successful call to |
151 | "ptytty::get". |
167 | "ptytty::get". |
152 | |
168 | |
153 | bool success = pty->get () |
169 | bool success = pty->get () |
154 | Tries to find, allocate and initialise a new pty/tty pair. Returns |
170 | Tries to find, allocate and initialise a new pty/tty pair. Returns |
155 | "true" when successful. |
171 | "true" when successful. |
|
|
172 | |
|
|
173 | If the helper process is running and there is a protocol error, this |
|
|
174 | method throws a "ptytty_error" exception. |
156 | |
175 | |
157 | pty->login (int cmd_pid, bool login_shell, const char *hostname) |
176 | pty->login (int cmd_pid, bool login_shell, const char *hostname) |
158 | Creates an entry in the systems session database(s) (utmp, wtmp, |
177 | Creates an entry in the systems session database(s) (utmp, wtmp, |
159 | lastlog). "cmd_pid" must be the pid of the process representing the |
178 | lastlog). "cmd_pid" must be the pid of the process representing the |
160 | session (such as the login shell), "login_shell" defines whether the |
179 | session (such as the login shell), "login_shell" defines whether the |
… | |
… | |
218 | See "ptytty::drop_privileges". |
237 | See "ptytty::drop_privileges". |
219 | |
238 | |
220 | void ptytty_use_helper () |
239 | void ptytty_use_helper () |
221 | See "ptytty::use_helper". |
240 | See "ptytty::use_helper". |
222 | |
241 | |
|
|
242 | PORTABILITY |
|
|
243 | To date, libptytty has been tested on the following platforms: |
|
|
244 | |
|
|
245 | GNU/Linux |
|
|
246 | FreeBSD |
|
|
247 | NetBSD |
|
|
248 | OpenBSD |
|
|
249 | macOS |
|
|
250 | Solaris |
|
|
251 | AIX |
|
|
252 | |
223 | BUGS |
253 | BUGS |
224 | You kiddin'? |
254 | You kiddin'? |
225 | |
255 | |
226 | AUTHORS |
256 | AUTHORS |
227 | Emanuele Giaquinta <e.giaquinta@glauco.it>, Marc Alexander Lehmann |
257 | Emanuele Giaquinta <emanuele.giaquinta@gmail.com>, Marc Alexander |
228 | <rxvt-unicode@schmorp.de>. |
258 | Lehmann <rxvt-unicode@schmorp.de>. |
229 | |
259 | |