… | |
… | |
234 | |
234 | |
235 | ioctl (fd_tty, TIOCSCTTY, NULL); |
235 | ioctl (fd_tty, TIOCSCTTY, NULL); |
236 | |
236 | |
237 | int fd = open ("/dev/tty", O_WRONLY); |
237 | int fd = open ("/dev/tty", O_WRONLY); |
238 | if (fd < 0) |
238 | if (fd < 0) |
239 | return -1; /* fatal */ |
239 | return -1; /* fatal */ |
240 | |
240 | |
241 | close (fd); |
241 | close (fd); |
242 | |
242 | |
243 | return 0; |
243 | return 0; |
244 | } |
244 | } |
… | |
… | |
411 | cmd.type = command::get; |
411 | cmd.type = command::get; |
412 | |
412 | |
413 | write (sock_fd, &cmd, sizeof (cmd)); |
413 | write (sock_fd, &cmd, sizeof (cmd)); |
414 | |
414 | |
415 | if (read (sock_fd, &id, sizeof (id)) != sizeof (id)) |
415 | if (read (sock_fd, &id, sizeof (id)) != sizeof (id)) |
416 | fatal ("protocol error while creating pty using helper process, aborting.\n"); |
416 | ptytty_fatal ("protocol error while creating pty using helper process, aborting.\n"); |
417 | |
417 | |
418 | if (!id) |
418 | if (!id) |
419 | return false; |
419 | return false; |
420 | |
420 | |
421 | if ((pty = recv_fd (sock_fd)) < 0 |
421 | if ((pty = recv_fd (sock_fd)) < 0 |
422 | || (tty = recv_fd (sock_fd)) < 0) |
422 | || (tty = recv_fd (sock_fd)) < 0) |
423 | fatal ("protocol error while reading pty/tty fds from helper process, aborting.\n"); |
423 | ptytty_fatal ("protocol error while reading pty/tty fds from helper process, aborting.\n"); |
424 | |
424 | |
425 | return true; |
425 | return true; |
426 | } |
426 | } |
427 | |
427 | |
428 | void |
428 | void |
… | |
… | |
520 | owner_pid = pid; |
520 | owner_pid = pid; |
521 | |
521 | |
522 | int sv[2]; |
522 | int sv[2]; |
523 | |
523 | |
524 | if (socketpair (AF_UNIX, SOCK_STREAM, 0, sv)) |
524 | if (socketpair (AF_UNIX, SOCK_STREAM, 0, sv)) |
525 | fatal ("could not create socket to communicate with pty/sessiondb helper, aborting.\n"); |
525 | ptytty_fatal ("could not create socket to communicate with pty/sessiondb helper, aborting.\n"); |
526 | |
526 | |
527 | helper_pid = fork (); |
527 | helper_pid = fork (); |
528 | |
528 | |
529 | if (helper_pid < 0) |
529 | if (helper_pid < 0) |
530 | fatal ("could not create pty/sessiondb helper process, aborting.\n"); |
530 | ptytty_fatal ("could not create pty/sessiondb helper process, aborting.\n"); |
531 | |
531 | |
532 | if (helper_pid) |
532 | if (helper_pid) |
533 | { |
533 | { |
534 | // client, process |
534 | // client, process |
535 | sock_fd = sv[0]; |
535 | sock_fd = sv[0]; |
… | |
… | |
564 | else |
564 | else |
565 | #endif |
565 | #endif |
566 | return new ptytty_unix; |
566 | return new ptytty_unix; |
567 | } |
567 | } |
568 | |
568 | |
|
|
569 | void |
|
|
570 | ptytty::init () |
|
|
571 | { |
|
|
572 | uid_t uid = getuid (); |
|
|
573 | gid_t gid = getgid (); |
|
|
574 | |
|
|
575 | // before doing anything else, check for setuid/setgid operation, |
|
|
576 | // start the helper process and drop privileges |
|
|
577 | if (uid != geteuid () |
|
|
578 | || gid != getegid ()) |
|
|
579 | { |
|
|
580 | #if PTYTTY_HELPER |
|
|
581 | use_helper (); |
|
|
582 | #else |
|
|
583 | ptytty_warn ("running setuid/setgid without pty helper compiled in, continuing unprivileged.\n"); |
|
|
584 | #endif |
569 | |
585 | |
|
|
586 | drop_privileges (); |
|
|
587 | } |
|
|
588 | } |
|
|
589 | |
|
|
590 | void |
|
|
591 | ptytty::drop_privileges () |
|
|
592 | { |
|
|
593 | uid_t uid = getuid (); |
|
|
594 | gid_t gid = getgid (); |
|
|
595 | |
|
|
596 | // drop privileges |
|
|
597 | #if HAVE_SETRESUID |
|
|
598 | setresgid (gid, gid, gid); |
|
|
599 | setresuid (uid, uid, uid); |
|
|
600 | #elif HAVE_SETREUID |
|
|
601 | setregid (gid, gid); |
|
|
602 | setreuid (uid, uid); |
|
|
603 | #elif HAVE_SETUID |
|
|
604 | setgid (gid); |
|
|
605 | setuid (uid); |
|
|
606 | #endif |
|
|
607 | |
|
|
608 | if (uid != geteuid () |
|
|
609 | || gid != getegid ()) |
|
|
610 | ptytty_fatal ("unable to drop privileges, aborting.\n"); |
|
|
611 | } |
|
|
612 | |