https://perl5.git.perl.org / metaconfig.git / blame
| Commit | Line | Data |
|---|---|---|
| 33a01fd2 | 1 | ?RCS: $Id$ |
| d8875586 MBT |
2 | ?RCS: |
| 3 | ?RCS: Copyright (c) 1991-1997, 2004-2006, Raphael Manfredi | |
| cf39bd7e | 4 | ?RCS: |
| 33a01fd2 | 5 | ?RCS: You may redistribute only under the terms of the Artistic License, |
| d8875586 MBT |
6 | ?RCS: as specified in the README file that comes with the distribution. |
| 7 | ?RCS: You may reuse parts of this distribution only within the terms of | |
| 33a01fd2 | 8 | ?RCS: that same Artistic License; a copy of which may be found at the root |
| d8875586 | 9 | ?RCS: of the source tree for dist 4.0. |
| cf39bd7e | 10 | ?RCS: |
| d8875586 MBT |
11 | ?RCS: Tye McQueen <tye@metronet.com> added safe setuid script checks. |
| 12 | ?RCS: | |
| 13 | ?RCS: $Log: d_dosuid.U,v $ | |
| 14 | ?RCS: Revision 3.0.1.2 1997/02/28 15:33:03 ram | |
| 15 | ?RCS: patch61: moved unit to TOP via a ?Y: layout directive | |
| 16 | ?RCS: patch61: tell them /dev/fd is not about floppy disks | |
| 17 | ?RCS: | |
| 18 | ?RCS: Revision 3.0.1.1 1994/10/29 16:12:08 ram | |
| 19 | ?RCS: patch36: added checks for secure setuid scripts (Tye McQueen) | |
| 20 | ?RCS: | |
| 21 | ?RCS: Revision 3.0 1993/08/18 12:05:55 ram | |
| 22 | ?RCS: Baseline for dist 3.0 netwide release. | |
| 23 | ?RCS: | |
| 24 | ?MAKE:d_dosuid d_suidsafe: cat contains ls rm test Myread Setvar \ | |
| 25 | Oldconfig Guess package hint | |
| 26 | ?MAKE: -pick add $@ %< | |
| 27 | ?S:d_suidsafe: | |
| 28 | ?S: This variable conditionally defines SETUID_SCRIPTS_ARE_SECURE_NOW | |
| 29 | ?S: if setuid scripts can be secure. This test looks in /dev/fd/. | |
| 30 | ?S:. | |
| 31 | ?S:d_dosuid: | |
| 32 | ?S: This variable conditionally defines the symbol DOSUID, which | |
| 33 | ?S: tells the C program that it should insert setuid emulation code | |
| 34 | ?S: on hosts which have setuid #! scripts disabled. | |
| 35 | ?S:. | |
| 36 | ?C:SETUID_SCRIPTS_ARE_SECURE_NOW: | |
| 37 | ?C: This symbol, if defined, indicates that the bug that prevents | |
| 38 | ?C: setuid scripts from being secure is not present in this kernel. | |
| 39 | ?C:. | |
| 40 | ?C:DOSUID: | |
| 41 | ?C: This symbol, if defined, indicates that the C program should | |
| 42 | ?C: check the script that it is executing for setuid/setgid bits, and | |
| 43 | ?C: attempt to emulate setuid/setgid on systems that have disabled | |
| 44 | ?C: setuid #! scripts because the kernel can't do it securely. | |
| 45 | ?C: It is up to the package designer to make sure that this emulation | |
| 46 | ?C: is done securely. Among other things, it should do an fstat on | |
| 47 | ?C: the script it just opened to make sure it really is a setuid/setgid | |
| 48 | ?C: script, it should make sure the arguments passed correspond exactly | |
| 49 | ?C: to the argument on the #! line, and it should not trust any | |
| 50 | ?C: subprocesses to which it must pass the filename rather than the | |
| 51 | ?C: file descriptor of the script to be executed. | |
| 52 | ?C:. | |
| 53 | ?H:#$d_suidsafe SETUID_SCRIPTS_ARE_SECURE_NOW /**/ | |
| 54 | ?H:#$d_dosuid DOSUID /**/ | |
| 55 | ?H:. | |
| 56 | ?Y:TOP | |
| 57 | ?F:!reflect | |
| 58 | ?LINT: set d_suidsafe | |
| 59 | ?LINT: set d_dosuid | |
| 60 | : see if setuid scripts can be secure | |
| 61 | $cat <<EOM | |
| 62 | ||
| 63 | Some kernels have a bug that prevents setuid #! scripts from being | |
| 64 | secure. Some sites have disabled setuid #! scripts because of this. | |
| 65 | ||
| 66 | First let's decide if your kernel supports secure setuid #! scripts. | |
