tyler.durden
/
dgamelaunch
mirror of https://github.com/paxed/dgamelaunch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Additional anti-root uid security fixes 

git-svn-id: svn://katsu.triplehelix.org/dgamelaunch/trunk@134 db0b04b0-f4d1-0310-9a6d-de3e77497b0e
This commit is contained in:
Joshua Kwan 2004-01-21 01:37:16 +00:00
parent 9a1b899cba
commit be57b91ba1
2 changed files with 28 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
config.y
View File

@ -45,7 +45,11 @@ KeyPair: KeyType '=' TYPE_VALUE {
struct passwd* usr;
if (!myconfig)
{
myconfig = calloc(1, sizeof(struct dg_config));
myconfig->shed_uid = (uid_t)-1;
myconfig->shed_gid = (gid_t)-1;
}
switch ($1)
{
@ -58,12 +62,25 @@ KeyPair: KeyType '=' TYPE_VALUE {
break;
case TYPE_SUSER:
if (!strcmp($3, "root"))
{
fprintf(stderr, "%s: I refuse to run as root! Aborting.\n", config);
graceful_exit(1);
}
myconfig->shed_user = strdup($3);
if ((usr = getpwnam($3)) != NULL)
myconfig->shed_uid = usr->pw_uid;
{
if (usr->pw_uid != 0)
myconfig->shed_uid = usr->pw_uid;
else
{
fprintf(stderr, "%s: I refuse to run as %s (uid 0!) Aborting.\n", config, $3);
graceful_exit(1);
}
}
else
fprintf(stderr, "%s: no such group '%s'\n", config, $3);
break;
fprintf(stderr, "%s: no such user '%s'\n", config, $3);
break;
case TYPE_PATH_CHROOT:
if (myconfig->chroot) free(myconfig->chroot);
@ -113,6 +130,12 @@ KeyPair: KeyType '=' TYPE_VALUE {
case TYPE_SUID:
if (!myconfig->shed_user)
{
/* Naive user protection - do not allow running as user root */
if ($3 == 0)
{
fprintf(stderr, "%s: I refuse to run as root! Aborting.\n", config);
graceful_exit(1);
}
myconfig->shed_uid = $3;
}

4
dgamelaunch.c
View File

@ -170,7 +170,7 @@ create_config ()
}
/* Fill the rest with defaults */
if (!myconfig->shed_user && myconfig->shed_uid == 0)
if (!myconfig->shed_user && myconfig->shed_uid == -1)
{
struct passwd *pw;
if ((pw = getpwnam(defconfig.shed_user)))
@ -179,7 +179,7 @@ create_config ()
myconfig->shed_uid = defconfig.shed_uid;
}
if (!myconfig->shed_group && myconfig->shed_gid == 0)
if (!myconfig->shed_group && myconfig->shed_gid == -1)
{
struct group *gr;
if ((gr = getgrnam(defconfig.shed_group)))