| … | |
… | |
| 46 | |
46 | |
| 47 | #ifdef HAVE_TERMIOS_H |
47 | #ifdef HAVE_TERMIOS_H |
| 48 | # include <termios.h> |
48 | # include <termios.h> |
| 49 | #endif |
49 | #endif |
| 50 | |
50 | |
| 51 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
| 52 | static uid_t saved_euid; |
|
|
| 53 | static gid_t saved_egid; |
|
|
| 54 | #endif |
|
|
| 55 | |
|
|
| 56 | bool |
|
|
| 57 | rxvt_tainted () |
|
|
| 58 | { |
|
|
| 59 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
| 60 | return getuid () != saved_euid || getgid () != saved_egid; |
|
|
| 61 | #else |
|
|
| 62 | return false; |
|
|
| 63 | #endif |
|
|
| 64 | } |
|
|
| 65 | |
|
|
| 66 | vector<rxvt_term *> rxvt_term::termlist; |
51 | vector<rxvt_term *> rxvt_term::termlist; |
| 67 | |
52 | |
| 68 | static char curlocale[128], savelocale[128]; |
53 | static char curlocale[128], savelocale[128]; |
| 69 | |
54 | |
| 70 | bool |
55 | bool |
| … | |
… | |
| 184 | #ifdef USE_XIM |
169 | #ifdef USE_XIM |
| 185 | im_ev (this, &rxvt_term::im_cb), |
170 | im_ev (this, &rxvt_term::im_cb), |
| 186 | #endif |
171 | #endif |
| 187 | termwin_ev (this, &rxvt_term::x_cb), |
172 | termwin_ev (this, &rxvt_term::x_cb), |
| 188 | vt_ev (this, &rxvt_term::x_cb), |
173 | vt_ev (this, &rxvt_term::x_cb), |
|
|
174 | child_ev (this, &rxvt_term::child_cb), |
| 189 | check_ev (this, &rxvt_term::check_cb), |
175 | check_ev (this, &rxvt_term::check_cb), |
| 190 | flush_ev (this, &rxvt_term::flush_cb), |
176 | flush_ev (this, &rxvt_term::flush_cb), |
| 191 | destroy_ev (this, &rxvt_term::destroy_cb), |
177 | destroy_ev (this, &rxvt_term::destroy_cb), |
| 192 | pty_ev (this, &rxvt_term::pty_cb), |
178 | pty_ev (this, &rxvt_term::pty_cb), |
| 193 | incr_ev (this, &rxvt_term::incr_cb) |
179 | incr_ev (this, &rxvt_term::incr_cb) |
| … | |
… | |
| 300 | #ifdef KEYSYM_RESOURCE |
286 | #ifdef KEYSYM_RESOURCE |
| 301 | delete keyboard; |
287 | delete keyboard; |
| 302 | #endif |
288 | #endif |
| 303 | } |
289 | } |
| 304 | |
290 | |
|
|
291 | // child has exited, usually destroys |
| 305 | void |
292 | void |
| 306 | rxvt_term::child_exit () |
293 | rxvt_term::child_cb (child_watcher &w, int status) |
| 307 | { |
294 | { |
|
|
295 | HOOK_INVOKE ((this, HOOK_CHILD_EXIT, DT_INT, status, DT_END)); |
|
|
296 | |
| 308 | cmd_pid = 0; |
297 | cmd_pid = 0; |
| 309 | |
298 | |
| 310 | if (!OPTION (Opt_hold)) |
299 | if (!OPTION (Opt_hold)) |
| 311 | destroy (); |
300 | destroy (); |
| 312 | } |
301 | } |
| … | |
… | |
| 487 | |
476 | |
| 488 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
477 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
| 489 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
478 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
| 490 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
479 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
| 491 | { |
480 | { |
| 492 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
| 493 | // ignore some perl-related arguments if some bozo installed us set[ug]id |
|
|
| 494 | if (rxvt_tainted ()) |
|
|
| 495 | { |
|
|
| 496 | if ((rs[Rs_perl_lib] && *rs[Rs_perl_lib]) |
|
|
| 497 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
|
|
| 498 | { |
|
|
