You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
215 lines
4.7 KiB
215 lines
4.7 KiB
/* Copyright 1997,1999,2001,2002,2007,2009 Alain Knaff.
|
|
* This file is part of mtools.
|
|
*
|
|
* Mtools is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Mtools is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with Mtools. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "sysincludes.h"
|
|
#include "msdos.h"
|
|
#include "mtools.h"
|
|
|
|
int noPrivileges=0;
|
|
|
|
#ifdef OS_mingw32msvc
|
|
void reclaim_privs(void)
|
|
{
|
|
}
|
|
|
|
void drop_privs(void)
|
|
{
|
|
}
|
|
|
|
void destroy_privs(void)
|
|
{
|
|
}
|
|
|
|
uid_t get_real_uid(void)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
void init_privs(void)
|
|
{
|
|
}
|
|
|
|
void closeExec(int fd)
|
|
{
|
|
}
|
|
|
|
#else
|
|
/*#define PRIV_DEBUG*/
|
|
|
|
#if 0
|
|
#undef HAVE_SETEUID
|
|
#define HAVE_SETRESUID
|
|
#include <asm/unistd.h>
|
|
int setresuid(int a, int b, int c)
|
|
{
|
|
syscall(164, a, b, c);
|
|
|
|
}
|
|
#endif
|
|
|
|
static __inline__ void print_privs(const char *message UNUSEDP)
|
|
{
|
|
#ifdef PRIV_DEBUG
|
|
/* for debugging purposes only */
|
|
fprintf(stderr,"%s egid=%d rgid=%d\n", message, getegid(), getgid());
|
|
fprintf(stderr,"%s euid=%d ruid=%d\n", message, geteuid(), getuid());
|
|
#endif
|
|
}
|
|
|
|
|
|
static gid_t rgid, egid;
|
|
static uid_t ruid, euid;
|
|
|
|
/* privilege management routines for SunOS and Solaris. These are
|
|
* needed in order to issue raw SCSI read/write ioctls. Mtools drops
|
|
* its privileges at the beginning, and reclaims them just for the
|
|
* above-mentioned ioctl's. Before popen(), exec() or system, it
|
|
* drops its privileges completely, and issues a warning.
|
|
*/
|
|
|
|
|
|
/* group id handling is lots easier, as long as we don't use group 0.
|
|
* If you want to use group id's, create a *new* group mtools or
|
|
* floppy. Chgrp any devices that you only want to be accessible to
|
|
* mtools to this group, and give them the appropriate privs. Make
|
|
* sure this group doesn't own any other files: be aware that any user
|
|
* with access to mtools may mformat these files!
|
|
*/
|
|
|
|
|
|
static __inline__ void Setuid(uid_t uid)
|
|
{
|
|
#if defined HAVE_SETEUID || defined HAVE_SETRESUID
|
|
if(euid == 0) {
|
|
#ifdef HAVE_SETEUID
|
|
seteuid(uid);
|
|
#else
|
|
setresuid(ruid, uid, euid);
|
|
#endif
|
|
} else
|
|
#endif
|
|
setuid(uid);
|
|
}
|
|
|
|
/* In reclaim_privs and drop privs, we have to manipulate group privileges
|
|
* when having no root privileges, else we might lose them */
|
|
|
|
void reclaim_privs(void)
|
|
{
|
|
if(noPrivileges)
|
|
return;
|
|
setgid(egid);
|
|
Setuid(euid);
|
|
print_privs("after reclaim privs, both uids should be 0 ");
|
|
}
|
|
|
|
void drop_privs(void)
|
|
{
|
|
Setuid(ruid);
|
|
setgid(rgid);
|
|
print_privs("after drop_privs, real should be 0, effective should not ");
|
|
}
|
|
|
|
void destroy_privs(void)
|
|
{
|
|
|
|
#if defined HAVE_SETEUID || defined HAVE_SETRESUID
|
|
if(euid == 0) {
|
|
#ifdef HAVE_SETEUID
|
|
setuid(0); /* get the necessary privs to drop real root id */
|
|
setuid(ruid); /* this should be enough to get rid of the three
|
|
* ids */
|
|
seteuid(ruid); /* for good measure... just in case we came
|
|
* across a system which implemented sane
|
|
* semantics instead of POSIXly broken
|
|
* semantics for setuid */
|
|
#else
|
|
setresuid(ruid, ruid, ruid);
|
|
#endif
|
|
}
|
|
#endif
|
|
|
|
/* we also destroy group privileges */
|
|
drop_privs();
|
|
|
|
/* saved set [ug]id will go away by itself on exec */
|
|
|
|
print_privs("destroy_privs, no uid should be zero ");
|
|
}
|
|
|
|
|
|
uid_t get_real_uid(void)
|
|
{
|
|
return ruid;
|
|
}
|
|
|
|
void init_privs(void)
|
|
{
|
|
euid = geteuid();
|
|
ruid = getuid();
|
|
egid = getegid();
|
|
rgid = getgid();
|
|
|
|
#ifndef F_SETFD
|
|
if(euid != ruid) {
|
|
fprintf(stderr,
|
|
"Setuid installation not supported on this platform\n");
|
|
fprintf(stderr,
|
|
"Missing F_SETFD");
|
|
exit(1);
|
|
}
|
|
#endif
|
|
|
|
if(euid != ruid) {
|
|
unsetenv("SOURCE_DATE_EPOCH");
|
|
}
|
|
if(euid == 0 && ruid != 0) {
|
|
#ifdef HAVE_SETEUID
|
|
setuid(0); /* set real uid to 0 */
|
|
#else
|
|
#ifndef HAVE_SETRESUID
|
|
/* on this machine, it is not possible to reversibly drop
|
|
* root privileges. We print an error and quit */
|
|
|
|
/* BEOS is no longer a special case, as both euid and ruid
|
|
* return 0, and thus we do not get any longer into this
|
|
* branch */
|
|
fprintf(stderr,
|
|
"Seteuid call not supported on this architecture.\n");
|
|
fprintf(stderr,
|
|
"Mtools cannot be installed setuid root.\n");
|
|
fprintf(stderr,
|
|
"However, it can be installed setuid to a non root");
|
|
fprintf(stderr,
|
|
"user or setgid to any id.\n");
|
|
exit(1);
|
|
#endif
|
|
#endif
|
|
}
|
|
|
|
drop_privs();
|
|
print_privs("after init, real should be 0, effective should not ");
|
|
}
|
|
|
|
void closeExec(int fd)
|
|
{
|
|
#ifdef F_SETFD
|
|
fcntl(fd, F_SETFD, 1);
|
|
#endif
|
|
}
|
|
#endif
|