Commit | Line | Data |
---|---|---|
33a01fd2 | 1 | ?RCS: $Id$ |
d8875586 MBT |
2 | ?RCS: |
3 | ?RCS: Copyright (c) 1991-1997, 2004-2006, Raphael Manfredi | |
cf39bd7e | 4 | ?RCS: |
33a01fd2 | 5 | ?RCS: You may redistribute only under the terms of the Artistic License, |
d8875586 MBT |
6 | ?RCS: as specified in the README file that comes with the distribution. |
7 | ?RCS: You may reuse parts of this distribution only within the terms of | |
33a01fd2 | 8 | ?RCS: that same Artistic License; a copy of which may be found at the root |
d8875586 | 9 | ?RCS: of the source tree for dist 4.0. |
cf39bd7e | 10 | ?RCS: |
d8875586 MBT |
11 | ?RCS: Tye McQueen <tye@metronet.com> added safe setuid script checks. |
12 | ?RCS: | |
13 | ?RCS: $Log: d_dosuid.U,v $ | |
14 | ?RCS: Revision 3.0.1.2 1997/02/28 15:33:03 ram | |
15 | ?RCS: patch61: moved unit to TOP via a ?Y: layout directive | |
16 | ?RCS: patch61: tell them /dev/fd is not about floppy disks | |
17 | ?RCS: | |
18 | ?RCS: Revision 3.0.1.1 1994/10/29 16:12:08 ram | |
19 | ?RCS: patch36: added checks for secure setuid scripts (Tye McQueen) | |
20 | ?RCS: | |
21 | ?RCS: Revision 3.0 1993/08/18 12:05:55 ram | |
22 | ?RCS: Baseline for dist 3.0 netwide release. | |
23 | ?RCS: | |
24 | ?MAKE:d_dosuid d_suidsafe: cat contains ls rm test Myread Setvar \ | |
25 | Oldconfig Guess package hint | |
26 | ?MAKE: -pick add $@ %< | |
27 | ?S:d_suidsafe: | |
28 | ?S: This variable conditionally defines SETUID_SCRIPTS_ARE_SECURE_NOW | |
29 | ?S: if setuid scripts can be secure. This test looks in /dev/fd/. | |
30 | ?S:. | |
31 | ?S:d_dosuid: | |
32 | ?S: This variable conditionally defines the symbol DOSUID, which | |
33 | ?S: tells the C program that it should insert setuid emulation code | |
34 | ?S: on hosts which have setuid #! scripts disabled. | |
35 | ?S:. | |
36 | ?C:SETUID_SCRIPTS_ARE_SECURE_NOW: | |
37 | ?C: This symbol, if defined, indicates that the bug that prevents | |
38 | ?C: setuid scripts from being secure is not present in this kernel. | |
39 | ?C:. | |
40 | ?C:DOSUID: | |
41 | ?C: This symbol, if defined, indicates that the C program should | |
42 | ?C: check the script that it is executing for setuid/setgid bits, and | |
43 | ?C: attempt to emulate setuid/setgid on systems that have disabled | |
44 | ?C: setuid #! scripts because the kernel can't do it securely. | |
45 | ?C: It is up to the package designer to make sure that this emulation | |
46 | ?C: is done securely. Among other things, it should do an fstat on | |
47 | ?C: the script it just opened to make sure it really is a setuid/setgid | |
48 | ?C: script, it should make sure the arguments passed correspond exactly | |
49 | ?C: to the argument on the #! line, and it should not trust any | |
50 | ?C: subprocesses to which it must pass the filename rather than the | |
51 | ?C: file descriptor of the script to be executed. | |
52 | ?C:. | |
53 | ?H:#$d_suidsafe SETUID_SCRIPTS_ARE_SECURE_NOW /**/ | |
54 | ?H:#$d_dosuid DOSUID /**/ | |
55 | ?H:. | |
56 | ?Y:TOP | |
57 | ?F:!reflect | |
58 | ?LINT: set d_suidsafe | |
59 | ?LINT: set d_dosuid | |
60 | : see if setuid scripts can be secure | |
61 | $cat <<EOM | |
62 | ||
63 | Some kernels have a bug that prevents setuid #! scripts from being | |
64 | secure. Some sites have disabled setuid #! scripts because of this. | |
65 | ||
66 | First let's decide if your kernel supports secure setuid #! scripts. | |
