From owner-freebsd-audit Tue Feb 13 23:14:59 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id C550E37B491 for ; Tue, 13 Feb 2001 23:14:47 -0800 (PST) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f1E7ElW78463 for ; Wed, 14 Feb 2001 00:14:47 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200102140714.f1E7ElW78463@harmony.village.org> To: audit@freebsd.org Subject: Removing setgid from dump/restore Date: Wed, 14 Feb 2001 00:14:47 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG OK. OpenBSD has had this for a long long time. I've had it in my tree waiting for wall -g patches to be committed. Since those are in the queue now, I'm presenting these again for eventual committing to FreeBSD. I expect they might take longer to get through the review process. They fix dump/restore to fork wall rather than trying to do it themselves. They rely on wall -g operator to send messages only to group operator. They also fix MAXPATHLEN usage. I hope to commit these by the end of the month. Warner Index: dump/Makefile =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/dump/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- dump/Makefile 2000/02/24 21:01:49 1.12 +++ dump/Makefile 2000/06/19 06:10:51 @@ -16,10 +16,7 @@ PROG= dump LINKS= ${BINDIR}/dump ${BINDIR}/rdump CFLAGS+=-DRDUMP -CFLAGS+=-I${.CURDIR}/../../libexec/rlogind SRCS= itime.c main.c optr.c dumprmt.c tape.c traverse.c unctime.c -BINGRP= tty -BINMODE=2555 MAN8= dump.8 MLINKS+=dump.8 rdump.8 Index: dump/main.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/dump/main.c,v retrieving revision 1.22 diff -u -r1.22 main.c --- dump/main.c 2001/01/28 21:21:37 1.22 +++ dump/main.c 2001/02/14 06:17:16 @@ -285,7 +285,6 @@ if (signal(SIGINT, interrupt) == SIG_IGN) signal(SIGINT, SIG_IGN); - set_operators(); /* /etc/group snarfed */ getfstab(); /* /etc/fstab snarfed */ /* * disk can be either the full special file name, Index: dump/optr.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/dump/optr.c,v retrieving revision 1.12 diff -u -r1.12 optr.c --- dump/optr.c 2001/01/29 09:45:51 1.12 +++ dump/optr.c 2001/02/14 06:23:04 @@ -59,7 +59,6 @@ void alarmcatch __P((/* int, int */)); int datesort __P((const void *, const void *)); -static void sendmes __P((char *, char *)); /* * Query the operator; This previously-fascist piece of code @@ -117,7 +116,7 @@ return(back); } -char lastmsg[100]; +char lastmsg[BUFSIZ]; /* * Alert the console operator, and enable the alarm clock to @@ -126,6 +125,8 @@ void alarmcatch() { + int save_errno = errno; + if (notify == 0) { if (timeout == 0) (void) fprintf(stderr, @@ -144,6 +145,7 @@ signal(SIGALRM, alarmcatch); (void) alarm(120); timeout = 1; + errno = save_errno; } /* @@ -158,131 +160,34 @@ dumpabort(0); } -/* - * The following variables and routines manage alerting - * operators to the status of dump. - * This works much like wall(1) does. - */ -struct group *gp; - /* - * Get the names from the group entry "operator" to notify. + * We now use wall(1) to do the actual broadcasting. */ void -set_operators() -{ - if (!notify) /*not going to notify*/ - return; - gp = getgrnam(OPGRENT); - (void) endgrent(); - if (gp == NULL) { - msg("No group entry for %s.\n", OPGRENT); - notify = 0; - return; - } -} - -struct tm *localclock; - -/* - * We fork a child to do the actual broadcasting, so - * that the process control groups are not messed up - */ -void broadcast(message) char *message; { - time_t clock; - FILE *f_utmp; - struct utmp utmp; - char **np; - int pid, s; + FILE *fp; + char buf[sizeof(_PATH_WALL) + sizeof(OPGRENT) + 3]; - if (!notify || gp == NULL) + if (!notify) return; - switch (pid = fork()) { - case -1: + (void)snprintf(buf, sizeof(buf), "%s -g %s", _PATH_WALL, OPGRENT); + if ((fp = popen(buf, "w")) == NULL) return; - case 0: - break; - default: - while (wait(&s) != pid) - continue; - return; - } - clock = time((time_t *)0); - localclock = localtime(&clock); - - if ((f_utmp = fopen(_PATH_UTMP, "r")) == NULL) { - msg("Cannot open %s: %s\n", _PATH_UTMP, strerror(errno)); - return; - } - - while (!feof(f_utmp)) { - if (fread((char *) &utmp, sizeof (struct utmp), 1, f_utmp) != 1) - break; - if (utmp.ut_name[0] == 0) - continue; - for (np = gp->gr_mem; *np; np++) { - if (strncmp(*np, utmp.ut_name, sizeof(utmp.ut_name)) != 0) - continue; - /* - * Do not send messages to operators on dialups - */ - if (strncmp(utmp.ut_line, DIALUP, strlen(DIALUP)) == 0) - continue; -#ifdef DEBUG - msg("Message to %s at %s\n", *np, utmp.ut_line); -#endif - sendmes(utmp.ut_line, message); - } - } - (void) fclose(f_utmp); - Exit(0); /* the wait in this same routine will catch this */ - /* NOTREACHED */ -} + (void) fputs("\a\a\aMessage from the dump program to all operators\n\nDUMP: NEEDS ATTENTION: ", fp); + if (lastmsg[0]) + (void) fputs(lastmsg, fp); + if (message[0]) + (void) fputs(message, fp); -static void -sendmes(tty, message) - char *tty, *message; -{ - char t[MAXPATHLEN], buf[BUFSIZ]; - register char *cp; - int lmsg = 1; - FILE *f_tty; - - (void) strcpy(t, _PATH_DEV); - (void) strncat(t, tty, sizeof t - strlen(_PATH_DEV) - 1); - - if ((f_tty = fopen(t, "w")) != NULL) { - setbuf(f_tty, buf); - (void) fprintf(f_tty, - "\n\ -\a\a\aMessage from the dump program to all operators at %d:%02d ...