From owner-freebsd-audit Sun Jun 18 23:12: 0 2000 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 5E94F37B762 for ; Sun, 18 Jun 2000 23:11:41 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id AAA32614 for ; Mon, 19 Jun 2000 00:11:37 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id AAA54148 for ; Mon, 19 Jun 2000 00:10:13 -0600 (MDT) Message-Id: <200006190610.AAA54148@harmony.village.org> To: audit@freebsd.org Subject: Comments? Date: Mon, 19 Jun 2000 00:10:13 -0600 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG What do you think of the following patch? It makes dump use wall rather than writing to the ttys directly. This means we can remove setgid tty for dump finally. It is from OpenBSD from 1996(!). I've wanted to include it since then, but only now have been able to actually do so. It also saves errno accross interrupts, which is a hunk of another change, but seemed useful. There are also two white space changes to reduce the number of trivial differences between this and OpenBSD. I've not extensively tested this, but my simple tests show this works. comments? Warner Index: Makefile =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/dump/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- Makefile 2000/02/24 21:01:49 1.12 +++ Makefile 2000/06/19 05:54:57 @@ -18,8 +18,6 @@ CFLAGS+=-DRDUMP CFLAGS+=-I${.CURDIR}/../../libexec/rlogind SRCS= itime.c main.c optr.c dumprmt.c tape.c traverse.c unctime.c -BINGRP= tty -BINMODE=2555 MAN8= dump.8 MLINKS+=dump.8 rdump.8 Index: main.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/dump/main.c,v retrieving revision 1.21 diff -u -r1.21 main.c --- main.c 2000/04/02 10:16:38 1.21 +++ main.c 2000/06/19 06:05:48 @@ -285,7 +285,6 @@ if (signal(SIGINT, interrupt) == SIG_IGN) signal(SIGINT, SIG_IGN); - set_operators(); /* /etc/group snarfed */ getfstab(); /* /etc/fstab snarfed */ /* * disk can be either the full special file name, Index: optr.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/dump/optr.c,v retrieving revision 1.10 diff -u -r1.10 optr.c --- optr.c 2000/04/02 10:16:40 1.10 +++ optr.c 2000/06/19 06:01:36 @@ -58,7 +58,6 @@ void alarmcatch __P((/* int, int */)); int datesort __P((const void *, const void *)); -static void sendmes __P((char *, char *)); /* * Query the operator; This previously-fascist piece of code @@ -116,7 +115,7 @@ return(back); } -char lastmsg[100]; +char lastmsg[BUFSIZ]; /* * Alert the console operator, and enable the alarm clock to @@ -125,6 +124,8 @@ void alarmcatch() { + int save_errno = errno; + if (notify == 0) { if (timeout == 0) (void) fprintf(stderr, @@ -143,6 +144,7 @@ signal(SIGALRM, alarmcatch); (void) alarm(120); timeout = 1; + errno = save_errno; } /* @@ -157,131 +159,34 @@ dumpabort(0); } -/* - * The following variables and routines manage alerting - * operators to the status of dump. - * This works much like wall(1) does. - */ -struct group *gp; - /* - * Get the names from the group entry "operator" to notify. + * We now use wall(1) to do the actual broadcasting. */ void -set_operators() -{ - if (!notify) /*not going to notify*/ - return; - gp = getgrnam(OPGRENT); - (void) endgrent(); - if (gp == NULL) { - msg("No group entry for %s.\n", OPGRENT); - notify = 0; - return; - } -} - -struct tm *localclock; - -/* - * We fork a child to do the actual broadcasting, so - * that the process control groups are not messed up - */ -void broadcast(message) char *message; { - time_t clock; - FILE *f_utmp; - struct utmp utmp; - char **np; - int pid, s; + FILE *fp; + char buf[sizeof(_PATH_WALL) + sizeof(OPGRENT) + 3]; - if (!notify || gp == NULL) + if (!notify) return; - switch (pid = fork()) { - case -1: + (void)snprintf(buf, sizeof(buf), "%s -g %s", _PATH_WALL, OPGRENT); + if ((fp = popen(buf, "w")) == NULL) return; - case 0: - break; - default: - while (wait(&s) != pid) - continue; - return; - } - clock = time((time_t *)0); - localclock = localtime(&clock); - - if ((f_utmp = fopen(_PATH_UTMP, "r")) == NULL) { - msg("Cannot open %s: %s\n", _PATH_UTMP, strerror(errno)); - return; - } - - while (!feof(f_utmp)) { - if (fread((char *) &utmp, sizeof (struct utmp), 1, f_utmp) != 1) - break; - if (utmp.ut_name[0] == 0) - continue; - for (np = gp->gr_mem; *np; np++) { - if (strncmp(*np, utmp.ut_name, sizeof(utmp.ut_name)) != 0) - continue; - /* - * Do not send messages to operators on dialups - */ - if (strncmp(utmp.ut_line, DIALUP, strlen(DIALUP)) == 0) - continue; -#ifdef DEBUG - msg("Message to %s at %s\n", *np, utmp.ut_line); -#endif - sendmes(utmp.ut_line, message); - } - } - (void) fclose(f_utmp); - Exit(0); /* the wait in this same routine will catch this */ - /* NOTREACHED */ -} + (void) fputs("\7\7\7Message from the dump program to all operators\n\nDUMP: NEEDS ATTENTION: ", fp); + if (lastmsg[0]) + (void) fputs(lastmsg, fp); + if (message[0]) + (void) fputs(message, fp); -static void -sendmes(tty, message) - char *tty, *message; -{ - char t[MAXPATHLEN], buf[BUFSIZ]; - register char *cp; - int lmsg = 1; - FILE *f_tty; - - (void) strcpy(t, _PATH_DEV); - (void) strncat(t, tty, sizeof t - strlen(_PATH_DEV) - 1); - - if ((f_tty = fopen(t, "w")) != NULL) { - setbuf(f_tty, buf); - (void) fprintf(f_tty, - "\n\ -\7\7\7Message from the dump program to all operators at %d:%02d ...\r\n\n\ -DUMP: NEEDS ATTENTION: ", - localclock->tm_hour, localclock->tm_min); - for (cp = lastmsg; ; cp++) { - if (*cp == '\0') { - if (lmsg) { - cp = message; - if (*cp == '\0') - break; - lmsg = 0; - } else - break; - } - if (*cp == '\n') - (void) putc('\r', f_tty); - (void) putc(*cp, f_tty); - } - (void) fclose(f_tty); - } + (void) pclose(fp); } /* - * print out an estimate of the amount of time left to do the dump + * Print out an estimate of the amount of time left to do the dump */ time_t tschedule = 0; @@ -389,7 +294,7 @@ { register struct fstab *new; - new = (struct fstab *)malloc(sizeof (*fs)); + new = (struct fstab *)malloc(sizeof(*fs)); if (new == NULL || (new->fs_file = strdup(fs->fs_file)) == NULL || (new->fs_type = strdup(fs->fs_type)) == NULL || @@ -424,7 +329,7 @@ strcmp(fs->fs_type, FSTAB_RQ)) continue; fs = allocfsent(fs); - if ((pf = (struct pfstab *)malloc(sizeof (*pf))) == NULL) + if ((pf = (struct pfstab *)malloc(sizeof(*pf))) == NULL) quit("%s\n", strerror(errno)); pf->pf_fstab = fs; pf->pf_next = table; Index: pathnames.h =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/dump/pathnames.h,v retrieving revision 1.5 diff -u -r1.5 pathnames.h --- pathnames.h 1998/09/22 10:05:17 1.5 +++ pathnames.h 2000/06/19 05:54:17 @@ -40,3 +40,4 @@ #define _PATH_DUMPDATES "/etc/dumpdates" #define _PATH_LOCK "/tmp/dumplockXXXXXX" #define _PATH_RMT "/etc/rmt" /* path on remote host */ +#define _PATH_WALL "/usr/bin/wall" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Jun 18 23:15:51 2000 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 6067137B979 for ; Sun, 18 Jun 2000 23:15:49 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id AAA32637 for ; Mon, 19 Jun 2000 00:15:48 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id AAA54318 for ; Mon, 19 Jun 2000 00:14:24 -0600 (MDT) Message-Id: <200006190614.AAA54318@harmony.village.org> To: audit@freebsd.org Subject: Any reason not to do this? Date: Mon, 19 Jun 2000 00:14:24 -0600 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I don't see any reason for restore to be setgid tty. What's wrong with this patch: This is inspired by OpenBSD's cleanup in this area. Index: Makefile =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/restore/Makefile,v retrieving revision 1.13 diff -u -r1.13 Makefile --- Makefile 2000/02/24 21:01:54 1.13 +++ Makefile 2000/06/19 06:11:37 @@ -4,11 +4,8 @@ PROG= restore LINKS= ${BINDIR}/restore ${BINDIR}/rrestore CFLAGS+=-DRRESTORE -CFLAGS+=-I${.CURDIR}/../../libexec/rlogind SRCS= main.c interactive.c restore.c dirs.c symtab.c tape.c utilities.c \ dumprmt.c -BINGRP= tty -BINMODE=2555 MAN8= restore.8 MLINKS+=restore.8 rrestore.8 .PATH: ${.CURDIR}/../dump To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jun 19 9:35: 6 2000 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 501BD37B855 for ; Mon, 19 Jun 2000 09:35:03 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id KAA34696; Mon, 19 Jun 2000 10:35:01 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id KAA60705; Mon, 19 Jun 2000 10:33:36 -0600 (MDT) Message-Id: <200006191633.KAA60705@harmony.village.org> To: Mike Heffner Subject: Re: Comments? Cc: audit@freebsd.org In-reply-to: Your message of "Mon, 19 Jun 2000 12:27:44 EDT." References: Date: Mon, 19 Jun 2000 10:33:36 -0600 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message Mike Heffner writes: : : On 19-Jun-2000 Warner Losh wrote: : ... : | + (void)snprintf(buf, sizeof(buf), "%s -g %s", _PATH_WALL, OPGRENT); : : AFAIK, wall doesn't have a -g option. A small detail, hardly worth mentioning. If I bring in openbsd's wall -g flag :-) Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jun 19 10:37: 2 2000 Delivered-To: freebsd-audit@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 9FB1737BA8D for ; Mon, 19 Jun 2000 10:37:00 -0700 (PDT) (envelope-from billf@jade.chc-chimes.com) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id B26CF1C6D; Mon, 19 Jun 2000 13:36:55 -0400 (EDT) Date: Mon, 19 Jun 2000 13:36:55 -0400 From: Bill Fumerola To: Warner Losh Cc: Mike Heffner , audit@freebsd.org Subject: Re: Comments? Message-ID: <20000619133655.W8523@jade.chc-chimes.com> References: <200006191633.KAA60705@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200006191633.KAA60705@harmony.village.org>; from imp@village.org on Mon, Jun 19, 2000 at 10:33:36AM -0600 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Jun 19, 2000 at 10:33:36AM -0600, Warner Losh wrote: > : | + (void)snprintf(buf, sizeof(buf), "%s -g %s", _PATH_WALL, OPGRENT); > : > : AFAIK, wall doesn't have a -g option. > > A small detail, hardly worth mentioning. If I bring in openbsd's wall > -g flag :-) When I was at WC this past Feb. this same security hole pissed me off. I e-mailed bde at the time and one of the things we talked about was teaching syslogd about groups and then using the syslog interface to notify groups. Just an idea.. -- Bill Fumerola - Network Architect / Computer Horizons Corp - CVM e-mail: billf@chc-chimes.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message