… | |
… | |
46 | |
46 | |
47 | #ifdef HAVE_TERMIOS_H |
47 | #ifdef HAVE_TERMIOS_H |
48 | # include <termios.h> |
48 | # include <termios.h> |
49 | #endif |
49 | #endif |
50 | |
50 | |
51 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
52 | static uid_t saved_euid; |
|
|
53 | static gid_t saved_egid; |
|
|
54 | #endif |
|
|
55 | |
|
|
56 | bool |
|
|
57 | rxvt_tainted () |
|
|
58 | { |
|
|
59 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
60 | return getuid () != saved_euid || getgid () != saved_egid; |
|
|
61 | #else |
|
|
62 | return false; |
|
|
63 | #endif |
|
|
64 | } |
|
|
65 | |
|
|
66 | vector<rxvt_term *> rxvt_term::termlist; |
51 | vector<rxvt_term *> rxvt_term::termlist; |
67 | |
52 | |
68 | static char curlocale[128], savelocale[128]; |
53 | static char curlocale[128], savelocale[128]; |
69 | |
54 | |
70 | bool |
55 | bool |
… | |
… | |
184 | #ifdef USE_XIM |
169 | #ifdef USE_XIM |
185 | im_ev (this, &rxvt_term::im_cb), |
170 | im_ev (this, &rxvt_term::im_cb), |
186 | #endif |
171 | #endif |
187 | termwin_ev (this, &rxvt_term::x_cb), |
172 | termwin_ev (this, &rxvt_term::x_cb), |
188 | vt_ev (this, &rxvt_term::x_cb), |
173 | vt_ev (this, &rxvt_term::x_cb), |
|
|
174 | child_ev (this, &rxvt_term::child_cb), |
189 | check_ev (this, &rxvt_term::check_cb), |
175 | check_ev (this, &rxvt_term::check_cb), |
190 | flush_ev (this, &rxvt_term::flush_cb), |
176 | flush_ev (this, &rxvt_term::flush_cb), |
191 | destroy_ev (this, &rxvt_term::destroy_cb), |
177 | destroy_ev (this, &rxvt_term::destroy_cb), |
192 | pty_ev (this, &rxvt_term::pty_cb), |
178 | pty_ev (this, &rxvt_term::pty_cb), |
193 | incr_ev (this, &rxvt_term::incr_cb) |
179 | incr_ev (this, &rxvt_term::incr_cb) |
… | |
… | |
300 | #ifdef KEYSYM_RESOURCE |
286 | #ifdef KEYSYM_RESOURCE |
301 | delete keyboard; |
287 | delete keyboard; |
302 | #endif |
288 | #endif |
303 | } |
289 | } |
304 | |
290 | |
|
|
291 | // child has exited, usually destroys |
305 | void |
292 | void |
306 | rxvt_term::child_exit () |
293 | rxvt_term::child_cb (child_watcher &w, int status) |
307 | { |
294 | { |
|
|
295 | HOOK_INVOKE ((this, HOOK_CHILD_EXIT, DT_INT, status, DT_END)); |
|
|
296 | |
308 | cmd_pid = 0; |
297 | cmd_pid = 0; |
309 | |
298 | |
310 | if (!OPTION (Opt_hold)) |
299 | if (!OPTION (Opt_hold)) |
311 | destroy (); |
300 | destroy (); |
312 | } |
301 | } |
… | |
… | |
487 | |
476 | |
488 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
477 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
489 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
478 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
490 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
479 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
491 | { |
480 | { |
492 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
493 | // ignore some perl-related arguments if some bozo installed us set[ug]id |
|
|
494 | if (rxvt_tainted ()) |
|
|
495 | { |
|
|
496 | if ((rs[Rs_perl_lib] && *rs[Rs_perl_lib]) |
|
|
497 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
|
|
498 | { |
|
|
