tyler.durden
/
dgamelaunch
mirror of https://github.com/paxed/dgamelaunch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Additional anti-root uid security fixes 

git-svn-id: svn://katsu.triplehelix.org/dgamelaunch/trunk@134 db0b04b0-f4d1-0310-9a6d-de3e77497b0e
This commit is contained in:
Joshua Kwan 2004-01-21 01:37:16 +00:00
parent 9a1b899cba
commit be57b91ba1
2 changed files with 28 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
config.y
View File

@ -45,7 +45,11 @@ KeyPair: KeyType '=' TYPE_VALUE {
struct passwd* usr; struct passwd* usr;
if (!myconfig) if (!myconfig)
{
myconfig = calloc(1, sizeof(struct dg_config)); myconfig = calloc(1, sizeof(struct dg_config));
myconfig->shed_uid = (uid_t)-1;
myconfig->shed_gid = (gid_t)-1;
}
switch ($1) switch ($1)
{ {
@ -58,11 +62,24 @@ KeyPair: KeyType '=' TYPE_VALUE {
break; break;
case TYPE_SUSER: case TYPE_SUSER:
if (!strcmp($3, "root"))
{
fprintf(stderr, "%s: I refuse to run as root! Aborting.\n", config);
graceful_exit(1);
}
myconfig->shed_user = strdup($3); myconfig->shed_user = strdup($3);
if ((usr = getpwnam($3)) != NULL) if ((usr = getpwnam($3)) != NULL)
{
if (usr->pw_uid != 0)
myconfig->shed_uid = usr->pw_uid; myconfig->shed_uid = usr->pw_uid;
else else
fprintf(stderr, "%s: no such group '%s'\n", config, $3); {
fprintf(stderr, "%s: I refuse to run as %s (uid 0!) Aborting.\n", config, $3);
graceful_exit(1);
}
}
else
fprintf(stderr, "%s: no such user '%s'\n", config, $3);
break; break;
case TYPE_PATH_CHROOT: case TYPE_PATH_CHROOT:
@ -113,6 +130,12 @@ KeyPair: KeyType '=' TYPE_VALUE {
case TYPE_SUID: case TYPE_SUID:
if (!myconfig->shed_user) if (!myconfig->shed_user)
{ {
/* Naive user protection - do not allow running as user root */
if ($3 == 0)
{
fprintf(stderr, "%s: I refuse to run as root! Aborting.\n", config);
graceful_exit(1);
}
myconfig->shed_uid = $3; myconfig->shed_uid = $3;
} }

4
dgamelaunch.c
View File

@ -170,7 +170,7 @@ create_config ()
} }
/* Fill the rest with defaults */ /* Fill the rest with defaults */
if (!myconfig->shed_user && myconfig->shed_uid == 0) if (!myconfig->shed_user && myconfig->shed_uid == -1)
{ {
struct passwd *pw; struct passwd *pw;
if ((pw = getpwnam(defconfig.shed_user))) if ((pw = getpwnam(defconfig.shed_user)))
@ -179,7 +179,7 @@ create_config ()
myconfig->shed_uid = defconfig.shed_uid; myconfig->shed_uid = defconfig.shed_uid;
} }
if (!myconfig->shed_group && myconfig->shed_gid == 0) if (!myconfig->shed_group && myconfig->shed_gid == -1)
{ {
struct group *gr; struct group *gr;
if ((gr = getgrnam(defconfig.shed_group))) if ((gr = getgrnam(defconfig.shed_group)))