| … | |
… | |
| 46 | |
46 | |
| 47 | #ifdef HAVE_TERMIOS_H |
47 | #ifdef HAVE_TERMIOS_H |
| 48 | # include <termios.h> |
48 | # include <termios.h> |
| 49 | #endif |
49 | #endif |
| 50 | |
50 | |
| 51 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
| 52 | static uid_t saved_euid; |
|
|
| 53 | static gid_t saved_egid; |
|
|
| 54 | #endif |
|
|
| 55 | |
|
|
| 56 | bool |
|
|
| 57 | rxvt_tainted () |
|
|
| 58 | { |
|
|
| 59 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
| 60 | return getuid () != saved_euid || getgid () != saved_egid; |
|
|
| 61 | #else |
|
|
| 62 | return false; |
|
|
| 63 | #endif |
|
|
| 64 | } |
|
|
| 65 | |
|
|
| 66 | vector<rxvt_term *> rxvt_term::termlist; |
51 | vector<rxvt_term *> rxvt_term::termlist; |
| 67 | |
52 | |
| 68 | static char curlocale[128], savelocale[128]; |
53 | static char curlocale[128], savelocale[128]; |
| 69 | |
54 | |
| 70 | bool |
55 | bool |
| … | |
… | |
| 208 | // for use before an emergency exit |
193 | // for use before an emergency exit |
| 209 | void rxvt_term::emergency_cleanup () |
194 | void rxvt_term::emergency_cleanup () |
| 210 | { |
195 | { |
| 211 | if (cmd_pid) |
196 | if (cmd_pid) |
| 212 | kill (-cmd_pid, SIGHUP); |
197 | kill (-cmd_pid, SIGHUP); |
| 213 | |
|
|
| 214 | #ifdef UTMP_SUPPORT |
|
|
| 215 | privileged_utmp (RESTORE); |
|
|
| 216 | #endif |
|
|
| 217 | |
198 | |
| 218 | delete pty; pty = 0; |
199 | delete pty; pty = 0; |
| 219 | } |
200 | } |
| 220 | |
201 | |
| 221 | rxvt_term::~rxvt_term () |
202 | rxvt_term::~rxvt_term () |
| … | |
… | |
| 491 | |
472 | |
| 492 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
473 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
| 493 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
474 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
| 494 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
475 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
| 495 | { |
476 | { |
| 496 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
| 497 | // ignore some perl-related arguments if some bozo installed us set[ug]id |
|
|
| 498 | if (rxvt_tainted ()) |
|
|
| 499 | { |
|
|
| 500 | if ((rs[Rs_perl_lib] && *rs[Rs_perl_lib]) |
|
|
| 501 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
|
|
| 502 | { |
|
|
| 503 | rxvt_warn ("running with elevated privileges: ignoring perl-lib and perl-eval.\n"); |
|
|
| 504 | rs[Rs_perl_lib] = 0; |
|
|
| 505 | rs[Rs_perl_eval] = 0; |
|
|
| 506 | } |
|
|
| 507 | } |
|
|
| 508 | #endif |
|
|
| 509 | rxvt_perl.init (this); |
477 | rxvt_perl.init (this); |
| 510 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
478 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
| 511 | } |
479 | } |
| 512 | #endif |
480 | #endif |
| 513 | |
481 | |
| … | |
… | |
| 600 | char **rxvt_environ; // startup environment |
568 | char **rxvt_environ; // startup environment |
| 601 | |
569 | |
| 602 | void |
570 | void |
| 603 | rxvt_init () |
571 | rxvt_init () |
| 604 | { |
572 | { |
|
|
573 | uid_t uid = getuid (); |
|
|
574 | gid_t gid = getgid (); |
|
|
575 | |
|
|
576 | // before doing anything else, check for setuid/setgid operation, |
|
|
577 | // start the helper process and drop privileges |
|
|
578 | if (uid != geteuid () |
|
|
579 | || 1 //D |
|
|
580 | || gid != getegid ()) |
|
|
581 | { |
|
|
582 | #if PTYTTY_HELPER |
|
|
583 | rxvt_ptytty_server (); |
|
|
584 | #else |
|
|
585 | rxvt_warn ("running setuid/setgid without pty helper compiled in, continuing unprivileged.\n"); |
|
|
586 | #endif |
|
|
587 | |
|
|
588 | // drop privileges |
|
|
589 | #if HAVE_SETRESUID |
|
|
590 | setresgid (gid, gid, gid); |
|
|
591 | setresuid (uid, uid, uid); |
|
|
592 | #elif HAVE_SETREUID |
|
|
593 | setregid (gid, gid); |
|
|
594 | setreuid (uid, uid); |
|
|
595 | #elif HAVE_SETUID |
|
|
596 | setgid (gid); |
|
|
597 | setuid (uid); |
|
|
598 | #endif |
|
|
599 | |
|
|
600 | if (uid != geteuid () |
|
|
601 | || gid != getegid ()) |