499 | rxvt_warn ("running with elevated privileges: ignoring perl-lib and perl-eval.\n"); |
|
|
500 | rs[Rs_perl_lib] = 0; |
|
|
501 | rs[Rs_perl_eval] = 0; |
|
|
502 | } |
|
|
503 | } |
|
|
504 | #endif |
|
|
505 | rxvt_perl.init (this); |
481 | rxvt_perl.init (this); |
506 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
482 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
507 | } |
483 | } |
508 | #endif |
484 | #endif |
509 | |
485 | |
… | |
… | |
553 | return true; |
529 | return true; |
554 | } |
530 | } |
555 | |
531 | |
556 | static struct sig_handlers |
532 | static struct sig_handlers |
557 | { |
533 | { |
558 | sig_watcher sw_chld, sw_term, sw_int; |
534 | sig_watcher sw_term, sw_int; |
559 | |
535 | |
560 | void sig_chld (sig_watcher &w) |
|
|
561 | { |
|
|
562 | // we are being called for every SIGCHLD, find the corresponding term |
|
|
563 | int pid; |
|
|
564 | |
|
|
565 | while ((pid = waitpid (-1, NULL, WNOHANG)) > 0) |
|
|
566 | for (rxvt_term **t = rxvt_term::termlist.begin (); t < rxvt_term::termlist.end (); t++) |
|
|
567 | if (pid == (*t)->cmd_pid) |
|
|
568 | { |
|
|
569 | (*t)->child_exit (); |
|
|
570 | break; |
|
|
571 | } |
|
|
572 | } |
|
|
573 | |
|
|
574 | /* |
536 | /* |
575 | * Catch a fatal signal and tidy up before quitting |
537 | * Catch a fatal signal and tidy up before quitting |
576 | */ |
538 | */ |
577 | void |
539 | void |
578 | sig_term (sig_watcher &w) |
540 | sig_term (sig_watcher &w) |
… | |
… | |
584 | signal (w.signum, SIG_DFL); |
546 | signal (w.signum, SIG_DFL); |
585 | kill (getpid (), w.signum); |
547 | kill (getpid (), w.signum); |
586 | } |
548 | } |
587 | |
549 | |
588 | sig_handlers () |
550 | sig_handlers () |
589 | : sw_chld (this, &sig_handlers::sig_chld), |
|
|
590 | sw_term (this, &sig_handlers::sig_term), |
551 | : sw_term (this, &sig_handlers::sig_term), |
591 | sw_int (this, &sig_handlers::sig_term) |
552 | sw_int (this, &sig_handlers::sig_term) |
592 | { |
553 | { |
593 | } |
554 | } |
594 | } sig_handlers; |
555 | } sig_handlers; |
595 | |
556 | |
… | |
… | |
602 | gid_t gid = getgid (); |
563 | gid_t gid = getgid (); |
603 | |
564 | |
604 | // before doing anything else, check for setuid/setgid operation, |
565 | // before doing anything else, check for setuid/setgid operation, |
605 | // start the helper process and drop privileges |
566 | // start the helper process and drop privileges |
606 | if (uid != geteuid () |
567 | if (uid != geteuid () |
607 | || 1 //D |
|
|
608 | || gid != getegid ()) |
568 | || gid != getegid ()) |
609 | { |
569 | { |
610 | #if PTYTTY_HELPER |
570 | #if PTYTTY_HELPER |
611 | rxvt_ptytty_server (); |
571 | rxvt_ptytty_server (); |
612 | #else |
572 | #else |
… | |
… | |
630 | rxvt_fatal ("unable to drop privileges, aborting.\n"); |
590 | rxvt_fatal ("unable to drop privileges, aborting.\n"); |
631 | } |
591 | } |
632 | |
592 | |
633 | rxvt_environ = environ; |
593 | rxvt_environ = environ; |
634 | |
594 | |
635 | /* |
|
|
636 | * Save and then give up any super-user privileges |
|
|
637 | * If we need privileges in any area then we must specifically request it. |
|
|
