diff options
author | rmanfredi <rmanfredi@190e5f8e-a817-0410-acf6-e9863daed9af> | 2006-08-24 12:32:52 +0000 |
---|---|---|
committer | rmanfredi <rmanfredi@190e5f8e-a817-0410-acf6-e9863daed9af> | 2006-08-24 12:32:52 +0000 |
commit | 8bfc5756fb68e0b13d7e7c0073ad5b9a4790d1b6 (patch) | |
tree | dee05e98bc53766d609ef2a3a07a5672627d812c /mcon/U/d_dosuid.U |
Moving project to sourceforge.
git-svn-id: https://dist.svn.sourceforge.net/svnroot/dist/trunk/dist@1 190e5f8e-a817-0410-acf6-e9863daed9af
Diffstat (limited to 'mcon/U/d_dosuid.U')
-rw-r--r-- | mcon/U/d_dosuid.U | 169 |
1 files changed, 169 insertions, 0 deletions
diff --git a/mcon/U/d_dosuid.U b/mcon/U/d_dosuid.U new file mode 100644 index 0000000..a584e1a --- /dev/null +++ b/mcon/U/d_dosuid.U @@ -0,0 +1,169 @@ +?RCS: $Id$ +?RCS: +?RCS: Copyright (c) 1991-1997, 2004-2006, Raphael Manfredi +?RCS: +?RCS: You may redistribute only under the terms of the Artistic Licence, +?RCS: as specified in the README file that comes with the distribution. +?RCS: You may reuse parts of this distribution only within the terms of +?RCS: that same Artistic Licence; a copy of which may be found at the root +?RCS: of the source tree for dist 4.0. +?RCS: +?RCS: Tye McQueen <tye@metronet.com> added safe setuid script checks. +?RCS: +?RCS: $Log: d_dosuid.U,v $ +?RCS: Revision 3.0.1.2 1997/02/28 15:33:03 ram +?RCS: patch61: moved unit to TOP via a ?Y: layout directive +?RCS: patch61: tell them /dev/fd is not about floppy disks +?RCS: +?RCS: Revision 3.0.1.1 1994/10/29 16:12:08 ram +?RCS: patch36: added checks for secure setuid scripts (Tye McQueen) +?RCS: +?RCS: Revision 3.0 1993/08/18 12:05:55 ram +?RCS: Baseline for dist 3.0 netwide release. +?RCS: +?MAKE:d_dosuid d_suidsafe: cat contains ls rm test Myread Setvar \ + Oldconfig Guess package hint +?MAKE: -pick add $@ %< +?S:d_suidsafe: +?S: This variable conditionally defines SETUID_SCRIPTS_ARE_SECURE_NOW +?S: if setuid scripts can be secure. This test looks in /dev/fd/. +?S:. +?S:d_dosuid: +?S: This variable conditionally defines the symbol DOSUID, which +?S: tells the C program that it should insert setuid emulation code +?S: on hosts which have setuid #! scripts disabled. +?S:. +?C:SETUID_SCRIPTS_ARE_SECURE_NOW: +?C: This symbol, if defined, indicates that the bug that prevents +?C: setuid scripts from being secure is not present in this kernel. +?C:. +?C:DOSUID: +?C: This symbol, if defined, indicates that the C program should +?C: check the script that it is executing for setuid/setgid bits, and +?C: attempt to emulate setuid/setgid on systems that have disabled +?C: setuid #! scripts because the kernel can't do it securely. +?C: It is up to the package designer to make sure that this emulation +?C: is done securely. Among other things, it should do an fstat on +?C: the script it just opened to make sure it really is a setuid/setgid +?C: script, it should make sure the arguments passed correspond exactly +?C: to the argument on the #! line, and it should not trust any +?C: subprocesses to which it must pass the filename rather than the +?C: file descriptor of the script to be executed. +?C:. +?H:#$d_suidsafe SETUID_SCRIPTS_ARE_SECURE_NOW /**/ +?H:#$d_dosuid DOSUID /**/ +?H:. +?Y:TOP +?F:!reflect +?LINT: set d_suidsafe +?LINT: set d_dosuid +: see if setuid scripts can be secure +$cat <<EOM + +Some kernels have a bug that prevents setuid #! scripts from being +secure. Some sites have disabled setuid #! scripts because of this. + +First let's decide if your kernel supports secure setuid #! scripts. +(If setuid #! scripts would be secure but have been disabled anyway, +don't say that they are secure if asked.) + +EOM + +val="$undef" +if $test -d /dev/fd; then + echo "#!$ls" >reflect + chmod +x,u+s reflect + ./reflect >flect 2>&1 + if $contains "/dev/fd" flect >/dev/null; then + echo "Congratulations, your kernel has secure setuid scripts!" >&4 + val="$define" + else + $cat <<EOM +If you are not sure if they are secure, I can check but I'll need a +username and password different from the one you are using right now. +If you don't have such a username or don't want me to test, simply +enter 'none'. + +EOM + rp='Other username to test security of setuid scripts with?' + dflt='none' + . ./myread + case "$ans" in + n|none) + case "$d_suidsafe" in + '') echo "I'll assume setuid scripts are *not* secure." >&4 + dflt=n;; + "$undef") + echo "Well, the $hint value is *not* secure." >&4 + dflt=n;; + *) echo "Well, the $hint value *is* secure." >&4 + dflt=y;; + esac + ;; + *) + $rm -f reflect flect + echo "#!$ls" >reflect + chmod +x,u+s reflect + echo >flect + chmod a+w flect + echo '"su" will (probably) prompt you for '"$ans's password." + su $ans -c './reflect >flect' + if $contains "/dev/fd" flect >/dev/null; then + echo "Okay, it looks like setuid scripts are secure." >&4 + dflt=y + else + echo "I don't think setuid scripts are secure." >&4 + dflt=n + fi + ;; + esac + rp='Does your kernel have *secure* setuid scripts?' + . ./myread + case "$ans" in + [yY]*) val="$define";; + *) val="$undef";; + esac + fi +else + echo "I don't think setuid scripts are secure (no /dev/fd directory)." >&4 + echo "(That's for file descriptors, not floppy disks.)" + val="$undef" +fi +set d_suidsafe +eval $setvar + +$rm -f reflect flect + +: now see if they want to do setuid emulation +echo " " +val="$undef" +case "$d_suidsafe" in +"$define") + val="$undef" + echo "No need to emulate SUID scripts since they are secure here." >& 4 + ;; +*) + $cat <<EOM +Some systems have disabled setuid scripts, especially systems where +setuid scripts cannot be secure. On systems where setuid scripts have +been disabled, the setuid/setgid bits on scripts are currently +useless. It is possible for $package to detect those bits and emulate +setuid/setgid in a secure fashion. This emulation will only work if +setuid scripts have been disabled in your kernel. + +EOM + case "$d_dosuid" in + "$define") dflt=y ;; + *) dflt=n ;; + esac + rp="Do you want to do setuid/setgid emulation?" + . ./myread + case "$ans" in + [yY]*) val="$define";; + *) val="$undef";; + esac + ;; +esac +set d_dosuid +eval $setvar + |