… | |
… | |
46 | |
46 | |
47 | #ifdef HAVE_TERMIOS_H |
47 | #ifdef HAVE_TERMIOS_H |
48 | # include <termios.h> |
48 | # include <termios.h> |
49 | #endif |
49 | #endif |
50 | |
50 | |
51 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
52 | static uid_t saved_euid; |
|
|
53 | static gid_t saved_egid; |
|
|
54 | #endif |
|
|
55 | |
|
|
56 | bool |
|
|
57 | rxvt_tainted () |
|
|
58 | { |
|
|
59 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
60 | return getuid () != saved_euid || getgid () != saved_egid; |
|
|
61 | #else |
|
|
62 | return false; |
|
|
63 | #endif |
|
|
64 | } |
|
|
65 | |
|
|
66 | vector<rxvt_term *> rxvt_term::termlist; |
51 | vector<rxvt_term *> rxvt_term::termlist; |
67 | |
52 | |
68 | static char curlocale[128], savelocale[128]; |
53 | static char curlocale[128], savelocale[128]; |
69 | |
54 | |
70 | bool |
55 | bool |
… | |
… | |
184 | #ifdef USE_XIM |
169 | #ifdef USE_XIM |
185 | im_ev (this, &rxvt_term::im_cb), |
170 | im_ev (this, &rxvt_term::im_cb), |
186 | #endif |
171 | #endif |
187 | termwin_ev (this, &rxvt_term::x_cb), |
172 | termwin_ev (this, &rxvt_term::x_cb), |
188 | vt_ev (this, &rxvt_term::x_cb), |
173 | vt_ev (this, &rxvt_term::x_cb), |
|
|
174 | child_ev (this, &rxvt_term::child_cb), |
189 | check_ev (this, &rxvt_term::check_cb), |
175 | check_ev (this, &rxvt_term::check_cb), |
190 | flush_ev (this, &rxvt_term::flush_cb), |
176 | flush_ev (this, &rxvt_term::flush_cb), |
191 | destroy_ev (this, &rxvt_term::destroy_cb), |
177 | destroy_ev (this, &rxvt_term::destroy_cb), |
192 | pty_ev (this, &rxvt_term::pty_cb), |
178 | pty_ev (this, &rxvt_term::pty_cb), |
193 | incr_ev (this, &rxvt_term::incr_cb) |
179 | incr_ev (this, &rxvt_term::incr_cb) |
… | |
… | |
208 | // for use before an emergency exit |
194 | // for use before an emergency exit |
209 | void rxvt_term::emergency_cleanup () |
195 | void rxvt_term::emergency_cleanup () |
210 | { |
196 | { |
211 | if (cmd_pid) |
197 | if (cmd_pid) |
212 | kill (-cmd_pid, SIGHUP); |
198 | kill (-cmd_pid, SIGHUP); |
213 | |
|
|
214 | #ifdef UTMP_SUPPORT |
|
|
215 | privileged_utmp (RESTORE); |
|
|
216 | #endif |
|
|
217 | |
199 | |
218 | delete pty; pty = 0; |
200 | delete pty; pty = 0; |
219 | } |
201 | } |
220 | |
202 | |
221 | rxvt_term::~rxvt_term () |
203 | rxvt_term::~rxvt_term () |
… | |
… | |
304 | #ifdef KEYSYM_RESOURCE |
286 | #ifdef KEYSYM_RESOURCE |
305 | delete keyboard; |
287 | delete keyboard; |
306 | #endif |
288 | #endif |
307 | } |
289 | } |
308 | |
290 | |
|
|
291 | // child has exited, usually destroys |
309 | void |
292 | void |
310 | rxvt_term::child_exit () |
293 | rxvt_term::child_cb (child_watcher &w, int status) |
311 | { |
294 | { |
|
|
295 | HOOK_INVOKE ((this, HOOK_CHILD_EXIT, DT_INT, status, DT_END)); |
|
|
296 | |
312 | cmd_pid = 0; |
297 | cmd_pid = 0; |
313 | |
298 | |
314 | if (!OPTION (Opt_hold)) |
299 | if (!OPTION (Opt_hold)) |
315 | destroy (); |
300 | destroy (); |
316 | } |
301 | } |
… | |
… | |
491 | |
476 | |
492 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
477 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
493 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
478 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
494 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
479 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
495 | { |
480 | { |
496 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