638 | * We should only need to be root in these cases: |
|
|
639 | * 1. write utmp entries on some systems |
|
|
640 | * 2. chown tty on some systems |
|
|
641 | */ |
|
|
642 | rxvt_privileges (SAVE); |
|
|
643 | rxvt_privileges (IGNORE); |
|
|
644 | |
|
|
645 | signal (SIGHUP, SIG_IGN); |
595 | signal (SIGHUP, SIG_IGN); |
646 | signal (SIGPIPE, SIG_IGN); |
596 | signal (SIGPIPE, SIG_IGN); |
647 | |
597 | |
648 | sig_handlers.sw_chld.start (SIGCHLD); |
|
|
649 | sig_handlers.sw_term.start (SIGTERM); |
598 | sig_handlers.sw_term.start (SIGTERM); |
650 | sig_handlers.sw_int.start (SIGINT); |
599 | sig_handlers.sw_int.start (SIGINT); |
651 | |
600 | |
652 | /* need to trap SIGURG for SVR4 (Unixware) rlogin */ |
601 | /* need to trap SIGURG for SVR4 (Unixware) rlogin */ |
653 | /* signal (SIGURG, SIG_DFL); */ |
602 | /* signal (SIGURG, SIG_DFL); */ |
… | |
… | |
691 | |
640 | |
692 | if (!p) |
641 | if (!p) |
693 | rxvt_fatal ("memory allocation failure. aborting.\n"); |
642 | rxvt_fatal ("memory allocation failure. aborting.\n"); |
694 | |
643 | |
695 | return p; |
644 | return p; |
696 | } |
|
|
697 | |
|
|
698 | /* ------------------------------------------------------------------------- * |
|
|
699 | * PRIVILEGED OPERATIONS * |
|
|
700 | * ------------------------------------------------------------------------- */ |
|
|
701 | /* take care of suid/sgid super-user (root) privileges */ |
|
|
702 | void |
|
|
703 | rxvt_privileges (rxvt_privaction action) |
|
|
704 | { |
|
|
705 | #if ! defined(__CYGWIN32__) |
|
|
706 | # if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) |
|
|
707 | /* setreuid () is the poor man's setuid (), seteuid () */ |
|
|
708 | # define seteuid(a) setreuid(-1, (a)) |
|
|
709 | # define setegid(a) setregid(-1, (a)) |
|
|
710 | # define HAVE_SETEUID |
|
|
711 | # endif |
|
|
712 | # ifdef HAVE_SETEUID |
|
|
713 | switch (action) |
|
|
714 | { |
|
|
715 | case IGNORE: |
|
|
716 | /* |
|
|
717 | * change effective uid/gid - not real uid/gid - so we can switch |
|
|
718 | * back to root later, as required |
|
|
719 | */ |
|
|
720 | setegid (getgid ()); |
|
|
721 | seteuid (getuid ()); |
|
|
722 | break; |
|
|
723 | case SAVE: |
|
|
724 | saved_egid = getegid (); |
|
|
725 | saved_euid = geteuid (); |
|
|
726 | break; |
|
|
727 | case RESTORE: |
|
|
728 | setegid (saved_egid); |
|
|
729 | seteuid (saved_euid); |
|
|
730 | break; |
|
|
731 | } |
|
|
732 | # else |
|
|
733 | switch (action) |
|
|
734 | { |
|
|
735 | case IGNORE: |
|
|
736 | setgid (getgid ()); |
|
|
737 | setuid (getuid ()); |
|
|
738 | /* FALLTHROUGH */ |
|
|
739 | case SAVE: |
|
|
740 | /* FALLTHROUGH */ |
|
|
741 | case RESTORE: |
|
|
742 | break; |
|
|
743 | } |
|
|
744 | # endif |
|
|
745 | #endif |
|
|
746 | } |
645 | } |
747 | |
646 | |
748 | /*----------------------------------------------------------------------*/ |
647 | /*----------------------------------------------------------------------*/ |
749 | /* |
648 | /* |
750 | * window size/position calculcations for XSizeHint and other storage. |
649 | * window size/position calculcations for XSizeHint and other storage. |