diff options
| author | Parnell Springmeyer <parnell@awakenetworks.com> | 2016-07-15 18:05:28 -0500 |
|---|---|---|
| committer | Parnell Springmeyer <parnell@awakenetworks.com> | 2016-09-01 19:15:56 -0500 |
| commit | 79e81aa31bc7a0fa88507c06f21b41fbbd1cb863 (patch) | |
| tree | ffdca983b7c2cd98aedbbcd08d479e6be6508f3b /nixos/modules/security/setuid-wrapper.c | |
| parent | c16647ec29ab46b52cd365220288a8222cfcdad3 (diff) | |
| download | nixlib-79e81aa31bc7a0fa88507c06f21b41fbbd1cb863.tar nixlib-79e81aa31bc7a0fa88507c06f21b41fbbd1cb863.tar.gz nixlib-79e81aa31bc7a0fa88507c06f21b41fbbd1cb863.tar.bz2 nixlib-79e81aa31bc7a0fa88507c06f21b41fbbd1cb863.tar.lz nixlib-79e81aa31bc7a0fa88507c06f21b41fbbd1cb863.tar.xz nixlib-79e81aa31bc7a0fa88507c06f21b41fbbd1cb863.tar.zst nixlib-79e81aa31bc7a0fa88507c06f21b41fbbd1cb863.zip | |
security: Removing the old wrappers and replacing with 'permissions-wrappers'
Diffstat (limited to 'nixos/modules/security/setuid-wrapper.c')
| -rw-r--r-- | nixos/modules/security/setuid-wrapper.c | 81 |
1 files changed, 0 insertions, 81 deletions
diff --git a/nixos/modules/security/setuid-wrapper.c b/nixos/modules/security/setuid-wrapper.c deleted file mode 100644 index ffd0b65b7629..000000000000 --- a/nixos/modules/security/setuid-wrapper.c +++ /dev/null @@ -1,81 +0,0 @@ -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <unistd.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <dirent.h> -#include <assert.h> -#include <string.h> -#include <errno.h> - -/* Make sure assertions are not compiled out. */ -#undef NDEBUG - -extern char **environ; - -static char * wrapperDir = WRAPPER_DIR; - -int main(int argc, char * * argv) -{ - char self[PATH_MAX]; - - int len = readlink("/proc/self/exe", self, sizeof(self) - 1); - assert (len > 0); - self[len] = 0; - - /* Make sure that we are being executed from the right location, - i.e., `wrapperDir'. This is to prevent someone from - creating hard link `X' from some other location, along with a - false `X.real' file, to allow arbitrary programs from being - executed setuid. */ - assert ((strncmp(self, wrapperDir, strlen(wrapperDir)) == 0) && - (self[strlen(wrapperDir)] == '/')); - - /* Make *really* *really* sure that we were executed as `self', - and not, say, as some other setuid program. That is, our - effective uid/gid should match the uid/gid of `self'. */ - //printf("%d %d\n", geteuid(), getegid()); - - struct stat st; - assert (lstat(self, &st) != -1); - - //printf("%d %d\n", st.st_uid, st.st_gid); - - assert ((st.st_mode & S_ISUID) == 0 || - (st.st_uid == geteuid())); - - assert ((st.st_mode & S_ISGID) == 0 || - st.st_gid == getegid()); - - /* And, of course, we shouldn't be writable. */ - assert (!(st.st_mode & (S_IWGRP | S_IWOTH))); - - - /* Read the path of the real (wrapped) program from <self>.real. */ - char realFN[PATH_MAX + 10]; - int realFNSize = snprintf (realFN, sizeof(realFN), "%s.real", self); - assert (realFNSize < sizeof(realFN)); - - int fdSelf = open(realFN, O_RDONLY); - assert (fdSelf != -1); - - char real[PATH_MAX]; - len = read(fdSelf, real, PATH_MAX); - assert (len != -1); - assert (len < sizeof (real)); - assert (len > 0); - real[len] = 0; - - close(fdSelf); - - //printf("real = %s, len = %d\n", real, len); - - execve(real, argv, environ); - - fprintf(stderr, "%s: cannot run `%s': %s\n", - argv[0], real, strerror(errno)); - - exit(1); -} |