… | |
… | |
46 | |
46 | |
47 | #ifdef HAVE_TERMIOS_H |
47 | #ifdef HAVE_TERMIOS_H |
48 | # include <termios.h> |
48 | # include <termios.h> |
49 | #endif |
49 | #endif |
50 | |
50 | |
|
|
51 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
52 | static uid_t saved_euid; |
|
|
53 | static gid_t saved_egid; |
|
|
54 | #endif |
|
|
55 | |
51 | vector<rxvt_term *> rxvt_term::termlist; |
56 | vector<rxvt_term *> rxvt_term::termlist; |
52 | |
57 | |
53 | static char curlocale[128], savelocale[128]; |
58 | static char curlocale[128], savelocale[128]; |
54 | |
59 | |
55 | bool |
60 | bool |
… | |
… | |
497 | |
502 | |
498 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
503 | if ((rs[Rs_perl_ext_1] && *rs[Rs_perl_ext_1]) |
499 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
504 | || (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2]) |
500 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
505 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
501 | { |
506 | { |
|
|
507 | bool tainted = false; |
|
|
508 | |
|
|
509 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
510 | // ignore some perl-related arguments if some bozo installed us set[ug]id |
|
|
511 | if (getuid () != saved_euid || getgid () != saved_egid) |
|
|
512 | { |
|
|
513 | tainted = true; |
|
|
514 | |
|
|
515 | if ((rs[Rs_perl_lib] && *rs[Rs_perl_lib]) |
|
|
516 | || (rs[Rs_perl_eval] && *rs[Rs_perl_eval])) |
|
|
517 | { |
|
|
518 | rxvt_warn ("running with elevated privileges: ignoring perl-lib and perl-eval.\n"); |
|
|
519 | rs[Rs_perl_lib] = 0; |
|
|
520 | rs[Rs_perl_eval] = "our $tainted = 1"; |
|
|
521 | } |
|
|
522 | } |
|
|
523 | #endif |
502 | rxvt_perl.init (); |
524 | rxvt_perl.init (tainted); |
503 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
525 | HOOK_INVOKE ((this, HOOK_INIT, DT_END)); |
504 | } |
526 | } |
505 | #endif |
527 | #endif |
506 | |
528 | |
507 | create_windows (argc, argv); |
529 | create_windows (argc, argv); |
… | |
… | |
665 | * ------------------------------------------------------------------------- */ |
687 | * ------------------------------------------------------------------------- */ |
666 | /* take care of suid/sgid super-user (root) privileges */ |
688 | /* take care of suid/sgid super-user (root) privileges */ |
667 | void |
689 | void |
668 | rxvt_privileges (rxvt_privaction action) |
690 | rxvt_privileges (rxvt_privaction action) |
669 | { |
691 | { |
670 | #if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__) |
|
|
671 | static uid_t euid; |
|
|
672 | static gid_t egid; |
|
|
673 | #endif |
|
|
674 | |
|
|
675 | #if ! defined(__CYGWIN32__) |
692 | #if ! defined(__CYGWIN32__) |
676 | # if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) |
693 | # if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) |
677 | /* setreuid () is the poor man's setuid (), seteuid () */ |
694 | /* setreuid () is the poor man's setuid (), seteuid () */ |
678 | # define seteuid(a) setreuid(-1, (a)) |
695 | # define seteuid(a) setreuid(-1, (a)) |
679 | # define setegid(a) setregid(-1, (a)) |
696 | # define setegid(a) setregid(-1, (a)) |
… | |
… | |
689 | */ |
706 | */ |
690 | seteuid (getuid ()); |
707 | seteuid (getuid ()); |
691 | setegid (getgid ()); |
708 | setegid (getgid ()); |
692 | break; |
709 | break; |
693 | case SAVE: |
710 | case SAVE: |
694 | euid = geteuid (); |
711 | saved_euid = geteuid (); |
695 | egid = getegid (); |
712 | saved_egid = getegid (); |
696 | break; |
713 | break; |
697 | case RESTORE: |
714 | case RESTORE: |
698 | seteuid (euid); |
715 | seteuid (saved_euid); |
699 | setegid (egid); |
716 | setegid (saved_egid); |
700 | break; |
717 | break; |
701 | } |
718 | } |
702 | # else |
719 | # else |
703 | switch (action) |
720 | switch (action) |
704 | { |
721 | { |