497 | // ignore some perl-related arguments if some bozo installed us set[ug]id |
|
|
498 | if (rxvt_tainted ()) |
|
|
499 | { |
|
|
500 | if ((rs[Rs_perl_lib] && *rs[Rs_perl_lib]) |
|
|
501 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
|
|
502 | { |
|
|
503 | rxvt_warn ("running with elevated privileges: ignoring perl-lib and perl-eval.\n"); |
|
|
504 | rs[Rs_perl_lib] = 0; |
|
|
505 | rs[Rs_perl_eval] = 0; |
|
|
506 | } |
|
|
507 | } |
|
|
508 | #endif |
|
|
509 | rxvt_perl.init (this); |
481 | rxvt_perl.init (this); |
510 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
482 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
511 | } |
483 | } |
512 | #endif |
484 | #endif |
513 | |
485 | |
… | |
… | |
557 | return true; |
529 | return true; |
558 | } |
530 | } |
559 | |
531 | |
560 | static struct sig_handlers |
532 | static struct sig_handlers |
561 | { |
533 | { |
562 | sig_watcher sw_chld, sw_term, sw_int; |
534 | sig_watcher sw_term, sw_int; |
563 | |
535 | |
564 | void sig_chld (sig_watcher &w) |
|
|
565 | { |
|
|
566 | // we are being called for every SIGCHLD, find the corresponding term |
|
|
567 | int pid; |
|
|
568 | |
|
|
569 | while ((pid = waitpid (-1, NULL, WNOHANG)) > 0) |
|
|
570 | for (rxvt_term **t = rxvt_term::termlist.begin (); t < rxvt_term::termlist.end (); t++) |
|
|
571 | if (pid == (*t)->cmd_pid) |
|
|
572 | { |
|
|
573 | (*t)->child_exit (); |
|
|
574 | break; |
|
|
575 | } |
|
|
576 | } |
|
|
577 | |
|
|
578 | /* |
536 | /* |
579 | * Catch a fatal signal and tidy up before quitting |
537 | * Catch a fatal signal and tidy up before quitting |
580 | */ |
538 | */ |
581 | void |
539 | void |
582 | sig_term (sig_watcher &w) |
540 | sig_term (sig_watcher &w) |
… | |
… | |
588 | signal (w.signum, SIG_DFL); |
546 | signal (w.signum, SIG_DFL); |
589 | kill (getpid (), w.signum); |
547 | kill (getpid (), w.signum); |
590 | } |
548 | } |
591 | |
549 | |
592 | sig_handlers () |
550 | sig_handlers () |
593 | : sw_chld (this, &sig_handlers::sig_chld), |
|
|
594 | sw_term (this, &sig_handlers::sig_term), |
551 | : sw_term (this, &sig_handlers::sig_term), |
595 | sw_int (this, &sig_handlers::sig_term) |
552 | sw_int (this, &sig_handlers::sig_term) |
596 | { |
553 | { |
597 | } |
554 | } |
598 | } sig_handlers; |
555 | } sig_handlers; |
599 | |
556 | |
600 | char **rxvt_environ; // startup environment |
557 | char **rxvt_environ; // startup environment |
601 | |
558 | |
602 | void |
559 | void |
603 | rxvt_init () |
560 | rxvt_init () |
604 | { |
561 | { |
|
|
562 | uid_t uid = getuid (); |
|
|
563 | gid_t gid = getgid (); |
|
|
564 | |
|
|
565 | // before doing anything else, check for setuid/setgid operation, |
|
|
566 | // start the helper process and drop privileges |
|
|
567 | if (uid != geteuid () |
|
|
568 | || gid != getegid ()) |
|
|
569 | { |
|
|
570 | #if PTYTTY_HELPER |
|
|
571 | rxvt_ptytty_server (); |
|
|
572 | #else |
|
|
573 | rxvt_warn ("running setuid/setgid without pty helper compiled in, continuing unprivileged.\n"); |
|
|
574 | #endif |
|
|
575 | |
|
|
576 | // drop privileges |
|
|
577 | #if HAVE_SETRESUID |
|
|
578 | setresgid (gid, gid, gid); |
|
|
579 | setresuid (uid, uid, uid); |
|
|
580 | #elif HAVE_SETREUID |
|
|
581 | setregid (gid, gid); |
|
|
582 | setreuid (uid, uid); |
|
|
583 | #elif HAVE_SETUID |
|
|
584 | setgid (gid); |
|
|
585 | setuid (uid); |
|
|
586 | #endif |
|
|
587 | |
|
|
588 | if (uid != geteuid () |
|
|
589 | || gid != getegid ()) |
|
|