| 67 | (If setuid #! scripts would be secure but have been disabled anyway, | |
| 68 | don't say that they are secure if asked.) | |
| 69 | ||
| 70 | EOM | |
| 71 | ||
| 72 | val="$undef" | |
| 73 | if $test -d /dev/fd; then | |
| 74 | echo "#!$ls" >reflect | |
| 75 | chmod +x,u+s reflect | |
| 76 | ./reflect >flect 2>&1 | |
| 77 | if $contains "/dev/fd" flect >/dev/null; then | |
| 78 | echo "Congratulations, your kernel has secure setuid scripts!" >&4 | |
| 79 | val="$define" | |
| 80 | else | |
| 81 | $cat <<EOM | |
| 82 | If you are not sure if they are secure, I can check but I'll need a | |
| 83 | username and password different from the one you are using right now. | |
| 84 | If you don't have such a username or don't want me to test, simply | |
| 85 | enter 'none'. | |
| 86 | ||
| 87 | EOM | |
| 88 | rp='Other username to test security of setuid scripts with?' | |
| 89 | dflt='none' | |
| 90 | . ./myread | |
| 91 | case "$ans" in | |
| 92 | n|none) | |
| 93 | case "$d_suidsafe" in | |
| 94 | '') echo "I'll assume setuid scripts are *not* secure." >&4 | |
| 95 | dflt=n;; | |
| 96 | "$undef") | |
| 97 | echo "Well, the $hint value is *not* secure." >&4 | |
| 98 | dflt=n;; | |
| 99 | *) echo "Well, the $hint value *is* secure." >&4 | |
| 100 | dflt=y;; | |
| 101 | esac | |
| 102 | ;; | |
| 103 | *) | |
| 104 | $rm -f reflect flect | |
| 105 | echo "#!$ls" >reflect | |
| 106 | chmod +x,u+s reflect | |
| 107 | echo >flect | |
| 108 | chmod a+w flect | |
| 109 | echo '"su" will (probably) prompt you for '"$ans's password." | |
| 110 | su $ans -c './reflect >flect' | |
| 111 | if $contains "/dev/fd" flect >/dev/null; then | |
| 112 | echo "Okay, it looks like setuid scripts are secure." >&4 | |
| 113 | dflt=y | |
| 114 | else | |
| 115 | echo "I don't think setuid scripts are secure." >&4 | |
| 116 | dflt=n | |
| 117 | fi | |
| 118 | ;; | |
| 119 | esac | |
| 120 | rp='Does your kernel have *secure* setuid scripts?' | |
| 121 | . ./myread | |
| 122 | case "$ans" in | |
| 123 | [yY]*) val="$define";; | |
| 124 | *) val="$undef";; | |
| 125 | esac | |
| 126 | fi | |
| 127 | else | |
| 128 | echo "I don't think setuid scripts are secure (no /dev/fd directory)." >&4 | |
| 129 | echo "(That's for file descriptors, not floppy disks.)" | |
| 130 | val="$undef" | |
| 131 | fi | |
| 132 | set d_suidsafe | |
| 133 | eval $setvar | |
| 134 | ||
| 135 | $rm -f reflect flect | |
| 136 | ||
| 137 | : now see if they want to do setuid emulation | |
| 138 | echo " " | |
| 139 | val="$undef" | |
| 140 | case "$d_suidsafe" in | |
| 141 | "$define") | |
| 142 | val="$undef" | |
| 7bfb7bd7 | 143 | echo "No need to emulate SUID scripts since they are secure here." >& 4 |
| d8875586 MBT |
144 | ;; |
| 145 | *) | |
| 146 | $cat <<EOM | |
| 147 | Some systems have disabled setuid scripts, especially systems where | |
| 148 | setuid scripts cannot be secure. On systems where setuid scripts have | |
| 149 | been disabled, the setuid/setgid bits on scripts are currently | |
| 150 | useless. It is possible for $package to detect those bits and emulate | |
| 151 | setuid/setgid in a secure fashion. This emulation will only work if | |
| 152 | setuid scripts have been disabled in your kernel. | |
| 153 | ||
| 154 | EOM | |
| 155 | case "$d_dosuid" in | |
| 156 | "$define") dflt=y ;; | |
| 157 | *) dflt=n ;; | |
| 158 | esac | |
| 159 | rp="Do you want to do setuid/setgid emulation?" | |
| 160 | . ./myread | |
| 161 | case "$ans" in | |
| 162 | [yY]*) val="$define";; | |
| 163 | *) val="$undef";; | |
| 164 | esac | |
| 165 | ;; | |
| 166 | esac | |
| 167 | set d_dosuid | |
| 168 | eval $setvar | |
| 169 |