Check-in Number:
|
3382 | |
Date: |
2003-May-26 10:10:37 (local)
2003-May-26 08:10:37 (UTC) |
User: | ms |
Branch: | |
Comment: |
Implement unpriviledged rc exec mode with safety checks. |
Tickets: |
|
Inspections: |
|
Files: |
|
ossp-pkg/rc/rc_proc.c 1.33 -> 1.34
--- rc_proc.c 2003/05/23 14:14:09 1.33
+++ rc_proc.c 2003/05/26 08:10:37 1.34
@@ -264,20 +264,22 @@
pFatscript = NULL;
}
else if (configGetval(RC_EXC_VAL)) { /* Execute */
- /* FIXME FIXME FIXME FIXME */
- /* For however many labels */
- /* For however many sections in this label */
- /* If the we must setuid(2) */
- /* If yes, are we root? */
- /* If no, then report error and exit */
-/* for (nTmp = 0; ; nTmp++) {
- if ()
- nRunuid = getuid();
- if (nRunuid != 0 && nRunuid != nSectuid) {
- fprintf(stderr, RC_RUT_TEXT);
- return(RC_THROW(RC_ERR_USE));
+ /* This block does nothing more than implement the feature, */
+ /* that allows rc to run unprivileged (as long as no privileged */
+ /* code is used in the script sections to be executed */
+ for (nSecs = 0; nSecs < pRc->m_pAnal->m_nSecs; nSecs++) {
+ for (nTmp = 0; nTmp < pRc->m_pAnal->m_nRcs; nTmp++) {
+ if (pRc->m_ppLabvec[nTmp]->m_ppSecvec) {
+ nRunuid = getuid();
+ nSectuid = pRc->m_ppLabvec[nTmp]->m_ppSecvec[nSecs]->m_nUid;
+ /* See if root user status is needed, and bail out if so */
+ if (nRunuid != 0 && nSectuid != -1 && nRunuid != nSectuid) {
+ fprintf(stderr, RC_RUT_TEXT);
+ return(RC_THROW(RC_ERR_USE));
+ }
+ }
}
- }*/
+ }
/* Allocate a block of section pointers to use temporarily */
ppSectmp = calloc(pRc->m_pAnal->m_nRcs, sizeof(rc_section_t *));
szCom = (char *)scriptTostring(pRc->m_pScriptcom);
|
|