| 499 | rxvt_warn ("running with elevated privileges: ignoring perl-lib and perl-eval.\n"); |
|
|
| 500 | rs[Rs_perl_lib] = 0; |
|
|
| 501 | rs[Rs_perl_eval] = 0; |
|
|
| 502 | } |
|
|
| 503 | } |
|
|
| 504 | #endif |
|
|
| 505 | rxvt_perl.init (this); |
481 | rxvt_perl.init (this); |
| 506 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
482 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
| 507 | } |
483 | } |
| 508 | #endif |
484 | #endif |
| 509 | |
485 | |
| … | |
… | |
| 553 | return true; |
529 | return true; |
| 554 | } |
530 | } |
| 555 | |
531 | |
| 556 | static struct sig_handlers |
532 | static struct sig_handlers |
| 557 | { |
533 | { |
| 558 | sig_watcher sw_chld, sw_term, sw_int; |
534 | sig_watcher sw_term, sw_int; |
| 559 | |
535 | |
| 560 | void sig_chld (sig_watcher &w) |
|
|
| 561 | { |
|
|
| 562 | // we are being called for every SIGCHLD, find the corresponding term |
|
|
| 563 | int pid; |
|
|
| 564 | |
|
|
| 565 | while ((pid = waitpid (-1, NULL, WNOHANG)) > 0) |
|
|
| 566 | for (rxvt_term **t = rxvt_term::termlist.begin (); t < rxvt_term::termlist.end (); t++) |
|
|
| 567 | if (pid == (*t)->cmd_pid) |
|
|
| 568 | { |
|
|
| 569 | (*t)->child_exit (); |
|
|
| 570 | break; |
|
|
| 571 | } |
|
|
| 572 | } |
|
|
| 573 | |
|
|
| 574 | /* |
536 | /* |
| 575 | * Catch a fatal signal and tidy up before quitting |
537 | * Catch a fatal signal and tidy up before quitting |
| 576 | */ |
538 | */ |
| 577 | void |
539 | void |
| 578 | sig_term (sig_watcher &w) |
540 | sig_term (sig_watcher &w) |
| … | |
… | |
| 584 | signal (w.signum, SIG_DFL); |
546 | signal (w.signum, SIG_DFL); |
| 585 | kill (getpid (), w.signum); |
547 | kill (getpid (), w.signum); |
| 586 | } |
548 | } |
| 587 | |
549 | |
| 588 | sig_handlers () |
550 | sig_handlers () |
| 589 | : sw_chld (this, &sig_handlers::sig_chld), |
|
|
| 590 | sw_term (this, &sig_handlers::sig_term), |
551 | : sw_term (this, &sig_handlers::sig_term), |
| 591 | sw_int (this, &sig_handlers::sig_term) |
552 | sw_int (this, &sig_handlers::sig_term) |
| 592 | { |
553 | { |
| 593 | } |
554 | } |
| 594 | } sig_handlers; |
555 | } sig_handlers; |
| 595 | |
556 | |
| … | |
… | |
| 602 | gid_t gid = getgid (); |
563 | gid_t gid = getgid (); |
| 603 | |
564 | |
| 604 | // before doing anything else, check for setuid/setgid operation, |
565 | // before doing anything else, check for setuid/setgid operation, |
| 605 | // start the helper process and drop privileges |
566 | // start the helper process and drop privileges |
| 606 | if (uid != geteuid () |
567 | if (uid != geteuid () |
| 607 | || 1 //D |
|
|
| 608 | || gid != getegid ()) |
568 | || gid != getegid ()) |
| 609 | { |
569 | { |
| 610 | #if PTYTTY_HELPER |
570 | #if PTYTTY_HELPER |
| 611 | rxvt_ptytty_server (); |
571 | rxvt_ptytty_server (); |
| 612 | #else |
572 | #else |
| … | |
… | |
| 630 | rxvt_fatal ("unable to drop privileges, aborting.\n"); |
590 | rxvt_fatal ("unable to drop privileges, aborting.\n"); |
| 631 | } |
591 | } |
| 632 | |
592 | |
| 633 | rxvt_environ = environ; |
593 | rxvt_environ = environ; |
| 634 | |
594 | |
| 635 | /* |
|
|
| 636 | * Save and then give up any super-user privileges |
|
|
| 637 | * If we need privileges in any area then we must specifically request it. |
|
|