|
|
602 | rxvt_fatal ("unable to drop privileges, aborting.\n"); |
|
|
603 | } |
|
|
604 | |
| 605 | rxvt_environ = environ; |
605 | rxvt_environ = environ; |
| 606 | |
|
|
| 607 | /* |
|
|
| 608 | * Save and then give up any super-user privileges |
|
|
| 609 | * If we need privileges in any area then we must specifically request it. |
|
|
| 610 | * We should only need to be root in these cases: |
|
|
| 611 | * 1. write utmp entries on some systems |
|
|
| 612 | * 2. chown tty on some systems |
|
|
| 613 | */ |
|
|
| 614 | rxvt_privileges (SAVE); |
|
|
| 615 | rxvt_privileges (IGNORE); |
|
|
| 616 | |
606 | |
| 617 | signal (SIGHUP, SIG_IGN); |
607 | signal (SIGHUP, SIG_IGN); |
| 618 | signal (SIGPIPE, SIG_IGN); |
608 | signal (SIGPIPE, SIG_IGN); |
| 619 | |
609 | |
| 620 | sig_handlers.sw_chld.start (SIGCHLD); |
610 | sig_handlers.sw_chld.start (SIGCHLD); |
| … | |
… | |
| 664 | if (!p) |
654 | if (!p) |
| 665 | rxvt_fatal ("memory allocation failure. aborting.\n"); |
655 | rxvt_fatal ("memory allocation failure. aborting.\n"); |
| 666 | |
656 | |
| 667 | return p; |
657 | return p; |
| 668 | } |
658 | } |
| 669 | |
|
|
| 670 | /* ------------------------------------------------------------------------- * |
|
|
| 671 | * PRIVILEGED OPERATIONS * |
|
|
| 672 | * ------------------------------------------------------------------------- */ |
|
|
| 673 | /* take care of suid/sgid super-user (root) privileges */ |
|
|
| 674 | void |
|
|
| 675 | rxvt_privileges (rxvt_privaction action) |
|
|
| 676 | { |
|
|
| 677 | #if ! defined(__CYGWIN32__) |
|
|
| 678 | # if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) |
|
|
| 679 | /* setreuid () is the poor man's setuid (), seteuid () */ |
|
|
| 680 | # define seteuid(a) setreuid(-1, (a)) |
|
|
| 681 | # define setegid(a) setregid(-1, (a)) |
|
|
| 682 | # define HAVE_SETEUID |
|
|
| 683 | # endif |
|
|
| 684 | # ifdef HAVE_SETEUID |
|
|
| 685 | switch (action) |
|
|
| 686 | { |
|
|
| 687 | case IGNORE: |
|
|
| 688 | /* |
|
|
| 689 | * change effective uid/gid - not real uid/gid - so we can switch |
|
|
| 690 | * back to root later, as required |
|
|
| 691 | */ |
|
|
| 692 | setegid (getgid ()); |
|
|
| 693 | seteuid (getuid ()); |
|
|
| 694 | break; |
|
|
| 695 | case SAVE: |
|
|
| 696 | saved_egid = getegid (); |
|
|
| 697 | saved_euid = geteuid (); |
|
|
| 698 | break; |
|
|
| 699 | case RESTORE: |
|
|
| 700 | setegid (saved_egid); |
|
|
| 701 | seteuid (saved_euid); |
|
|
| 702 | break; |
|
|
| 703 | } |
|
|
| 704 | # else |
|
|
| 705 | switch (action) |
|
|
| 706 | { |
|
|
| 707 | case IGNORE: |
|
|
| 708 | setgid (getgid ()); |
|
|
| 709 | setuid (getuid ()); |
|
|
| 710 | /* FALLTHROUGH */ |
|
|
| 711 | case SAVE: |
|
|
| 712 | /* FALLTHROUGH */ |
|
|
| 713 | case RESTORE: |
|
|
| 714 | break; |
|
|
| 715 | } |
|
|
| 716 | # endif |
|
|
| 717 | #endif |
|
|
| 718 | } |
|
|
| 719 | |
|
|
| 720 | #ifdef UTMP_SUPPORT |
|
|
| 721 | void |
|
|
| 722 | rxvt_term::privileged_utmp (rxvt_privaction action) |
|
|
| 723 | { |
|
|
| 724 | if (OPTION (Opt_utmpInhibit)) |
|
|
| 725 | return; |
|
|
| 726 | |
|
|
| 727 | rxvt_privileges (RESTORE); |
|
|
| 728 | |
|
|
| 729 | if (action == SAVE) |
|
|
| 730 | pty->login (cmd_pid, OPTION (Opt_loginShell), rs[Rs_display_name]); |
|
|
| 731 | else |
|
|
| 732 | pty->logout (); |
|
|
| 733 | |
|
|
| 734 | rxvt_privileges (IGNORE); |
|
|
| 735 | } |
|
|
| 736 | #endif |
|
|
| 737 | |
659 | |
| 738 | /*----------------------------------------------------------------------*/ |
660 | /*----------------------------------------------------------------------*/ |
| 739 | /* |
661 | /* |
| 740 | * window size/position calculcations for XSizeHint and other storage. |
662 | * window size/position calculcations for XSizeHint and other storage. |
| 741 | * if width/height are non-zero then override calculated width/height |
663 | * if width/height are non-zero then override calculated width/height |
