| … | |
… | |
| 234 | |
234 | |
| 235 | ioctl (fd_tty, TIOCSCTTY, NULL); |
235 | ioctl (fd_tty, TIOCSCTTY, NULL); |
| 236 | |
236 | |
| 237 | int fd = open ("/dev/tty", O_WRONLY); |
237 | int fd = open ("/dev/tty", O_WRONLY); |
| 238 | if (fd < 0) |
238 | if (fd < 0) |
| 239 | return -1; /* fatal */ |
239 | return -1; /* fatal */ |
| 240 | |
240 | |
| 241 | close (fd); |
241 | close (fd); |
| 242 | |
242 | |
| 243 | return 0; |
243 | return 0; |
| 244 | } |
244 | } |
| … | |
… | |
| 411 | cmd.type = command::get; |
411 | cmd.type = command::get; |
| 412 | |
412 | |
| 413 | write (sock_fd, &cmd, sizeof (cmd)); |
413 | write (sock_fd, &cmd, sizeof (cmd)); |
| 414 | |
414 | |
| 415 | if (read (sock_fd, &id, sizeof (id)) != sizeof (id)) |
415 | if (read (sock_fd, &id, sizeof (id)) != sizeof (id)) |
| 416 | fatal ("protocol error while creating pty using helper process, aborting.\n"); |
416 | ptytty_fatal ("protocol error while creating pty using helper process, aborting.\n"); |
| 417 | |
417 | |
| 418 | if (!id) |
418 | if (!id) |
| 419 | return false; |
419 | return false; |
| 420 | |
420 | |
| 421 | if ((pty = recv_fd (sock_fd)) < 0 |
421 | if ((pty = recv_fd (sock_fd)) < 0 |
| 422 | || (tty = recv_fd (sock_fd)) < 0) |
422 | || (tty = recv_fd (sock_fd)) < 0) |
| 423 | fatal ("protocol error while reading pty/tty fds from helper process, aborting.\n"); |
423 | ptytty_fatal ("protocol error while reading pty/tty fds from helper process, aborting.\n"); |
| 424 | |
424 | |
| 425 | return true; |
425 | return true; |
| 426 | } |
426 | } |
| 427 | |
427 | |
| 428 | void |
428 | void |
| … | |
… | |
| 520 | owner_pid = pid; |
520 | owner_pid = pid; |
| 521 | |
521 | |
| 522 | int sv[2]; |
522 | int sv[2]; |
| 523 | |
523 | |
| 524 | if (socketpair (AF_UNIX, SOCK_STREAM, 0, sv)) |
524 | if (socketpair (AF_UNIX, SOCK_STREAM, 0, sv)) |
| 525 | fatal ("could not create socket to communicate with pty/sessiondb helper, aborting.\n"); |
525 | ptytty_fatal ("could not create socket to communicate with pty/sessiondb helper, aborting.\n"); |
| 526 | |
526 | |
| 527 | helper_pid = fork (); |
527 | helper_pid = fork (); |
| 528 | |
528 | |
| 529 | if (helper_pid < 0) |
529 | if (helper_pid < 0) |
| 530 | fatal ("could not create pty/sessiondb helper process, aborting.\n"); |
530 | ptytty_fatal ("could not create pty/sessiondb helper process, aborting.\n"); |
| 531 | |
531 | |
| 532 | if (helper_pid) |
532 | if (helper_pid) |
| 533 | { |
533 | { |
| 534 | // client, process |
534 | // client, process |
| 535 | sock_fd = sv[0]; |
535 | sock_fd = sv[0]; |
| … | |
… | |
| 564 | else |
564 | else |
| 565 | #endif |
565 | #endif |
| 566 | return new ptytty_unix; |
566 | return new ptytty_unix; |
| 567 | } |
567 | } |
| 568 | |
568 | |
|
|
569 | void |
|
|
570 | ptytty::init () |
|
|
571 | { |
|
|
572 | uid_t uid = getuid (); |
|
|
573 | gid_t gid = getgid (); |
|
|
574 | |
|
|
575 | // before doing anything else, check for setuid/setgid operation, |
|
|
576 | // start the helper process and drop privileges |
|
|
577 | if (uid != geteuid () |
|
|
578 | || gid != getegid ()) |
|
|
579 | { |
|
|
580 | #if PTYTTY_HELPER |
|
|
581 | use_helper (); |
|
|
582 | #else |
|
|
583 | ptytty_warn ("running setuid/setgid without pty helper compiled in, continuing unprivileged.\n"); |
|
|
584 | #endif |
| 569 | |
585 | |
|
|
586 | drop_privileges (); |
|
|
587 | } |
|
|
588 | } |
|
|
589 | |
|
|
590 | void |
|
|
591 | ptytty::drop_privileges () |
|
|
592 | { |
|
|
593 | uid_t uid = getuid (); |
|
|
594 | gid_t gid = getgid (); |
|
|
595 | |
|
|
596 | // drop privileges |
|
|
597 | #if HAVE_SETRESUID |
|
|
598 | setresgid (gid, gid, gid); |
|
|
599 | setresuid (uid, uid, uid); |
|
|
600 | #elif HAVE_SETREUID |
|
|
601 | setregid (gid, gid); |
|
|
602 | setreuid (uid, uid); |
|
|
603 | #elif HAVE_SETUID |
|
|
604 | setgid (gid); |
|
|
605 | setuid (uid); |
|
|
606 | #endif |
|
|
607 | |
|
|
608 | if (uid != geteuid () |
|
|
609 | || gid != getegid ()) |
|
|
610 | ptytty_fatal ("unable to drop privileges, aborting.\n"); |
|
|
611 | } |
|
|
612 | |
