?RCS: $Id: d_dosuid.U 167 2013-05-08 17:58:00Z rmanfredi $
?RCS:
?RCS: Copyright (c) 1991-1997, 2004-2006, Raphael Manfredi
?RCS: 
?RCS: You may redistribute only under the terms of the Artistic License,
?RCS: as specified in the README file that comes with the distribution.
?RCS: You may reuse parts of this distribution only within the terms of
?RCS: that same Artistic License; a copy of which may be found at the root
?RCS: of the source tree for dist 4.0.
?RCS: 
?RCS: Tye McQueen <tye@metronet.com> added safe setuid script checks.
?RCS:
?RCS: $Log: d_dosuid.U,v $
?RCS: Revision 3.0.1.2  1997/02/28  15:33:03  ram
?RCS: patch61: moved unit to TOP via a ?Y: layout directive
?RCS: patch61: tell them /dev/fd is not about floppy disks
?RCS:
?RCS: Revision 3.0.1.1  1994/10/29  16:12:08  ram
?RCS: patch36: added checks for secure setuid scripts (Tye McQueen)
?RCS:
?RCS: Revision 3.0  1993/08/18  12:05:55  ram
?RCS: Baseline for dist 3.0 netwide release.
?RCS:
?MAKE:d_dosuid d_suidsafe: cat contains ls rm test Myread Setvar \
	Oldconfig Guess package hint
?MAKE:	-pick add $@ %<
?S:d_suidsafe:
?S:	This variable conditionally defines SETUID_SCRIPTS_ARE_SECURE_NOW
?S:	if setuid scripts can be secure.  This test looks in /dev/fd/.
?S:.
?S:d_dosuid:
?S:	This variable conditionally defines the symbol DOSUID, which
?S:	tells the C program that it should insert setuid emulation code
?S:	on hosts which have setuid #! scripts disabled.
?S:.
?C:SETUID_SCRIPTS_ARE_SECURE_NOW:
?C:	This symbol, if defined, indicates that the bug that prevents
?C:	setuid scripts from being secure is not present in this kernel.
?C:.
?C:DOSUID:
?C:	This symbol, if defined, indicates that the C program should
?C:	check the script that it is executing for setuid/setgid bits, and
?C:	attempt to emulate setuid/setgid on systems that have disabled
?C:	setuid #! scripts because the kernel can't do it securely.
?C:	It is up to the package designer to make sure that this emulation
?C:	is done securely.  Among other things, it should do an fstat on
?C:	the script it just opened to make sure it really is a setuid/setgid
?C:	script, it should make sure the arguments passed correspond exactly
?C:	to the argument on the #! line, and it should not trust any
?C:	subprocesses to which it must pass the filename rather than the
?C:	file descriptor of the script to be executed.
?C:.
?H:#$d_suidsafe SETUID_SCRIPTS_ARE_SECURE_NOW	/**/
?H:#$d_dosuid DOSUID		/**/
?H:.
?Y:TOP
?F:!reflect
?LINT: set d_suidsafe
?LINT: set d_dosuid
: see if setuid scripts can be secure
$cat <<EOM

Some kernels have a bug that prevents setuid #! scripts from being
secure.  Some sites have disabled setuid #! scripts because of this.

First let's decide if your kernel supports secure setuid #! scripts.
(If setuid #! scripts would be secure but have been disabled anyway,
don't say that they are secure if asked.)

EOM

val="$undef"
if $test -d /dev/fd; then
	echo "#!$ls" >reflect
	chmod +x,u+s reflect
	./reflect >flect 2>&1
	if $contains "/dev/fd" flect >/dev/null; then
		echo "Congratulations, your kernel has secure setuid scripts!" >&4
		val="$define"
	else
		$cat <<EOM
If you are not sure if they are secure, I can check but I'll need a
username and password different from the one you are using right now.
If you don't have such a username or don't want me to test, simply
enter 'none'.

EOM
		rp='Other username to test security of setuid scripts with?'
		dflt='none'
		. ./myread
		case "$ans" in
		n|none)
			case "$d_suidsafe" in
			'')	echo "I'll assume setuid scripts are *not* secure." >&4
				dflt=n;;
			"$undef")
				echo "Well, the $hint value is *not* secure." >&4
				dflt=n;;
			*)	echo "Well, the $hint value *is* secure." >&4
				dflt=y;;
			esac
			;;
		*)
			$rm -f reflect flect
			echo "#!$ls" >reflect
			chmod +x,u+s reflect
			echo >flect
			chmod a+w flect
			echo '"su" will (probably) prompt you for '"$ans's password."
			su $ans -c './reflect >flect'
			if $contains "/dev/fd" flect >/dev/null; then
				echo "Okay, it looks like setuid scripts are secure." >&4
				dflt=y
			else
				echo "I don't think setuid scripts are secure." >&4
				dflt=n
			fi
			;;
		esac
		rp='Does your kernel have *secure* setuid scripts?'
		. ./myread
		case "$ans" in
		[yY]*)	val="$define";;
		*)	val="$undef";;
		esac
	fi
else
	echo "I don't think setuid scripts are secure (no /dev/fd directory)." >&4
	echo "(That's for file descriptors, not floppy disks.)"
	val="$undef"
fi
set d_suidsafe
eval $setvar

$rm -f reflect flect

: now see if they want to do setuid emulation
echo " "
val="$undef"
case "$d_suidsafe" in
"$define")
	val="$undef"
	echo "No need to emulate SUID scripts since they are secure here." >& 4
	;;
*)
	$cat <<EOM
Some systems have disabled setuid scripts, especially systems where
setuid scripts cannot be secure.  On systems where setuid scripts have
been disabled, the setuid/setgid bits on scripts are currently
useless.  It is possible for $package to detect those bits and emulate
setuid/setgid in a secure fashion.  This emulation will only work if
setuid scripts have been disabled in your kernel.

EOM
	case "$d_dosuid" in
	"$define") dflt=y ;;
	*) dflt=n ;;
	esac
	rp="Do you want to do setuid/setgid emulation?"
	. ./myread
	case "$ans" in
	[yY]*)	val="$define";;
	*)	val="$undef";;
	esac
	;;
esac
set d_dosuid
eval $setvar