perl5.git.perl.org Git - metaconfig.git/blob

1 ?RCS: $Id$

2 ?RCS:

4 ?RCS:

5 ?RCS: You may redistribute only under the terms of the Artistic License,

6 ?RCS: as specified in the README file that comes with the distribution.

7 ?RCS: You may reuse parts of this distribution only within the terms of

8 ?RCS: that same Artistic License; a copy of which may be found at the root

9 ?RCS: of the source tree for dist 4.0.

10 ?RCS:

11 ?RCS: Tye McQueen <tye@metronet.com> added safe setuid script checks.

12 ?RCS:

13 ?RCS: $Log: d_dosuid.U,v $

14 ?RCS: Revision 3.0.1.2 1997/02/28 15:33:03 ram

15 ?RCS: patch61: moved unit to TOP via a ?Y: layout directive

16 ?RCS: patch61: tell them /dev/fd is not about floppy disks

17 ?RCS:

18 ?RCS: Revision 3.0.1.1 1994/10/29 16:12:08 ram

19 ?RCS: patch36: added checks for secure setuid scripts (Tye McQueen)

20 ?RCS:

21 ?RCS: Revision 3.0 1993/08/18 12:05:55 ram

22 ?RCS: Baseline for dist 3.0 netwide release.

23 ?RCS:

24 ?MAKE:d_dosuid d_suidsafe: cat contains ls rm test Myread Setvar \

25 Oldconfig Guess package hint

26 ?MAKE: -pick add $@ %<

27 ?S:d_suidsafe:

28 ?S: This variable conditionally defines SETUID_SCRIPTS_ARE_SECURE_NOW

29 ?S: if setuid scripts can be secure. This test looks in /dev/fd/.

30 ?S:.

31 ?S:d_dosuid:

32 ?S: This variable conditionally defines the symbol DOSUID, which

33 ?S: tells the C program that it should insert setuid emulation code

34 ?S: on hosts which have setuid #! scripts disabled.

35 ?S:.

36 ?C:SETUID_SCRIPTS_ARE_SECURE_NOW:

37 ?C: This symbol, if defined, indicates that the bug that prevents

38 ?C: setuid scripts from being secure is not present in this kernel.

39 ?C:.

40 ?C:DOSUID:

41 ?C: This symbol, if defined, indicates that the C program should

42 ?C: check the script that it is executing for setuid/setgid bits, and

43 ?C: attempt to emulate setuid/setgid on systems that have disabled

44 ?C: setuid #! scripts because the kernel can't do it securely.

45 ?C: It is up to the package designer to make sure that this emulation

46 ?C: is done securely. Among other things, it should do an fstat on

47 ?C: the script it just opened to make sure it really is a setuid/setgid

48 ?C: script, it should make sure the arguments passed correspond exactly

49 ?C: to the argument on the #! line, and it should not trust any

50 ?C: subprocesses to which it must pass the filename rather than the

51 ?C: file descriptor of the script to be executed.

52 ?C:.

53 ?H:#$d_suidsafe SETUID_SCRIPTS_ARE_SECURE_NOW /**/

54 ?H:#$d_dosuid DOSUID /**/

55 ?H:.

56 ?Y:TOP

57 ?F:!reflect

58 ?LINT: set d_suidsafe

59 ?LINT: set d_dosuid

60 : see if setuid scripts can be secure

61 $cat <<EOM

62

63 Some kernels have a bug that prevents setuid #! scripts from being

64 secure. Some sites have disabled setuid #! scripts because of this.

65

66 First let's decide if your kernel supports secure setuid #! scripts.

67 (If setuid #! scripts would be secure but have been disabled anyway,

68 don't say that they are secure if asked.)

69

70 EOM

71

72 val="$undef"

73 if $test -d /dev/fd; then

74 echo "#!$ls" >reflect

75 chmod +x,u+s reflect

76 ./reflect >flect 2>&1

77 if $contains "/dev/fd" flect >/dev/null; then

78 echo "Congratulations, your kernel has secure setuid scripts!" >&4

79 val="$define"

80 else

81 $cat <<EOM

82 If you are not sure if they are secure, I can check but I'll need a

83 username and password different from the one you are using right now.

84 If you don't have such a username or don't want me to test, simply

85 enter 'none'.

86

87 EOM

88 rp='Other username to test security of setuid scripts with?'

89 dflt='none'

90 . ./myread

91 case "$ans" in

92 n|none)

93 case "$d_suidsafe" in

94 '') echo "I'll assume setuid scripts are *not* secure." >&4

95 dflt=n;;

96 "$undef")

97 echo "Well, the $hint value is *not* secure." >&4

98 dflt=n;;

99 *) echo "Well, the $hint value *is* secure." >&4

100 dflt=y;;

101 esac

102 ;;

103 *)

104 $rm -f reflect flect

105 echo "#!$ls" >reflect

106 chmod +x,u+s reflect

107 echo >flect

108 chmod a+w flect

109 echo '"su" will (probably) prompt you for '"$ans's password."

110 su $ans -c './reflect >flect'

111 if $contains "/dev/fd" flect >/dev/null; then

112 echo "Okay, it looks like setuid scripts are secure." >&4

113 dflt=y

114 else

115 echo "I don't think setuid scripts are secure." >&4

116 dflt=n

117 fi

118 ;;

119 esac

120 rp='Does your kernel have *secure* setuid scripts?'

121 . ./myread

122 case "$ans" in

123 [yY]*) val="$define";;

124 *) val="$undef";;

125 esac

126 fi

127 else

128 echo "I don't think setuid scripts are secure (no /dev/fd directory)." >&4

129 echo "(That's for file descriptors, not floppy disks.)"

130 val="$undef"

131 fi

132 set d_suidsafe

133 eval $setvar

134

135 $rm -f reflect flect

136

137 : now see if they want to do setuid emulation

138 echo " "

139 val="$undef"

140 case "$d_suidsafe" in

141 "$define")

142 val="$undef"

143 echo "No need to emulate SUID scripts since they are secure here." >& 4

144 ;;

145 *)

146 $cat <<EOM

147 Some systems have disabled setuid scripts, especially systems where

148 setuid scripts cannot be secure. On systems where setuid scripts have

149 been disabled, the setuid/setgid bits on scripts are currently

150 useless. It is possible for $package to detect those bits and emulate

151 setuid/setgid in a secure fashion. This emulation will only work if

152 setuid scripts have been disabled in your kernel.

153

154 EOM

155 case "$d_dosuid" in

156 "$define") dflt=y ;;

157 *) dflt=n ;;

158 esac

159 rp="Do you want to do setuid/setgid emulation?"

160 . ./myread

161 case "$ans" in

162 [yY]*) val="$define";;

163 *) val="$undef";;

164 esac

165 ;;

166 esac

167 set d_dosuid

168 eval $setvar

169