commit-inetutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-79-g126e41

From: Mats Erik Andersson
Subject: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-79-g126e416
Date: Sat, 21 Apr 2012 02:34:05 +0000 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".

The branch, master has been updated
       via  126e4166ea32331b792ffec665c49854826896bc (commit)
      from  3aae672f300bd655d4a86405183ee462ad1abc34 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=126e4166ea32331b792ffec665c49854826896bc


commit 126e4166ea32331b792ffec665c49854826896bc
Author: Mats Erik Andersson <address@hidden>
Date:   Sat Apr 21 04:03:11 2012 +0200

    rexecd: Protocol conformity and privilege audit.

diff --git a/ChangeLog b/ChangeLog
index 9c3308e..b632cf7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2012-04-21  Mats Erik Andersson  <address@hidden>
+
+       rexecd: Privilege audit and protocol conformity.
+
+       * src/rexecd.c (doit): Execute changes of group as
+       soon as password has been verified.  Remove useless
+       call to setegid().  Protect setpgid() by the macro
+       HAVE_SETPGID.  Delay sending the single NUL character
+       until the time immediately before execution is handed
+       over to a shell interpreter.
+
 2012-04-20  Mats Erik Andersson  <address@hidden>
 
        Portability issue found on 64-bit OpenBSD.
diff --git a/src/rexecd.c b/src/rexecd.c
index 87b1098..5c014fe 100644
--- a/src/rexecd.c
+++ b/src/rexecd.c
@@ -47,6 +47,10 @@
  * SUCH DAMAGE.
  */
 
+/* TODO: Implement PAM support as `rexec' service.
+ *       Pending with Mats Erik Andersson.
+ */
+
 #include <config.h>
 
 #include <sys/types.h>
@@ -196,6 +200,7 @@ doit (int f, struct sockaddr *fromp, socklen_t fromlen)
       port = port * 10 + c - '0';
     }
   alarm (0);
+
   if (port != 0)
     {
       s = socket (fromp->sa_family, SOCK_STREAM, 0);
@@ -224,11 +229,14 @@ doit (int f, struct sockaddr *fromp, socklen_t fromlen)
   cmdbuf = getstr ("command");
 
   setpwent ();
+
   pwd = getpwnam (user);
   if (pwd == NULL)
     die (EXIT_FAILURE, "Login incorrect.");
 
   endpwent ();
+
+  /* Last need of elevated privilege.  */
   pw_password = get_user_password (pwd);
   if (*pw_password != '\0')
     {
@@ -236,7 +244,24 @@ doit (int f, struct sockaddr *fromp, socklen_t fromlen)
       if (strcmp (namep, pw_password))
        die (EXIT_FAILURE, "Password incorrect.");
     }
-  write (STDERR_FILENO, "\0", 1);
+
+  /* Step down from superuser personality.
+   *
+   * The changing of group membership will seldomly
+   * fail, but a relevant message is passed just in
+   * case.  These messages are non-standard.
+   */
+  if (setgid ((gid_t) pwd->pw_gid) < 0)
+    die (EXIT_FAILURE, "Failed group protections.");
+
+#ifdef HAVE_INITGROUPS
+  if (initgroups (pwd->pw_name, pwd->pw_gid) < 0)
+    die (EXIT_FAILURE, "Failed group protections.");
+#endif
+
+  if (setuid ((uid_t) pwd->pw_uid) < 0)
+    die (EXIT_FAILURE, "Failed user identity.");
+
   if (port)
     {
       pipe (pv);
@@ -287,39 +312,43 @@ doit (int f, struct sockaddr *fromp, socklen_t fromlen)
          while (FD_ISSET (pv[0], &readfrom) || FD_ISSET (s, &readfrom));
          exit (EXIT_SUCCESS);
        }
+#ifdef HAVE_SETPGID
       setpgid (0, getpid ());
+#endif
       close (s);
       close (pv[0]);
       dup2 (pv[1], STDERR_FILENO);
     }
-  if (*pwd->pw_shell == '\0')
-    pwd->pw_shell = PATH_BSHELL;
+
   if (f > 2)
     close (f);
-  if (setegid ((gid_t) pwd->pw_gid) < 0)
-    error (EXIT_FAILURE, errno, "failed to set additional groups");
-  if (setgid ((gid_t) pwd->pw_gid) < 0)
-    error (EXIT_FAILURE, errno, "failed to set group-ID");
-#ifdef HAVE_INITGROUPS
-  if (initgroups (pwd->pw_name, pwd->pw_gid) < 0)
-    error (EXIT_FAILURE, errno,
-          "failed to initialize the supplementary group access list");
-#endif
-  if (setuid ((uid_t) pwd->pw_uid) < 0)
-    error (EXIT_FAILURE, errno, "failed to set user-ID");
+
+  /* Last point of failure due to incorrect user settings.  */
   if (chdir (pwd->pw_dir) < 0)
     die (EXIT_FAILURE, "No remote directory.");
+
   strcat (path, PATH_DEFPATH);
   environ = envinit;
   strncat (homedir, pwd->pw_dir, sizeof (homedir) - sizeof ("HOME=") - 1);
   strncat (shell, pwd->pw_shell, sizeof (shell) - sizeof ("SHELL=") - 1);
   strncat (username, pwd->pw_name, sizeof (username) - sizeof ("USER=") - 1);
   strncat (logname, pwd->pw_name, sizeof (logname) - sizeof ("LOGNAME=") - 1);
+
+  if (*pwd->pw_shell == '\0')
+    pwd->pw_shell = PATH_BSHELL;
+
   cp = strrchr (pwd->pw_shell, '/');
   if (cp)
     cp++;
   else
     cp = pwd->pw_shell;
+
+  /* This is the 7th step in the protocol standard.
+   * All authentication has been successful, and the
+   * execution can be handed over to the requested shell.
+   */
+  write (STDERR_FILENO, "\0", 1);
+
   execl (pwd->pw_shell, cp, "-c", cmdbuf, NULL);
   error (EXIT_FAILURE, errno, "executing %s", pwd->pw_shell);
 

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog    |   11 +++++++++++
 src/rexecd.c |   57 +++++++++++++++++++++++++++++++++++++++++++--------------
 2 files changed, 54 insertions(+), 14 deletions(-)


hooks/post-receive
-- 
GNU Inetutils
reply via email to
[Prev in Thread] Current Thread [Next in Thread]