| … | |
… | |
| 93 | This method calls "sanitise_stdfd" and then checks whether the |
93 | This method calls "sanitise_stdfd" and then checks whether the |
| 94 | program runs with setuid/setgid permissions and, if yes, spawns a |
94 | program runs with setuid/setgid permissions and, if yes, spawns a |
| 95 | helper process for pty/tty management. It then drops the privileges |
95 | helper process for pty/tty management. It then drops the privileges |
| 96 | completely, so the actual program runs without setuid/setgid |
96 | completely, so the actual program runs without setuid/setgid |
| 97 | privileges. |
97 | privileges. |
|
|
98 | |
|
|
99 | On failure, this method terminates the process. |
| 98 | |
100 | |
| 99 | ptytty::use_helper () |
101 | ptytty::use_helper () |
| 100 | Tries to start a helper process that retains privileges even when |
102 | Tries to start a helper process that retains privileges even when |
| 101 | the calling process does not. This is usually called from |
103 | the calling process does not. This is usually called from |
| 102 | "ptytty::init" when it detects that the program is running setuid or |
104 | "ptytty::init" when it detects that the program is running setuid or |
| … | |
… | |
| 107 | |
109 | |
| 108 | This method will try not to start more than one helper process. The |
110 | This method will try not to start more than one helper process. The |
| 109 | same helper process can usually be used both from the process |
111 | same helper process can usually be used both from the process |
| 110 | starting it and all its fork'ed (not exec'ed) children. |
112 | starting it and all its fork'ed (not exec'ed) children. |
| 111 | |
113 | |
|
|
114 | On failure, this method terminates the process. |
|
|
115 | |
| 112 | ptytty::drop_privileges () |
116 | ptytty::drop_privileges () |
| 113 | Drops privileges completely, i.e. sets real, effective and saved |
117 | Drops privileges completely, i.e. sets real, effective and saved |
| 114 | user id to the real user id. Also aborts if this cannot be achieved. |
118 | user id to the real user id. Useful to make sure that the process |
| 115 | Useful to make sure that the process doesn't run with special |
119 | doesn't run with special privileges. |
| 116 | privileges. |
120 | |
|
|
121 | On failure, this method terminates the process. |
| 117 | |
122 | |
| 118 | ptytty::sanitise_stdfd () |
123 | ptytty::sanitise_stdfd () |
| 119 | Checks whether file descriptors 0, 1 and 2 (stdin, stdout and |
124 | Checks whether file descriptors 0, 1 and 2 (stdin, stdout and |
| 120 | stderr) are valid (open) and, if not, connects them to /dev/tty or |
125 | stderr) are valid (open) and, if not, connects them to /dev/tty or |
| 121 | /dev/null if possible (and aborts otherwise). This is necessary |
126 | /dev/null if possible. This is necessary because libptytty might |
| 122 | because libptytty might want to output error messages to those |
127 | want to output error messages to those descriptors, which at the |
| 123 | descriptors, which at the time of outputting the error message, |
128 | time of outputting the error message, might be connected to |
| 124 | might be connected to something unsuitable opened by the |
129 | something unsuitable opened by the unsuspecting program itself (this |
| 125 | unsuspecting program itself (this can be a security issue). |
130 | can be a security issue). |
|
|
131 | |
|
|
132 | On failure, this method terminates the process. |
| 126 | |
133 | |
| 127 | bool success = ptytty::send_fd (int socket, int fd) |
134 | bool success = ptytty::send_fd (int socket, int fd) |
| 128 | Utility method to send a file descriptor over a unix domain socket. |
135 | Utility method to send a file descriptor over a unix domain socket. |
| 129 | Returns true if successful, false otherwise. This method is only |
136 | Returns true if successful, false otherwise. This method is only |
| 130 | exposed for your convenience and is not required for normal |
137 | exposed for your convenience and is not required for normal |
| … | |
… | |
| 145 | |
152 | |
| 146 | DYNAMIC/SESSION-RELATED DATA MEMBERS AND METHODS |
153 | DYNAMIC/SESSION-RELATED DATA MEMBERS AND METHODS |
| 147 | int pty_fd = pty->pty |
154 | int pty_fd = pty->pty |
| 148 | int tty_fd = pty->tty |
155 | int tty_fd = pty->tty |
| 149 | These members contain the pty and tty file descriptors, |
156 | These members contain the pty and tty file descriptors, |
| 150 | respectively. They initially contain -1 until a successful to |
157 | respectively. They initially contain -1 until a successful call to |
| 151 | "ptytty::get". |
158 | "ptytty::get". |
| 152 | |
159 | |
| 153 | bool success = pty->get () |
160 | bool success = pty->get () |
| 154 | Tries to find, allocate and initialise a new pty/tty pair. Returns |
161 | Tries to find, allocate and initialise a new pty/tty pair. Returns |
| 155 | "true" when successful. |
162 | "true" when successful. |
|
|
163 | |
|
|
164 | If the helper process is running and there is a protocol error, this |
|
|
165 | method terminates the process. |
| 156 | |
166 | |
| 157 | pty->login (int cmd_pid, bool login_shell, const char *hostname) |
167 | pty->login (int cmd_pid, bool login_shell, const char *hostname) |
| 158 | Creates an entry in the systems session database(s) (utmp, wtmp, |
168 | Creates an entry in the systems session database(s) (utmp, wtmp, |
| 159 | lastlog). "cmd_pid" must be the pid of the process representing the |
169 | lastlog). "cmd_pid" must be the pid of the process representing the |
| 160 | session (such as the login shell), "login_shell" defines whether the |
170 | session (such as the login shell), "login_shell" defines whether the |
