[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-249-g2910f
|
From: |
Mats Erik Andersson |
|
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-249-g2910ff7 |
|
Date: |
Fri, 08 Mar 2013 15:20:54 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via 2910ff783ad0d308e302da2d8cca5e4695c5dbd0 (commit)
from 4d922c02defe791d49cf57209c9b61fd1803fd0a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=2910ff783ad0d308e302da2d8cca5e4695c5dbd0
commit 2910ff783ad0d308e302da2d8cca5e4695c5dbd0
Author: Mats Erik Andersson <address@hidden>
Date: Thu Mar 7 22:16:39 2013 +0100
Relax setuid demands.
All former setuid executables are now
content with system capabilities.
diff --git a/ChangeLog b/ChangeLog
index effd207..b7c0cca 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,33 @@
+2013-03-07 Mats Erik Andersson <address@hidden>
+
+ Relax setuid demands.
+
+ * src/rcp.c (effuid): New variable.
+ (main): Set `effuid' by calling geteuid().
+ Remove test on non-zero geteuid().
+ (toremote): If `rem < 0' and `errno == EACCES',
+ then report failure to access privileged port.
+ (tolocal): Use argument `effuid' for seteuid().
+ * src/rlogin.c (main): Remove test on non-zero
+ geteuid(). If `rem < 0' and `errno == EACCES',
+ then report failure to access privileged port.
+ * src/rsh.c (main): Likewise.
+
+ * ping/libping.c (ping_init): Let error message
+ mention privileges, instead of non-root access.
+
+ Avoid assignment inside if-clauses, as per GCS.
+
+ * src/rcp.c (main, tolocal, source, rsource, sink)
+ (allocbuf): Assign to variables first, then test
+ their values in an if-clause.
+ * src/rlogin.c (main, get_window_size, getescape):
+ Likewise.
+ * src/rlogind.c (rlogind_auth, do_krb5_login)
+ (protocol): Likewise.
+ * src/rsh.c (main, talk, copyargs): Likewise.
+ * src/rshd.c (doit): Likewise.
+
2013-03-02 Mats Erik Andersson <address@hidden>
Make the FTP transfer test somewhat robuster.
diff --git a/README b/README
index 91cf5ac..760b18b 100644
--- a/README
+++ b/README
@@ -5,7 +5,7 @@ clients and servers of the GNU Operating System.
The individual utilities were originally derived from the 4.4BSDLite2
distribution. Many features were integrated from NetBSD, OpenBSD,
-FreeBSD and GNU/Linux
+FreeBSD and GNU/Linux.
The file `paths' contains a list of all paths used by programs in this
distribution, and rules to find values for them. To change a path
@@ -32,19 +32,28 @@ address.
Notes:
-1) All of the r* commands clients, rcp, rlogin, rsh, need to be
- install setuid root to work correctly because they use privileged
- ports for communication.
+1) All of the r* client commands, 'rcp', 'rlogin', 'rsh', used to
+ need to be installed as setuid root to work correctly, since
+ they use privileged ports for communication. However, some
+ modern operating systems now offer capabilities that avoid
+ the need for setuid settings, and this is accounted for in
+ our present code. CAP_NET_BIND_SERVICE and PRIV_NET_PRIVADDR
+ are relevant for the above three programs.
+
+2) Similarly, 'ping', 'ping6', and 'traceroute', used to depend
+ on setuid installation, but also these are now content with
+ capabilities like CAP_NET_RAW, PRIV_NET_ICMPACCESS, and
+ PRIV_NET_RAWACCESS.
Some known deficiencies:
- Non-Shishi Kerberos support does not build. Patches welcome.
- - Shishi Kerberos support is only implemented for 'rlogin',
+ - Shishi Kerberos support is only implemented for 'rcp', 'rlogin',
'rlogind', 'rsh', 'rshd', 'telnet', and 'telnetd'.
- Not all utilities are Kerberized even when built with Kerberos
- libraries, including 'rcp'.
+ libraries, including 'rcp' for non-Shishi Kerberos.
