… | |
… | |
25 | |
25 | |
26 | #include "../config.h" |
26 | #include "../config.h" |
27 | |
27 | |
28 | #include "ptytty.h" |
28 | #include "ptytty.h" |
29 | |
29 | |
30 | // helper/proxy support |
|
|
31 | |
|
|
32 | #if PTYTTY_HELPER |
|
|
33 | |
|
|
34 | #include <csignal> |
30 | #include <csignal> |
35 | |
31 | |
36 | #include <sys/types.h> |
32 | #include <sys/types.h> |
37 | #include <sys/socket.h> |
33 | #include <sys/socket.h> |
38 | #include <unistd.h> |
34 | #include <unistd.h> |
39 | #include <fcntl.h> |
35 | #include <fcntl.h> |
|
|
36 | #include <errno.h> |
|
|
37 | |
|
|
38 | // helper/proxy support |
|
|
39 | |
|
|
40 | #if PTYTTY_HELPER |
40 | |
41 | |
41 | static int sock_fd = -1, lock_fd = -1; |
42 | static int sock_fd = -1, lock_fd = -1; |
42 | static int helper_pid, owner_pid; |
43 | static int helper_pid, owner_pid; |
43 | |
44 | |
44 | struct command |
45 | struct command |
… | |
… | |
123 | |
124 | |
124 | ptytty_proxy::~ptytty_proxy () |
125 | ptytty_proxy::~ptytty_proxy () |
125 | { |
126 | { |
126 | if (id) |
127 | if (id) |
127 | { |
128 | { |
|
|
129 | close_tty (); |
|
|
130 | |
|
|
131 | if (pty >= 0) |
|
|
132 | close (pty); |
|
|
133 | |
128 | NEED_TOKEN; |
134 | NEED_TOKEN; |
129 | |
135 | |
130 | command cmd; |
136 | command cmd; |
131 | |
137 | |
132 | cmd.type = command::destroy; |
138 | cmd.type = command::destroy; |
… | |
… | |
290 | #endif |
296 | #endif |
291 | return new ptytty_unix; |
297 | return new ptytty_unix; |
292 | } |
298 | } |
293 | |
299 | |
294 | void |
300 | void |
|
|
301 | ptytty::sanitise_stdfd () |
|
|
302 | { |
|
|
303 | // sanitise stdin/stdout/stderr to point to *something*. |
|
|
304 | for (int fd = 0; fd <= 2; ++fd) |
|
|
305 | if (fcntl (fd, F_GETFL) < 0 && errno == EBADF) |
|
|
306 | { |
|
|
307 | int fd2 = open ("/dev/tty", fd ? O_WRONLY : O_RDONLY); |
|
|
308 | |
|
|
309 | if (fd2 < 0) |
|
|
310 | fd2 = open ("/dev/null", fd ? O_WRONLY : O_RDONLY); |
|
|
311 | |
|
|
312 | if (fd2 != fd) |
|
|
313 | abort (); |
|
|
314 | } |
|
|
315 | } |
|
|
316 | |
|
|
317 | void |
295 | ptytty::init () |
318 | ptytty::init () |
296 | { |
319 | { |
|
|
320 | sanitise_stdfd (); |
|
|
321 | |
297 | uid_t uid = getuid (); |
322 | uid_t uid = getuid (); |
298 | gid_t gid = getgid (); |
323 | gid_t gid = getgid (); |
299 | |
324 | |
300 | // before doing anything else, check for setuid/setgid operation, |
325 | // before doing anything else, check for setuid/setgid operation, |
301 | // start the helper process and drop privileges |
326 | // start the helper process and drop privileges |
302 | if (uid != geteuid () |
327 | if (uid != geteuid () |
303 | || gid != getegid ()) |
328 | || gid != getegid ()) |
304 | { |
329 | { |
… | |
… | |
326 | setregid (gid, gid); |
351 | setregid (gid, gid); |
327 | setreuid (uid, uid); |
352 | setreuid (uid, uid); |
328 | #elif HAVE_SETUID |
353 | #elif HAVE_SETUID |
329 | setgid (gid); |
354 | setgid (gid); |
330 | setuid (uid); |
355 | setuid (uid); |
|
|
356 | #else |
|
|
357 | # error no way to drop privileges, configure failed? |
331 | #endif |
358 | #endif |
332 | |
359 | |
333 | if (uid != geteuid () |
360 | if (uid != geteuid () |
334 | || gid != getegid ()) |
361 | || gid != getegid ()) |
335 | ptytty_fatal ("unable to drop privileges, aborting.\n"); |
362 | ptytty_fatal ("unable to drop privileges, aborting.\n"); |