590 | rxvt_fatal ("unable to drop privileges, aborting.\n"); |
|
|
591 | } |
|
|
592 | |
605 | rxvt_environ = environ; |
593 | rxvt_environ = environ; |
606 | |
|
|
607 | /* |
|
|
608 | * Save and then give up any super-user privileges |
|
|
609 | * If we need privileges in any area then we must specifically request it. |
|
|
610 | * We should only need to be root in these cases: |
|
|
611 | * 1. write utmp entries on some systems |
|
|
612 | * 2. chown tty on some systems |
|
|
613 | */ |
|
|
614 | rxvt_privileges (SAVE); |
|
|
615 | rxvt_privileges (IGNORE); |
|
|
616 | |
594 | |
617 | signal (SIGHUP, SIG_IGN); |
595 | signal (SIGHUP, SIG_IGN); |
618 | signal (SIGPIPE, SIG_IGN); |
596 | signal (SIGPIPE, SIG_IGN); |
619 | |
597 | |
620 | sig_handlers.sw_chld.start (SIGCHLD); |
|
|
621 | sig_handlers.sw_term.start (SIGTERM); |
598 | sig_handlers.sw_term.start (SIGTERM); |
622 | sig_handlers.sw_int.start (SIGINT); |
599 | sig_handlers.sw_int.start (SIGINT); |
623 | |
600 | |
624 | /* need to trap SIGURG for SVR4 (Unixware) rlogin */ |
601 | /* need to trap SIGURG for SVR4 (Unixware) rlogin */ |
625 | /* signal (SIGURG, SIG_DFL); */ |
602 | /* signal (SIGURG, SIG_DFL); */ |
… | |
… | |
663 | |
640 | |
664 | if (!p) |
641 | if (!p) |
665 | rxvt_fatal ("memory allocation failure. aborting.\n"); |
642 | rxvt_fatal ("memory allocation failure. aborting.\n"); |
666 | |
643 | |
667 | return p; |
644 | return p; |
668 | } |
|
|
669 | |
|
|
670 | /* ------------------------------------------------------------------------- * |
|
|
671 | * PRIVILEGED OPERATIONS * |
|
|
672 | * ------------------------------------------------------------------------- */ |
|
|
673 | /* take care of suid/sgid super-user (root) privileges */ |
|
|
674 | void |
|
|
675 | rxvt_privileges (rxvt_privaction action) |
|
|
676 | { |
|
|
677 | #if ! defined(__CYGWIN32__) |
|
|
678 | # if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) |
|
|
679 | /* setreuid () is the poor man's setuid (), seteuid () */ |
|
|
680 | # define seteuid(a) setreuid(-1, (a)) |
|
|
681 | # define setegid(a) setregid(-1, (a)) |
|
|
682 | # define HAVE_SETEUID |
|
|
683 | # endif |
|
|
684 | # ifdef HAVE_SETEUID |
|
|
685 | switch (action) |
|
|
686 | { |
|
|
687 | case IGNORE: |
|
|
688 | /* |
|
|
689 | * change effective uid/gid - not real uid/gid - so we can switch |
|
|
690 | * back to root later, as required |
|
|
691 | */ |
|
|
692 | setegid (getgid ()); |
|
|
693 | seteuid (getuid ()); |
|
|
694 | break; |
|
|
695 | case SAVE: |
|
|
696 | saved_egid = getegid (); |
|
|
697 | saved_euid = geteuid (); |
|
|
698 | break; |
|
|
699 | case RESTORE: |
|
|
700 | setegid (saved_egid); |
|
|
701 | seteuid (saved_euid); |
|
|
702 | break; |
|
|
703 | } |
|
|
704 | # else |
|
|
705 | switch (action) |
|
|
706 | { |
|
|
707 | case IGNORE: |
|
|
708 | setgid (getgid ()); |
|
|
709 | setuid (getuid ()); |
|
|
710 | /* FALLTHROUGH */ |
|
|
711 | case SAVE: |
|
|
712 | /* FALLTHROUGH */ |
|
|
713 | case RESTORE: |
|
|
714 | break; |
|
|
715 | } |
|
|
716 | # endif |
|
|
717 | #endif |
|
|
718 | } |
645 | } |
719 | |
646 | |
720 | /*----------------------------------------------------------------------*/ |
647 | /*----------------------------------------------------------------------*/ |
721 | /* |
648 | /* |
722 | * window size/position calculcations for XSizeHint and other storage. |
649 | * window size/position calculcations for XSizeHint and other storage. |