- InetUtils does not build on HP-UX 11.00, Cygwin, Minix, MinGW,
MSCV, BeOS, Haiki (and probably other systems as well). Patches
diff --git a/ping/libping.c b/ping/libping.c
index cd6c016..4339458 100644
--- a/ping/libping.c
+++ b/ping/libping.c
@@ -72,7 +72,7 @@ ping_init (int type, int ident)
if (fd < 0)
{
if (errno == EPERM || errno == EACCES)
- fprintf (stderr, "ping: ping must run as root\n");
+ fprintf (stderr, "ping: Lacking privilege for raw socket.\n");
return NULL;
}
diff --git a/src/rcp.c b/src/rcp.c
index 7bbe9ff..832dd45 100644
--- a/src/rcp.c
+++ b/src/rcp.c
@@ -273,7 +273,7 @@ static struct argp argp = {
struct passwd *pwd;
unsigned short port;
-uid_t userid;
+uid_t userid, effuid;
int errs, rem;
char *command;
@@ -314,7 +314,9 @@ main (int argc, char *argv[])
# else /* SHISHI */
shell = "kshell"; /* Libshishi uses a single service. */
# endif
- if ((sp = getservbyname (shell, "tcp")) == NULL)
+
+ sp = getservbyname (shell, "tcp");
+ if (sp == NULL)
{
use_kerberos = 0;
oldw ("can't get entry for %s/tcp service", shell);
@@ -330,7 +332,10 @@ main (int argc, char *argv[])
error (EXIT_FAILURE, 0, "%s/tcp: unknown service", shell);
port = sp->s_port;
- if ((pwd = getpwuid (userid = getuid ())) == NULL)
+ effuid = geteuid ();
+ userid = getuid ();
+ pwd = getpwuid (userid);
+ if (pwd == NULL)
error (EXIT_FAILURE, 0, "unknown user %d", (int) userid);
rem = STDIN_FILENO; /* XXX */
@@ -361,14 +366,6 @@ main (int argc, char *argv[])
error (EXIT_FAILURE, 0, "encryption must use Kerberos");
#endif
-#if defined KERBEROS || defined SHISHI
- if (!use_kerberos && geteuid ())
-#else
- /* We must be setuid root. */
- if (geteuid ())
-#endif
- error (EXIT_FAILURE, 0, "must be setuid root.");
-
/* Command to be executed on remote system using "rsh". */
#if defined KERBEROS || defined SHISHI
rc = asprintf (&command, "rcp%s%s%s%s", iamrecursive ? " -r" : "",
@@ -515,7 +512,17 @@ toremote (char *targ, int argc, char *argv[])
tuser ? tuser : pwd->pw_name, bp, 0);
#endif
if (rem < 0)
- exit (EXIT_FAILURE);
+ {
+ /* rcmd() provides its own error messages,
+ * but we add a vital addition, caused by
+ * insufficient capabilites.
+ */
+ if (errno == EACCES)
+ error (EXIT_FAILURE, 0,
+ "No access to privileged ports.");
+
+ exit (EXIT_FAILURE);
+ }
#if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
sslen = sizeof (ss);
(void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
@@ -567,7 +574,8 @@ tolocal (int argc, char *argv[])
for (i = 0; i < argc - 1; i++)
{
- if (!(src = colon (argv[i])))
+ src = colon (argv[i]);
+ if (!src)
{ /* Local to local. */
len = strlen (PATH_CP) + strlen (argv[i]) +
strlen (argv[argc - 1]) + 20;
@@ -585,7 +593,9 @@ tolocal (int argc, char *argv[])
*src++ = 0;
if (*src == 0)
src = ".";
- if ((host = strchr (argv[i], '@')) == NULL)
+
+ host = strchr (argv[i], '@');
+ if (host == NULL)
{
host = argv[i];
suser = pwd->pw_name;
@@ -633,7 +643,7 @@ tolocal (int argc, char *argv[])
error (0, errno, "TOS (ignored)");
#endif
sink (1, argv + argc - 1);
- seteuid (0);
+ seteuid (effuid);
close (rem);
rem = -1;
#ifdef SHISHI
@@ -695,7 +705,8 @@ source (int argc, char *argv[])
for (indx = 0; indx < argc; ++indx)
{
name = argv[indx];
- if ((fd = open (name, O_RDONLY, 0)) < 0)
+ fd = open (name, O_RDONLY, 0);
+ if (fd < 0)
goto syserr;
if (fstat (fd, &stb))
{
@@ -718,7 +729,8 @@ source (int argc, char *argv[])
run_err ("%s: not a regular file", name);
goto next;
}
- if ((last = strrchr (name, '/')) == NULL)
+ last = strrchr (name, '/');