| 638 | * We should only need to be root in these cases: |
|
|
| 639 | * 1. write utmp entries on some systems |
|
|
| 640 | * 2. chown tty on some systems |
|
|
| 641 | */ |
|
|
| 642 | rxvt_privileges (SAVE); |
|
|
| 643 | rxvt_privileges (IGNORE); |
|
|
| 644 | |
|
|
| 645 | signal (SIGHUP, SIG_IGN); |
595 | signal (SIGHUP, SIG_IGN); |
| 646 | signal (SIGPIPE, SIG_IGN); |
596 | signal (SIGPIPE, SIG_IGN); |
| 647 | |
597 | |
| 648 | sig_handlers.sw_chld.start (SIGCHLD); |
|
|
| 649 | sig_handlers.sw_term.start (SIGTERM); |
598 | sig_handlers.sw_term.start (SIGTERM); |
| 650 | sig_handlers.sw_int.start (SIGINT); |
599 | sig_handlers.sw_int.start (SIGINT); |
| 651 | |
600 | |
| 652 | /* need to trap SIGURG for SVR4 (Unixware) rlogin */ |
601 | /* need to trap SIGURG for SVR4 (Unixware) rlogin */ |
| 653 | /* signal (SIGURG, SIG_DFL); */ |
602 | /* signal (SIGURG, SIG_DFL); */ |
| … | |
… | |
| 691 | |
640 | |
| 692 | if (!p) |
641 | if (!p) |
| 693 | rxvt_fatal ("memory allocation failure. aborting.\n"); |
642 | rxvt_fatal ("memory allocation failure. aborting.\n"); |
| 694 | |
643 | |
| 695 | return p; |
644 | return p; |
| 696 | } |
|
|
| 697 | |
|
|
| 698 | /* ------------------------------------------------------------------------- * |
|
|
| 699 | * PRIVILEGED OPERATIONS * |
|
|
| 700 | * ------------------------------------------------------------------------- */ |
|
|
| 701 | /* take care of suid/sgid super-user (root) privileges */ |
|
|
| 702 | void |
|
|
| 703 | rxvt_privileges (rxvt_privaction action) |
|
|
| 704 | { |
|
|
| 705 | #if ! defined(__CYGWIN32__) |
|
|
| 706 | # if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) |
|
|
| 707 | /* setreuid () is the poor man's setuid (), seteuid () */ |
|
|
| 708 | # define seteuid(a) setreuid(-1, (a)) |
|
|
| 709 | # define setegid(a) setregid(-1, (a)) |
|
|
| 710 | # define HAVE_SETEUID |
|
|
| 711 | # endif |
|
|
| 712 | # ifdef HAVE_SETEUID |
|
|
| 713 | switch (action) |
|
|
| 714 | { |
|
|
| 715 | case IGNORE: |
|
|
| 716 | /* |
|
|
| 717 | * change effective uid/gid - not real uid/gid - so we can switch |
|
|
| 718 | * back to root later, as required |
|
|
| 719 | */ |
|
|
| 720 | setegid (getgid ()); |
|
|
| 721 | seteuid (getuid ()); |
|
|
| 722 | break; |
|
|
| 723 | case SAVE: |
|
|
| 724 | saved_egid = getegid (); |
|
|
| 725 | saved_euid = geteuid (); |
|
|
| 726 | break; |
|
|
| 727 | case RESTORE: |
|
|
| 728 | setegid (saved_egid); |
|
|
| 729 | seteuid (saved_euid); |
|
|
| 730 | break; |
|
|
| 731 | } |
|
|
| 732 | # else |
|
|
| 733 | switch (action) |
|
|
| 734 | { |
|
|
| 735 | case IGNORE: |
|
|
| 736 | setgid (getgid ()); |
|
|
| 737 | setuid (getuid ()); |
|
|
| 738 | /* FALLTHROUGH */ |
|
|
| 739 | case SAVE: |
|
|
| 740 | /* FALLTHROUGH */ |
|
|
| 741 | case RESTORE: |
|
|
| 742 | break; |
|
|
| 743 | } |
|
|
| 744 | # endif |
|
|
| 745 | #endif |
|
|
| 746 | } |
645 | } |
| 747 | |
646 | |
| 748 | /*----------------------------------------------------------------------*/ |
647 | /*----------------------------------------------------------------------*/ |
| 749 | /* |
648 | /* |
| 750 | * window size/position calculcations for XSizeHint and other storage. |
649 | * window size/position calculcations for XSizeHint and other storage. |