67 | (If setuid #! scripts would be secure but have been disabled anyway, | |
68 | don't say that they are secure if asked.) | |
69 | ||
70 | EOM | |
71 | ||
72 | val="$undef" | |
73 | if $test -d /dev/fd; then | |
74 | echo "#!$ls" >reflect | |
75 | chmod +x,u+s reflect | |
76 | ./reflect >flect 2>&1 | |
77 | if $contains "/dev/fd" flect >/dev/null; then | |
78 | echo "Congratulations, your kernel has secure setuid scripts!" >&4 | |
79 | val="$define" | |
80 | else | |
81 | $cat <<EOM | |
82 | If you are not sure if they are secure, I can check but I'll need a | |
83 | username and password different from the one you are using right now. | |
84 | If you don't have such a username or don't want me to test, simply | |
85 | enter 'none'. | |
86 | ||
87 | EOM | |
88 | rp='Other username to test security of setuid scripts with?' | |
89 | dflt='none' | |
90 | . ./myread | |
91 | case "$ans" in | |
92 | n|none) | |
93 | case "$d_suidsafe" in | |
94 | '') echo "I'll assume setuid scripts are *not* secure." >&4 | |
95 | dflt=n;; | |
96 | "$undef") | |
97 | echo "Well, the $hint value is *not* secure." >&4 | |
98 | dflt=n;; | |
99 | *) echo "Well, the $hint value *is* secure." >&4 | |
100 | dflt=y;; | |
101 | esac | |
102 | ;; | |
103 | *) | |
104 | $rm -f reflect flect | |
105 | echo "#!$ls" >reflect | |
106 | chmod +x,u+s reflect | |
107 | echo >flect | |
108 | chmod a+w flect | |
109 | echo '"su" will (probably) prompt you for '"$ans's password." | |
110 | su $ans -c './reflect >flect' | |
111 | if $contains "/dev/fd" flect >/dev/null; then | |
112 | echo "Okay, it looks like setuid scripts are secure." >&4 | |
113 | dflt=y | |
114 | else | |
115 | echo "I don't think setuid scripts are secure." >&4 | |
116 | dflt=n | |
117 | fi | |
118 | ;; | |
119 | esac | |
120 | rp='Does your kernel have *secure* setuid scripts?' | |
121 | . ./myread | |
122 | case "$ans" in | |
123 | [yY]*) val="$define";; | |
124 | *) val="$undef";; | |
125 | esac | |
126 | fi | |
127 | else | |
128 | echo "I don't think setuid scripts are secure (no /dev/fd directory)." >&4 | |
129 | echo "(That's for file descriptors, not floppy disks.)" | |
130 | val="$undef" | |
131 | fi | |
132 | set d_suidsafe | |
133 | eval $setvar | |
134 | ||
135 | $rm -f reflect flect | |
136 | ||
137 | : now see if they want to do setuid emulation | |
138 | echo " " | |
139 | val="$undef" | |
140 | case "$d_suidsafe" in | |
141 | "$define") | |
142 | val="$undef" | |
7bfb7bd7 | 143 | echo "No need to emulate SUID scripts since they are secure here." >& 4 |
d8875586 MBT |
144 | ;; |
145 | *) | |
146 | $cat <<EOM | |
147 | Some systems have disabled setuid scripts, especially systems where | |
148 | setuid scripts cannot be secure. On systems where setuid scripts have | |
149 | been disabled, the setuid/setgid bits on scripts are currently | |
150 | useless. It is possible for $package to detect those bits and emulate | |
151 | setuid/setgid in a secure fashion. This emulation will only work if | |
152 | setuid scripts have been disabled in your kernel. | |
153 | ||
154 | EOM | |
155 | case "$d_dosuid" in | |
156 | "$define") dflt=y ;; | |
157 | *) dflt=n ;; | |
158 | esac | |
159 | rp="Do you want to do setuid/setgid emulation?" | |
160 | . ./myread | |
161 | case "$ans" in | |
162 | [yY]*) val="$define";; | |
163 | *) val="$undef";; | |
164 | esac | |
165 | ;; | |
166 | esac | |
167 | set d_dosuid | |
168 | eval $setvar | |
169 |