… | |
… | |
46 | |
46 | |
47 | #ifdef HAVE_TERMIOS_H |
47 | #ifdef HAVE_TERMIOS_H |
48 | # include <termios.h> |
48 | # include <termios.h> |
49 | #endif |
49 | #endif |
50 | |
50 | |
51 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
52 | static uid_t saved_euid; |
|
|
53 | static gid_t saved_egid; |
|
|
54 | #endif |
|
|
55 | |
|
|
56 | bool |
|
|
57 | rxvt_tainted () |
|
|
58 | { |
|
|
59 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
60 | return getuid () != saved_euid || getgid () != saved_egid; |
|
|
61 | #else |
|
|
62 | return false; |
|
|
63 | #endif |
|
|
64 | } |
|
|
65 | |
|
|
66 | vector<rxvt_term *> rxvt_term::termlist; |
51 | vector<rxvt_term *> rxvt_term::termlist; |
67 | |
52 | |
68 | static char curlocale[128], savelocale[128]; |
53 | static char curlocale[128], savelocale[128]; |
69 | |
54 | |
70 | bool |
55 | bool |
… | |
… | |
487 | |
472 | |
488 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
473 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
489 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
474 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
490 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
475 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
491 | { |
476 | { |
492 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
493 | // ignore some perl-related arguments if some bozo installed us set[ug]id |
|
|
494 | if (rxvt_tainted ()) |
|
|
495 | { |
|
|
496 | if ((rs[Rs_perl_lib] && *rs[Rs_perl_lib]) |
|
|
497 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
|
|
498 | { |
|
|
499 | rxvt_warn ("running with elevated privileges: ignoring perl-lib and perl-eval.\n"); |
|
|
500 | rs[Rs_perl_lib] = 0; |
|
|
501 | rs[Rs_perl_eval] = 0; |
|
|
502 | } |
|
|
503 | } |
|
|
504 | #endif |
|
|
505 | rxvt_perl.init (this); |
477 | rxvt_perl.init (this); |
506 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
478 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
507 | } |
479 | } |
508 | #endif |
480 | #endif |
509 | |
481 | |
… | |
… | |
602 | gid_t gid = getgid (); |
574 | gid_t gid = getgid (); |
603 | |
575 | |
604 | // before doing anything else, check for setuid/setgid operation, |
576 | // before doing anything else, check for setuid/setgid operation, |
605 | // start the helper process and drop privileges |
577 | // start the helper process and drop privileges |
606 | if (uid != geteuid () |
578 | if (uid != geteuid () |
607 | || 1 //D |
|
|
608 | || gid != getegid ()) |
579 | || gid != getegid ()) |
609 | { |
580 | { |
610 | #if PTYTTY_HELPER |
581 | #if PTYTTY_HELPER |
611 | rxvt_ptytty_server (); |
582 | rxvt_ptytty_server (); |
612 | #else |
583 | #else |
… | |
… | |
630 | rxvt_fatal ("unable to drop privileges, aborting.\n"); |
601 | rxvt_fatal ("unable to drop privileges, aborting.\n"); |
631 | } |
602 | } |
632 | |
603 | |
633 | rxvt_environ = environ; |
604 | rxvt_environ = environ; |
634 | |
605 | |
635 | /* |
|
|
636 | * Save and then give up any super-user privileges |
|
|
637 | * If we need privileges in any area then we must specifically request it. |
|
|
638 | * We should only need to be root in these cases: |
|
|
639 | * 1. write utmp entries on some systems |
|
|
640 | * 2. chown tty on some systems |
|
|
641 | */ |
|
|
642 | rxvt_privileges (SAVE); |
|
|
643 | rxvt_privileges (IGNORE); |
|
|
644 | |
|
|
645 | signal (SIGHUP, SIG_IGN); |
606 | signal (SIGHUP, SIG_IGN); |
646 | signal (SIGPIPE, SIG_IGN); |
607 | signal (SIGPIPE, SIG_IGN); |
647 | |
608 | |
648 | sig_handlers.sw_chld.start (SIGCHLD); |
609 | sig_handlers.sw_chld.start (SIGCHLD); |
649 | sig_handlers.sw_term.start (SIGTERM); |
610 | sig_handlers.sw_term.start (SIGTERM); |
… | |
… | |
691 | |
652 | |
692 | if (!p) |
653 | if (!p) |
693 | rxvt_fatal ("memory allocation failure. aborting.\n"); |
654 | rxvt_fatal ("memory allocation failure. aborting.\n"); |
694 | |
655 | |
695 | return p; |
656 | return p; |
696 | } |
|
|
697 | |
|
|
698 | /* ------------------------------------------------------------------------- * |
|
|
699 | * PRIVILEGED OPERATIONS * |
|
|
700 | * ------------------------------------------------------------------------- */ |
|
|
701 | /* take care of suid/sgid super-user (root) privileges */ |
|
|
702 | void |
|
|
703 | rxvt_privileges (rxvt_privaction action) |
|
|
704 | { |
|
|
705 | #if ! defined(__CYGWIN32__) |
|
|
706 | # if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) |
|
|
707 | /* setreuid () is the poor man's setuid (), seteuid () */ |
|
|
708 | # define seteuid(a) setreuid(-1, (a)) |
|
|
709 | # define setegid(a) setregid(-1, (a)) |
|
|
710 | # define HAVE_SETEUID |
|
|
711 | # endif |
|
|
712 | # ifdef HAVE_SETEUID |
|
|
713 | switch (action) |
|
|
714 | { |
|
|
715 | case IGNORE: |
|
|
716 | /* |
|
|
717 | * change effective uid/gid - not real uid/gid - so we can switch |
|
|
718 | * back to root later, as required |
|
|
719 | */ |
|
|
720 | setegid (getgid ()); |
|
|
721 | seteuid (getuid ()); |
|
|
722 | break; |
|
|
723 | case SAVE: |
|
|
724 | saved_egid = getegid (); |
|
|
725 | saved_euid = geteuid (); |
|
|
726 | break; |
|
|
727 | case RESTORE: |
|
|
728 | setegid (saved_egid); |
|
|
729 | seteuid (saved_euid); |
|
|
730 | break; |
|
|
731 | } |
|
|
732 | # else |
|
|
733 | switch (action) |
|
|
734 | { |
|
|
735 | case IGNORE: |
|
|
736 | setgid (getgid ()); |
|
|
737 | setuid (getuid ()); |
|
|
738 | /* FALLTHROUGH */ |
|
|
739 | case SAVE: |
|
|
740 | /* FALLTHROUGH */ |
|
|
741 | case RESTORE: |
|
|
742 | break; |
|
|
743 | } |
|
|
744 | # endif |
|
|
745 | #endif |
|
|
746 | } |
657 | } |
747 | |
658 | |
748 | /*----------------------------------------------------------------------*/ |
659 | /*----------------------------------------------------------------------*/ |
749 | /* |
660 | /* |
750 | * window size/position calculcations for XSizeHint and other storage. |
661 | * window size/position calculcations for XSizeHint and other storage. |