+ if (last == NULL)
last = name;
else
++last;
@@ -737,7 +749,9 @@ source (int argc, char *argv[])
write (rem, buf, strlen (buf));
if (response () < 0)
goto next;
- if ((bp = allocbuf (&buffer, fd, BUFSIZ)) == NULL)
+
+ bp = allocbuf (&buffer, fd, BUFSIZ);
+ if (bp == NULL)
{
next:
close (fd);
@@ -784,7 +798,8 @@ rsource (char *name, struct stat *statp)
char *buf;
int buf_len;
- if (!(dirp = opendir (name)))
+ dirp = opendir (name);
+ if (!dirp)
{
run_err ("%s: %s", name, strerror (errno));
return;
@@ -1039,14 +1054,16 @@ sink (int argc, char *argv[])
}
omode = mode;
mode |= S_IWRITE;
- if ((ofd = open (np, O_WRONLY | O_CREAT, mode)) < 0)
+ ofd = open (np, O_WRONLY | O_CREAT, mode);
+ if (ofd < 0)
{
bad:
run_err ("%s: %s", np, strerror (errno));
continue;
}
write (rem, "", 1);
- if ((bp = allocbuf (&buffer, ofd, BUFSIZ)) == NULL)
+ bp = allocbuf (&buffer, ofd, BUFSIZ);
+ if (bp == NULL)
{
close (ofd);
continue;
@@ -1467,7 +1484,9 @@ allocbuf (BUF * bp, int fd, int blksize)
size = blksize;
if ((size_t) bp->cnt >= size)
return (bp);
- if ((bp->buf = realloc (bp->buf, size)) == NULL)
+
+ bp->buf = realloc (bp->buf, size);
+ if (bp->buf == NULL)
{
bp->cnt = 0;
run_err ("%s", strerror (errno));
diff --git a/src/rlogin.c b/src/rlogin.c
index 97d94a5..b80aa90 100644
--- a/src/rlogin.c
+++ b/src/rlogin.c
@@ -365,16 +365,10 @@ main (int argc, char *argv[])
argc -= index;
-#if defined KERBEROS || defined SHISHI
- if (!use_kerberos && geteuid ())
-#else
- /* We must be uid root to access rcmd(). */
- if (geteuid ())
-#endif
- error (EXIT_FAILURE, 0, "must be setuid root.");
-
/* Get the name of the user invoking us: the client-user-name. */
- if (!(pw = getpwuid (uid = getuid ())))
+ uid = getuid ();
+ pw = getpwuid (uid);
+ if (!pw)
error (EXIT_FAILURE, 0, "unknown user id.");
/* Accept address@hidden format, though "-l user2" overrides user1 */
@@ -619,6 +613,13 @@ try_connect:
if (rem < 0)
{
puts (""); /* Glibc does not close all error strings in rcmd(). */
+ /* rcmd() provides its own error messages,
+ * but we add a vital addition, caused by
+ * insufficient capabilites.
+ */
+ if (errno == EACCES)
+ error (EXIT_FAILURE, 0, "No access to privileged ports.");
+
exit (EXIT_FAILURE);
}
@@ -1430,8 +1431,10 @@ get_window_size (int fd, struct winsize *wp)
struct ttysize ts;
int error;
- if ((error = ioctl (0, TIOCGSIZE, &ts)) != 0)
+ error = ioctl (0, TIOCGSIZE, &ts);
+ if (error != 0)
return error;
+
wp->ws_row = ts.ts_lines;
wp->ws_col = ts.ts_cols;
wp->ws_xpixel = 0;
@@ -1446,8 +1449,10 @@ getescape (register char *p)
long val;
int len;
- if ((len = strlen (p)) == 1) /* use any single char, including '\'. */
+ len = strlen (p);
+ if (len == 1) /* use any single char, including '\'. */
return ((u_int) * p);
+
/* otherwise, \nnn */
if (*p == '\\' && len >= 2 && len <= 4)
{
diff --git a/src/rlogind.c b/src/rlogind.c
index 04a1721..dd759b3 100644
--- a/src/rlogind.c
+++ b/src/rlogind.c
@@ -928,7 +928,8 @@ rlogind_auth (int fd, struct auth_data *ap)
int ipproto;
struct protoent *ip;
- if ((ip = getprotobyname ("ip")) != NULL)
+ ip = getprotobyname ("ip");
+ if (ip != NULL)
ipproto = ip->p_proto;
else
ipproto = IPPROTO_IP;
@@ -1377,7 +1378,8 @@ do_krb5_login (int infd, struct auth_data *ap, const char
**err_msg)
struct passwd *pwd;
char *name;
- if (status = krb5_init_context (&ap->context))
+ status = krb5_init_context (&ap->context);
+ if (status)
{
syslog (LOG_ERR, "Error initializing krb5: %s",
error_message (status));
