| … | |
… | |
| 46 | |
46 | |
| 47 | #ifdef HAVE_TERMIOS_H |
47 | #ifdef HAVE_TERMIOS_H |
| 48 | # include <termios.h> |
48 | # include <termios.h> |
| 49 | #endif |
49 | #endif |
| 50 | |
50 | |
| 51 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
| 52 | static uid_t saved_euid; |
|
|
| 53 | static gid_t saved_egid; |
|
|
| 54 | #endif |
|
|
| 55 | |
|
|
| 56 | bool |
|
|
| 57 | rxvt_tainted () |
|
|
| 58 | { |
|
|
| 59 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
| 60 | return getuid () != saved_euid || getgid () != saved_egid; |
|
|
| 61 | #else |
|
|
| 62 | return false; |
|
|
| 63 | #endif |
|
|
| 64 | } |
|
|
| 65 | |
|
|
| 66 | vector<rxvt_term *> rxvt_term::termlist; |
51 | vector<rxvt_term *> rxvt_term::termlist; |
| 67 | |
52 | |
| 68 | static char curlocale[128], savelocale[128]; |
53 | static char curlocale[128], savelocale[128]; |
| 69 | |
54 | |
| 70 | bool |
55 | bool |
| … | |
… | |
| 487 | |
472 | |
| 488 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
473 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
| 489 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
474 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
| 490 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
475 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
| 491 | { |
476 | { |
| 492 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
| 493 | // ignore some perl-related arguments if some bozo installed us set[ug]id |
|
|
| 494 | if (rxvt_tainted ()) |
|
|
| 495 | { |
|
|
| 496 | if ((rs[Rs_perl_lib] && *rs[Rs_perl_lib]) |
|
|
| 497 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
|
|
| 498 | { |
|
|
| 499 | rxvt_warn ("running with elevated privileges: ignoring perl-lib and perl-eval.\n"); |
|
|
| 500 | rs[Rs_perl_lib] = 0; |
|
|
| 501 | rs[Rs_perl_eval] = 0; |
|
|
| 502 | } |
|
|
| 503 | } |
|
|
| 504 | #endif |
|
|
| 505 | rxvt_perl.init (this); |
477 | rxvt_perl.init (this); |
| 506 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
478 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
| 507 | } |
479 | } |
| 508 | #endif |
480 | #endif |
| 509 | |
481 | |
| … | |
… | |
| 630 | rxvt_fatal ("unable to drop privileges, aborting.\n"); |
602 | rxvt_fatal ("unable to drop privileges, aborting.\n"); |
| 631 | } |
603 | } |
| 632 | |
604 | |
| 633 | rxvt_environ = environ; |
605 | rxvt_environ = environ; |
| 634 | |
606 | |
| 635 | /* |
|
|
| 636 | * Save and then give up any super-user privileges |
|
|
| 637 | * If we need privileges in any area then we must specifically request it. |
|
|
| 638 | * We should only need to be root in these cases: |
|
|
| 639 | * 1. write utmp entries on some systems |
|
|
| 640 | * 2. chown tty on some systems |
|
|
| 641 | */ |
|
|
| 642 | rxvt_privileges (SAVE); |
|
|
| 643 | rxvt_privileges (IGNORE); |
|
|
| 644 | |
|
|
| 645 | signal (SIGHUP, SIG_IGN); |
607 | signal (SIGHUP, SIG_IGN); |
| 646 | signal (SIGPIPE, SIG_IGN); |
608 | signal (SIGPIPE, SIG_IGN); |
| 647 | |
609 | |
| 648 | sig_handlers.sw_chld.start (SIGCHLD); |
610 | sig_handlers.sw_chld.start (SIGCHLD); |
| 649 | sig_handlers.sw_term.start (SIGTERM); |
611 | sig_handlers.sw_term.start (SIGTERM); |
| … | |
… | |
| 691 | |
653 | |
| 692 | if (!p) |
654 | if (!p) |
| 693 | rxvt_fatal ("memory allocation failure. aborting.\n"); |
655 | rxvt_fatal ("memory allocation failure. aborting.\n"); |
| 694 | |
656 | |
| 695 | return p; |
657 | return p; |
| 696 | } |
|
|
| 697 | |
|
|
| 698 | /* ------------------------------------------------------------------------- * |
|
|
| 699 | * PRIVILEGED OPERATIONS * |
|
|
| 700 | * ------------------------------------------------------------------------- */ |
|
|
| 701 | /* take care of suid/sgid super-user (root) privileges */ |
|
|
| 702 | void |
|
|
| 703 | rxvt_privileges (rxvt_privaction action) |
|
|
| 704 | { |
|
|
| 705 | #if ! defined(__CYGWIN32__) |
|
|
| 706 | # if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) |
|
|
| 707 | /* setreuid () is the poor man's setuid (), seteuid () */ |
|
|
| 708 | # define seteuid(a) setreuid(-1, (a)) |
|
|
| 709 | # define setegid(a) setregid(-1, (a)) |
|
|
| 710 | # define HAVE_SETEUID |
|
|
| 711 | # endif |
|
|
| 712 | # ifdef HAVE_SETEUID |
|
|
| 713 | switch (action) |
|
|
| 714 | { |
|
|
| 715 | case IGNORE: |
|
|
| 716 | /* |
|
|
| 717 | * change effective uid/gid - not real uid/gid - so we can switch |
|
|
| 718 | * back to root later, as required |
|
|
| 719 | */ |
|
|
| 720 | setegid (getgid ()); |
|
|
| 721 | seteuid (getuid ()); |
|
|
| 722 | break; |
|
|
| 723 | case SAVE: |
|
|
| 724 | saved_egid = getegid (); |
|
|
| 725 | saved_euid = geteuid (); |
|
|
| 726 | break; |
|
|
| 727 | case RESTORE: |
|
|
| 728 | setegid (saved_egid); |
|
|
| 729 | seteuid (saved_euid); |
|
|
| 730 | break; |
|
|
| 731 | } |
|
|
| 732 | # else |
|
|
| 733 | switch (action) |
|
|
| 734 | { |
|
|
| 735 | case IGNORE: |
|
|
| 736 | setgid (getgid ()); |
|
|
| 737 | setuid (getuid ()); |
|
|
| 738 | /* FALLTHROUGH */ |
|
|
| 739 | case SAVE: |
|
|
| 740 | /* FALLTHROUGH */ |
|
|
| 741 | case RESTORE: |
|
|
| 742 | break; |
|
|
| 743 | } |
|
|
| 744 | # endif |
|
|
| 745 | #endif |
|
|
| 746 | } |
658 | } |
| 747 | |
659 | |
| 748 | /*----------------------------------------------------------------------*/ |
660 | /*----------------------------------------------------------------------*/ |
| 749 | /* |
661 | /* |
| 750 | * window size/position calculcations for XSizeHint and other storage. |
662 | * window size/position calculcations for XSizeHint and other storage. |
