… | |
… | |
93 | This method calls "sanitise_stdfd" and then checks whether the |
93 | This method calls "sanitise_stdfd" and then checks whether the |
94 | program runs with setuid/setgid permissions and, if yes, spawns a |
94 | program runs with setuid/setgid permissions and, if yes, spawns a |
95 | helper process for pty/tty management. It then drops the privileges |
95 | helper process for pty/tty management. It then drops the privileges |
96 | completely, so the actual program runs without setuid/setgid |
96 | completely, so the actual program runs without setuid/setgid |
97 | privileges. |
97 | privileges. |
|
|
98 | |
|
|
99 | On failure, this method terminates the process. |
98 | |
100 | |
99 | ptytty::use_helper () |
101 | ptytty::use_helper () |
100 | Tries to start a helper process that retains privileges even when |
102 | Tries to start a helper process that retains privileges even when |
101 | the calling process does not. This is usually called from |
103 | the calling process does not. This is usually called from |
102 | "ptytty::init" when it detects that the program is running setuid or |
104 | "ptytty::init" when it detects that the program is running setuid or |
… | |
… | |
107 | |
109 | |
108 | This method will try not to start more than one helper process. The |
110 | This method will try not to start more than one helper process. The |
109 | same helper process can usually be used both from the process |
111 | same helper process can usually be used both from the process |
110 | starting it and all its fork'ed (not exec'ed) children. |
112 | starting it and all its fork'ed (not exec'ed) children. |
111 | |
113 | |
|
|
114 | On failure, this method terminates the process. |
|
|
115 | |
112 | ptytty::drop_privileges () |
116 | ptytty::drop_privileges () |
113 | Drops privileges completely, i.e. sets real, effective and saved |
117 | Drops privileges completely, i.e. sets real, effective and saved |
114 | user id to the real user id. Also aborts if this cannot be achieved. |
118 | user id to the real user id. Useful to make sure that the process |
115 | Useful to make sure that the process doesn't run with special |
119 | doesn't run with special privileges. |
116 | privileges. |
120 | |
|
|
121 | On failure, this method terminates the process. |
117 | |
122 | |
118 | ptytty::sanitise_stdfd () |
123 | ptytty::sanitise_stdfd () |
119 | Checks whether file descriptors 0, 1 and 2 (stdin, stdout and |
124 | Checks whether file descriptors 0, 1 and 2 (stdin, stdout and |
120 | stderr) are valid (open) and, if not, connects them to /dev/tty or |
125 | stderr) are valid (open) and, if not, connects them to /dev/tty or |
121 | /dev/null if possible (and aborts otherwise). This is necessary |
126 | /dev/null if possible. This is necessary because libptytty might |
122 | because libptytty might want to output error messages to those |
127 | want to output error messages to those descriptors, which at the |
123 | descriptors, which at the time of outputting the error message, |
128 | time of outputting the error message, might be connected to |
124 | might be connected to something unsuitable opened by the |
129 | something unsuitable opened by the unsuspecting program itself (this |
125 | unsuspecting program itself (this can be a security issue). |
130 | can be a security issue). |
|
|
131 | |
|
|
132 | On failure, this method terminates the process. |
126 | |
133 | |
127 | bool success = ptytty::send_fd (int socket, int fd) |
134 | bool success = ptytty::send_fd (int socket, int fd) |
128 | Utility method to send a file descriptor over a unix domain socket. |
135 | Utility method to send a file descriptor over a unix domain socket. |
129 | Returns true if successful, false otherwise. This method is only |
136 | Returns true if successful, false otherwise. This method is only |
130 | exposed for your convenience and is not required for normal |
137 | exposed for your convenience and is not required for normal |
… | |
… | |
145 | |
152 | |
146 | DYNAMIC/SESSION-RELATED DATA MEMBERS AND METHODS |
153 | DYNAMIC/SESSION-RELATED DATA MEMBERS AND METHODS |
147 | int pty_fd = pty->pty |
154 | int pty_fd = pty->pty |
148 | int tty_fd = pty->tty |
155 | int tty_fd = pty->tty |
149 | These members contain the pty and tty file descriptors, |
156 | These members contain the pty and tty file descriptors, |
150 | respectively. They initially contain -1 until a successful to |
157 | respectively. They initially contain -1 until a successful call to |
151 | "ptytty::get". |
158 | "ptytty::get". |
152 | |
159 | |
153 | bool success = pty->get () |
160 | bool success = pty->get () |
154 | Tries to find, allocate and initialise a new pty/tty pair. Returns |
161 | Tries to find, allocate and initialise a new pty/tty pair. Returns |
155 | "true" when successful. |
162 | "true" when successful. |
|
|
163 | |
|
|
164 | If the helper process is running and there is a protocol error, this |
|
|
165 | method terminates the process. |
156 | |
166 | |
157 | pty->login (int cmd_pid, bool login_shell, const char *hostname) |
167 | pty->login (int cmd_pid, bool login_shell, const char *hostname) |
158 | Creates an entry in the systems session database(s) (utmp, wtmp, |
168 | Creates an entry in the systems session database(s) (utmp, wtmp, |
159 | lastlog). "cmd_pid" must be the pid of the process representing the |
169 | lastlog). "cmd_pid" must be the pid of the process representing the |
160 | session (such as the login shell), "login_shell" defines whether the |
170 | session (such as the login shell), "login_shell" defines whether the |