\r\n\n\ -DUMP: NEEDS ATTENTION: ", - localclock->tm_hour, localclock->tm_min); - for (cp = lastmsg; ; cp++) { - if (*cp == '\0') { - if (lmsg) { - cp = message; - if (*cp == '\0') - break; - lmsg = 0; - } else - break; - } - if (*cp == '\n') - (void) putc('\r', f_tty); - (void) putc(*cp, f_tty); - } - (void) fclose(f_tty); - } + (void) pclose(fp); } /* - * print out an estimate of the amount of time left to do the dump + * Print out an estimate of the amount of time left to do the dump */ time_t tschedule = 0; @@ -390,7 +295,7 @@ { register struct fstab *new; - new = (struct fstab *)malloc(sizeof (*fs)); + new = (struct fstab *)malloc(sizeof(*fs)); if (new == NULL || (new->fs_file = strdup(fs->fs_file)) == NULL || (new->fs_type = strdup(fs->fs_type)) == NULL || @@ -425,7 +330,7 @@ strcmp(fs->fs_type, FSTAB_RQ)) continue; fs = allocfsent(fs); - if ((pf = (struct pfstab *)malloc(sizeof (*pf))) == NULL) + if ((pf = (struct pfstab *)malloc(sizeof(*pf))) == NULL) quit("%s\n", strerror(errno)); pf->pf_fstab = fs; SLIST_INSERT_HEAD(&table, pf, pf_list); Index: dump/pathnames.h =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/dump/pathnames.h,v retrieving revision 1.5 diff -u -r1.5 pathnames.h --- dump/pathnames.h 1998/09/22 10:05:17 1.5 +++ dump/pathnames.h 2000/06/19 05:54:17 @@ -40,3 +40,4 @@ #define _PATH_DUMPDATES "/etc/dumpdates" #define _PATH_LOCK "/tmp/dumplockXXXXXX" #define _PATH_RMT "/etc/rmt" /* path on remote host */ +#define _PATH_WALL "/usr/bin/wall" Index: restore/Makefile =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/restore/Makefile,v retrieving revision 1.13 diff -u -r1.13 Makefile --- restore/Makefile 2000/02/24 21:01:54 1.13 +++ restore/Makefile 2000/06/19 06:11:37 @@ -4,11 +4,8 @@ PROG= restore LINKS= ${BINDIR}/restore ${BINDIR}/rrestore CFLAGS+=-DRRESTORE -CFLAGS+=-I${.CURDIR}/../../libexec/rlogind SRCS= main.c interactive.c restore.c dirs.c symtab.c tape.c utilities.c \ dumprmt.c -BINGRP= tty -BINMODE=2555 MAN8= restore.8 MLINKS+=restore.8 rrestore.8 .PATH: ${.CURDIR}/../dump Index: restore/dirs.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/restore/dirs.c,v retrieving revision 1.16 diff -u -r1.16 dirs.c --- restore/dirs.c 2000/10/10 01:49:47 1.16 +++ restore/dirs.c 2000/11/12 06:07:33 @@ -230,7 +230,7 @@ register struct direct *dp; int namelen; long bpt; - char locname[MAXPATHLEN + 1]; + char locname[MAXPATHLEN]; itp = inotablookup(ino); if (itp == NULL) { Index: restore/interactive.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/restore/interactive.c,v retrieving revision 1.9 diff -u -r1.9 interactive.c --- restore/interactive.c 2000/12/12 12:04:01 1.9 +++ restore/interactive.c 2000/12/16 06:25:03 @@ -505,7 +505,7 @@ struct afile single; RST_DIR *dirp; int entries, len, namelen; - char locname[MAXPATHLEN + 1]; + char locname[MAXPATHLEN]; dp = pathsearch(name); if (dp == NULL || (!dflag && TSTINO(dp->d_ino, dumpmap) == 0) || @@ -536,8 +536,8 @@ fprintf(stderr, "%s:\n", name); entries = 0; listp = list; - (void) strncpy(locname, name, MAXPATHLEN); - (void) strncat(locname, "/", MAXPATHLEN); + (void) strlcpy(locname, name, MAXPATHLEN); + (void) strlcat(locname, "/", MAXPATHLEN); namelen = strlen(locname); while ((dp = rst_readdir(dirp))) { if (dp == NULL) Index: restore/tape.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/restore/tape.c,v retrieving revision 1.21 diff -u -r1.21 tape.c --- restore/tape.c 2000/12/12 12:04:02 1.21 +++ restore/tape.c 2000/12/16 06:25:03 @@ -82,7 +82,7 @@ static int ofile; static char *map; -static char lnkbuf[MAXPATHLEN + 1]; +static char lnkbuf[MAXPATHLEN]; static int pathlen; int oldinofmt; /* old inode format conversion required */ @@ -770,7 +770,7 @@ { pathlen += size; - if (pathlen > MAXPATHLEN) { + if (pathlen >= MAXPATHLEN) { fprintf(stderr, "symbolic link name: %s->%s%s; too long %d\n", curfile.name, lnkbuf, buf, pathlen); done(1); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message