@@ -1422,8 +1424,9 @@ do_krb5_login (int infd, struct auth_data *ap, const char
**err_msg)
if (status)
return status;
- if ((status = krb5_auth_con_getauthenticator (ap->context, auth_ctx,
- &authenticator)))
+ status = krb5_auth_con_getauthenticator (ap->context, auth_ctx,
+ &authenticator);
+ if (status)
return status;
getstr (infd, &ap->lusername, NULL);
@@ -1439,8 +1442,9 @@ do_krb5_login (int infd, struct auth_data *ap, const char
**err_msg)
getstr (infd, &ap->rusername, NULL);
- if ((status = krb5_copy_principal (ap->context,
- ticket->enc_part2->client, &ap->client)))
+ status = krb5_copy_principal (ap->context, ticket->enc_part2->client,
+ &ap->client);
+ if (status)
return status;
/*OK:: */
@@ -1759,7 +1763,8 @@ protocol (int f, int p, struct auth_data *ap)
FD_SET (p, &ebits);
- if ((n = select (nfd, &ibits, omask, &ebits, 0)) < 0)
+ n = select (nfd, &ibits, omask, &ebits, 0);
+ if (n < 0)
{
if (errno == EINTR)
continue;
diff --git a/src/rsh.c b/src/rsh.c
index 1621fa2..94827c6 100644
--- a/src/rsh.c
+++ b/src/rsh.c
@@ -289,15 +289,9 @@ main (int argc, char **argv)
argc -= index;
argv += index;
-#if defined KERBEROS || defined SHISHI
- if (!use_kerberos && geteuid ())
-#else
- /* We must be setuid root. */
- if (geteuid ())
-#endif
- error (EXIT_FAILURE, 0, "must be setuid root.");
-
- if (!(pw = getpwuid (uid = getuid ())))
+ uid = getuid ();
+ pw = getpwuid (uid);
+ if (!pw)
error (EXIT_FAILURE, 0, "unknown user id");
/* Accept address@hidden format, though "-l user2" overrides user1 */
@@ -512,7 +506,16 @@ try_connect:
#endif /* !KERBEROS && !SHISHI */
if (rem < 0)
- exit (EXIT_FAILURE);
+ {
+ /* rcmd() provides its own error messages,
+ * but we add a vital addition, caused by
+ * insufficient capabilites.
+ */
+ if (errno == EACCES)
+ error (EXIT_FAILURE, 0, "No access to privileged ports.");
+
+ exit (EXIT_FAILURE);
+ }
if (rfd2 < 0)
error (EXIT_FAILURE, 0, "can't establish stderr");
@@ -605,7 +608,8 @@ talk (int null_input_option, sigset_t * osigs, pid_t pid,
int rem)
reread:
errno = 0;
- if ((cc = read (STDIN_FILENO, buf, sizeof buf)) <= 0)
+ cc = read (STDIN_FILENO, buf, sizeof buf);
+ if (cc <= 0)
goto done;
bp = buf;
@@ -766,7 +770,8 @@ copyargs (char **argv)
cc = 0;
for (ap = argv; *ap; ++ap)
cc += strlen (*ap) + 1;
- if (!(args = malloc ((u_int) cc)))
+ args = malloc ((u_int) cc);
+ if (!args)
error (EXIT_FAILURE, errno, "copyargs");
for (p = args, ap = argv; *ap; ++ap)
{
diff --git a/src/rshd.c b/src/rshd.c
index 4ba6c09..2684d03 100644
--- a/src/rshd.c
+++ b/src/rshd.c
@@ -501,7 +501,8 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
int ipproto;
struct protoent *ip;
- if ((ip = getprotobyname ("ip")) != NULL)
+ ip = getprotobyname ("ip");
+ if (ip != NULL)
ipproto = ip->p_proto;
else
ipproto = IPPROTO_IP;
@@ -581,7 +582,9 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
for (;;)
{
char c;
- if ((cc = read (sockfd, &c, 1)) != 1)
+
+ cc = read (sockfd, &c, 1);
+ if (cc != 1)
{
if (cc < 0)
syslog (LOG_NOTICE, "read: %m");
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 30 ++++++++++++++++++++++++++
README | 21 +++++++++++++-----
ping/libping.c | 2 +-
src/rcp.c | 63 ++++++++++++++++++++++++++++++++++++-------------------
src/rlogin.c | 27 ++++++++++++++---------
src/rlogind.c | 19 ++++++++++------
src/rsh.c | 29 +++++++++++++++----------
src/rshd.c | 7 ++++-
8 files changed, 137 insertions(+), 61 deletions(-)
hooks/post-receive
--
GNU Inetutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-249-g2910ff7,
Mats Erik Andersson <=