Commit 2094770e authored by Robert Ricci's avatar Robert Ricci
Browse files

Fixed up delay_setup to run with taint checking, so that it can be

setuid root. Modified the Makefile so that it gets the setuid bit
when the post-install target is run.
parent ce613288
......@@ -71,6 +71,8 @@ post-install:
chmod u+s $(INSTALL_BINDIR)/ifc_setup
chown root $(INSTALL_LIBTBDIR)/ifc_setup
chmod u+s $(INSTALL_LIBTBDIR)/ifc_setup
chown root $(INSTALL_LIBTBDIR)/delay_setup
chmod u+s $(INSTALL_LIBTBDIR)/delay_setup
clean:
rm -f *.o $(BINS) core
#!/usr/bin/perl -w
#!/usr/bin/perl -wT
my $rsh = "su1 sshtb -q";
my $ssh = "su1 sshtb -q";
my $rcp = "su1 scptb -q";
my $ping = "/sbin/ping";
my $TB = "/usr/testbed/bin";
my $power = "$TB/power";
......@@ -12,6 +9,14 @@ my $net = "fxp";
my $pipe = 1;
my $DBOSID = "FBSD40-STD";
my $rsh = "sshtb -q";
my $ssh = "sshtb -q";
my $rcp = "scptb -q";
# Scrub environment
$ENV{PATH} = "/usr/testbed/bin:/bin:/usr/bin:/usr/local/bin";
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
my %delaynodes = ();
my %delaylinks = ();
my %delayparams = ();
......@@ -30,15 +35,11 @@ if ( $#ARGV < 0) {
}
#
# Must run as root.
# Must run, effectively, as root.
#
open(WHO,"/usr/bin/whoami 2>&1 |");
$_ = <WHO>;
chop;
if ($_ ne $me) {
if ($> != 0) {
die("This won't work unless you run as user $me\n");
}
close(WHO);
#
# Open up the ir file.
......@@ -83,6 +84,19 @@ if ($virtsection == 1) {
my ($node,$pc) = split();
if ($node =~ /^delay/) {
print STDERR "$node $pc\n" if $dbg;
# We can safely untaint these variables
if (!($node =~ /^(\w+\d*)$/)) {
die "Unexpected data in \$node : $node\n";
} else {
$node = $1;
}
if (!($pc =~ /^(\w+\d*)$/)) {
die "Unexpected data in \$pc : $pc\n";
} else {
$pc = $1;
}
$delaynodes{$node} = $pc;
}
}
......@@ -160,6 +174,7 @@ foreach my $link ( keys %delayparams ) {
my $node = $delayparams{$link}[0];
my $pc = $delaynodes{$node};
#
# database goo. We check to make sure the default image is set to
# FreeBSD, and reset it if not.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment