Date: Mon, 3 Sep 2001 20:19:09 +0300 From: Ruslan Ermilov <ru@FreeBSD.org> To: security@FreeBSD.org Cc: audit@FreeBSD.org Subject: dropping ``setgid tty'' in dump(8) Message-ID: <20010903201909.C29616@sunbay.com>
next in thread | raw e-mail | index | archive | help
--U+BazGySraz5kW0T Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi! The attached patch replaces the ``wall -g'' functionality built into dump(8) directly with the call to wall(1), thus making it possible to drop the ``setgid tty'' privilege. The DIALUP check was weak, and was also removed. The patch is based on the OpenBSD's work. <PS> I've posted another message to the -audit that makes ``wall -g'' really work. </PS> Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --U+BazGySraz5kW0T Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=p Index: Makefile =================================================================== RCS file: /home/ncvs/src/sbin/dump/Makefile,v retrieving revision 1.14 diff -u -p -r1.14 Makefile --- Makefile 2001/03/26 14:33:00 1.14 +++ Makefile 2001/09/03 16:57:01 @@ -18,8 +18,6 @@ LINKS= ${BINDIR}/dump ${BINDIR}/rdump CFLAGS+=-DRDUMP CFLAGS+=-I${.CURDIR}/../../libexec/rlogind SRCS= itime.c main.c optr.c dumprmt.c tape.c traverse.c unctime.c -BINGRP= tty -BINMODE=2555 MAN= dump.8 MLINKS+=dump.8 rdump.8 Index: dump.h =================================================================== RCS file: /home/ncvs/src/sbin/dump/dump.h,v retrieving revision 1.9 diff -u -p -r1.9 dump.h --- dump.h 2001/08/10 23:12:10 1.9 +++ dump.h 2001/09/03 16:57:01 @@ -100,7 +100,6 @@ void msg __P((const char *fmt, ...)) __p void msgtail __P((const char *fmt, ...)) __printflike(1, 2); int query __P((char *question)); void quit __P((const char *fmt, ...)) __printflike(1, 2); -void set_operators __P((void)); void timeest __P((void)); time_t unctime __P((char *str)); @@ -151,7 +150,6 @@ void interrupt __P((int signo)); /* in c #define X_ABORT 3 /* abort dump; don't attempt checkpointing */ #define OPGRENT "operator" /* group entry to notify */ -#define DIALUP "ttyd" /* prefix for dialups */ struct fstab *fstabsearch __P((char *key)); /* search fs_file and fs_spec */ Index: main.c =================================================================== RCS file: /home/ncvs/src/sbin/dump/main.c,v retrieving revision 1.26 diff -u -p -r1.26 main.c --- main.c 2001/07/09 03:06:56 1.26 +++ main.c 2001/09/03 16:57:03 @@ -287,7 +287,6 @@ main(argc, argv) if (signal(SIGINT, interrupt) == SIG_IGN) signal(SIGINT, SIG_IGN); - set_operators(); /* /etc/group snarfed */ getfstab(); /* /etc/fstab snarfed */ /* * disk can be either the full special file name, Index: optr.c =================================================================== RCS file: /home/ncvs/src/sbin/dump/optr.c,v retrieving revision 1.12 diff -u -p -r1.12 optr.c --- optr.c 2001/01/29 09:45:51 1.12 +++ optr.c 2001/09/03 16:57:03 @@ -59,7 +59,6 @@ static const char rcsid[] = void alarmcatch __P((/* int, int */)); int datesort __P((const void *, const void *)); -static void sendmes __P((char *, char *)); /* * Query the operator; This previously-fascist piece of code @@ -117,7 +116,7 @@ query(question) return(back); } -char lastmsg[100]; +char lastmsg[BUFSIZ]; /* * Alert the console operator, and enable the alarm clock to @@ -159,130 +158,33 @@ interrupt(signo) } /* - * The following variables and routines manage alerting - * operators to the status of dump. - * This works much like wall(1) does. + * We now use wall(1) to do the actual broadcasting. */ -struct group *gp; - -/* - * Get the names from the group entry "operator" to notify. - */ -void -set_operators() -{ - if (!notify) /*not going to notify*/ - return; - gp = getgrnam(OPGRENT); - (void) endgrent(); - if (gp == NULL) { - msg("No group entry for %s.\n", OPGRENT); - notify = 0; - return; - } -} - -struct tm *localclock; - -/* - * We fork a child to do the actual broadcasting, so - * that the process control groups are not messed up - */ void broadcast(message) char *message; { - time_t clock; - FILE *f_utmp; - struct utmp utmp; - char **np; - int pid, s; + FILE *fp; + char buf[sizeof(_PATH_WALL) + sizeof(OPGRENT) + 3]; - if (!notify || gp == NULL) + if (!notify) return; - switch (pid = fork()) { - case -1: + snprintf(buf, sizeof(buf), "%s -g %s", _PATH_WALL, OPGRENT); + if ((fp = popen(buf, "w")) == NULL) return; - case 0: - break; - default: - while (wait(&s) != pid) - continue; - return; - } - - clock = time((time_t *)0); - localclock = localtime(&clock); - - if ((f_utmp = fopen(_PATH_UTMP, "r")) == NULL) { - msg("Cannot open %s: %s\n", _PATH_UTMP, strerror(errno)); - return; - } - while (!feof(f_utmp)) { - if (fread((char *) &utmp, sizeof (struct utmp), 1, f_utmp) != 1) - break; - if (utmp.ut_name[0] == 0) - continue; - for (np = gp->gr_mem; *np; np++) { - if (strncmp(*np, utmp.ut_name, sizeof(utmp.ut_name)) != 0) - continue; - /* - * Do not send messages to operators on dialups - */ - if (strncmp(utmp.ut_line, DIALUP, strlen(DIALUP)) == 0) - continue; -#ifdef DEBUG - msg("Message to %s at %s\n", *np, utmp.ut_line); -#endif - sendmes(utmp.ut_line, message); - } - } - (void) fclose(f_utmp); - Exit(0); /* the wait in this same routine will catch this */ - /* NOTREACHED */ -} + (void) fputs("\a\a\aMessage from the dump program to all operators\n\nDUMP: NEEDS ATTENTION: ", fp); + if (lastmsg[0]) + (void) fputs(lastmsg, fp); + if (message[0]) + (void) fputs(message, fp); -static void -sendmes(tty, message) - char *tty, *message; -{ - char t[MAXPATHLEN], buf[BUFSIZ]; - register char *cp; - int lmsg = 1; - FILE *f_tty; - - (void) strcpy(t, _PATH_DEV); - (void) strncat(t, tty, sizeof t - strlen(_PATH_DEV) - 1); - - if ((f_tty = fopen(t, "w")) != NULL) { - setbuf(f_tty, buf); - (void) fprintf(f_tty, - "\n\ -\a\a\aMessage from the dump program to all operators at %d:%02d ...\r\n\n\ -DUMP: NEEDS ATTENTION: ", - localclock->tm_hour, localclock->tm_min); - for (cp = lastmsg; ; cp++) { - if (*cp == '\0') { - if (lmsg) { - cp = message; - if (*cp == '\0') - break; - lmsg = 0; - } else - break; - } - if (*cp == '\n') - (void) putc('\r', f_tty); - (void) putc(*cp, f_tty); - } - (void) fclose(f_tty); - } + (void) pclose(fp); } /* - * print out an estimate of the amount of time left to do the dump + * Print out an estimate of the amount of time left to do the dump */ time_t tschedule = 0; Index: pathnames.h =================================================================== RCS file: /home/ncvs/src/sbin/dump/pathnames.h,v retrieving revision 1.6 diff -u -p -r1.6 pathnames.h --- pathnames.h 2001/03/08 09:04:39 1.6 +++ pathnames.h 2001/09/03 16:57:03 @@ -41,3 +41,4 @@ #define _PATH_DUMPDATES "/etc/dumpdates" #define _PATH_LOCK "/tmp/dumplockXXXXXX" #define _PATH_RMT "/etc/rmt" /* path on remote host */ +#define _PATH_WALL "/usr/bin/wall" --U+BazGySraz5kW0T-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010903201909.C29616>