Commit | Line | Data |
---|---|---|
a0d0e21e LW |
1 | #!/usr/bin/perl |
2 | 'di'; | |
3 | 'ig00'; | |
4 | # | |
5 | # $Header: wrapsuid,v 1.1 90/08/11 13:51:29 lwall Locked $ | |
6 | # | |
7 | # $Log: wrapsuid,v $ | |
8 | # Revision 1.1 90/08/11 13:51:29 lwall | |
9 | # Initial revision | |
10 | # | |
11 | ||
12 | $xdev = '-xdev' unless -d '/dev/iop'; | |
13 | ||
14 | if ($#ARGV >= 0) { | |
15 | @list = @ARGV; | |
16 | foreach $name (@ARGV) { | |
17 | die "You must use absolute pathnames.\n" unless $name =~ m|^/|; | |
18 | } | |
19 | } | |
20 | else { | |
21 | open(DF,"/etc/mount|") || die "Can't run /etc/mount"; | |
22 | ||
23 | while (<DF>) { | |
24 | chop; | |
25 | $_ .= <DF> if length($_) < 50; | |
26 | @ary = split; | |
27 | push(@list,$ary[2]) if ($ary[0] =~ m|^/dev|); | |
28 | } | |
29 | } | |
30 | $fslist = join(' ',@list); | |
31 | ||
32 | die "Can't find local filesystems" unless $fslist; | |
33 | ||
34 | open(FIND, | |
35 | "find $fslist $xdev -type f \\( -perm -04000 -o -perm -02000 \\) -print|"); | |
36 | ||
37 | while (<FIND>) { | |
38 | chop; | |
39 | next unless -T; | |
40 | print "Fixing ", $_, "\n"; | |
41 | ($dir,$file) = m|(.*)/(.*)|; | |
42 | chdir $dir || die "Can't chdir to $dir"; | |
43 | ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime, | |
44 | $blksize,$blocks) = stat($file); | |
45 | die "Can't stat $_" unless $ino; | |
46 | chmod $mode & 01777, $file; # wipe out set[ug]id bits | |
47 | rename($file,".$file"); | |
48 | open(C,">.tmp$$.c") || die "Can't write C program for $_"; | |
49 | $real = "$dir/.$file"; | |
50 | print C ' | |
51 | main(argc,argv) | |
52 | int argc; | |
53 | char **argv; | |
54 | { | |
55 | execv("' . $real . '",argv); | |
56 | } | |
57 | '; | |
58 | close C; | |
59 | system '/bin/cc', ".tmp$$.c", '-o', $file; | |
60 | die "Can't compile new $_" if $?; | |
61 | chmod $mode, $file; | |
62 | chown $uid, $gid, $file; | |
63 | unlink ".tmp$$.c"; | |
64 | chdir '/'; | |
65 | } | |
66 | ############################################################################## | |
67 | ||
68 | # These next few lines are legal in both Perl and nroff. | |
69 | ||
70 | .00; # finish .ig | |
71 | ||
72 | 'di \" finish diversion--previous line must be blank | |
73 | .nr nl 0-1 \" fake up transition to first page again | |
74 | .nr % 0 \" start at page 1 | |
75 | '; __END__ ############# From here on it's a standard manual page ############ | |
76 | .TH SUIDSCRIPT 1 "July 30, 1990" | |
77 | .AT 3 | |
78 | .SH NAME | |
79 | wrapsuid \- puts a compiled C wrapper around a setuid or setgid script | |
80 | .SH SYNOPSIS | |
81 | .B wrapsuid [dirlist] | |
82 | .SH DESCRIPTION | |
83 | .I Wrapsuid | |
84 | creates a small C program to execute a script with setuid or setgid privileges | |
85 | without having to set the setuid or setgid bit on the script, which is | |
86 | a security problem on many machines. | |
87 | Specify the list of directories or files that you wish to process. | |
88 | The names must be absolute pathnames. | |
89 | With no arguments it will attempt to process all the local directories | |
90 | for this machine. | |
91 | The scripts to be processed must have the setuid or setgid bit set. | |
92 | The wrapsuid program will delete the bits and set them on the wrapper. | |
93 | .PP | |
94 | Non-superusers may only process their own files. | |
95 | .SH ENVIRONMENT | |
96 | No environment variables are used. | |
97 | .SH FILES | |
98 | None. | |
99 | .SH AUTHOR | |
100 | Larry Wall | |
101 | .SH "SEE ALSO" | |
102 | .SH DIAGNOSTICS | |
103 | .SH BUGS | |
104 | .ex |