Commit c30f3d9d authored by Mike Hibler's avatar Mike Hibler

A little more scrutiny of the target directory in runsuid.

Also, get rid of message about "you must run post-install".
parent 413b3b7c
......@@ -51,11 +51,9 @@ genlastlog: genlastlog.c
install: $(addprefix $(INSTALL_LIBEXECDIR)/, $(BINS)) \
$(addprefix $(INSTALL_SBINDIR)/, $(SBINS))
@echo "Don't forget to do a post-install as root"
post-install:
chown root $(INSTALL_LIBEXECDIR)/suexec
chmod u+s $(INSTALL_LIBEXECDIR)/suexec
@echo "post-install no longer required"
#
# Control node installation (okay, plastic)
......
......@@ -48,17 +48,29 @@ static void
sanedir(char *dir)
{
struct stat sb;
char *rpath;
if (stat(dir, &sb) != 0) {
if ((rpath = realpath(dir, NULL)) == NULL) {
perror(dir);
exit(1);
}
if (strncmp(rpath, TBROOT, strlen(TBROOT)) != 0) {
fprintf(stderr, "%s: must be in %s\n", dir, TBROOT);
exit(1);
}
if (stat(rpath, &sb) != 0) {
perror(dir);
exit(1);
}
if (sb.st_uid != 0 ||
!S_ISDIR(sb.st_mode) || (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
fprintf(stderr, "%s: must be root-owned, unwritable dir\n",
SUIDDIR);
dir);
exit(1);
}
free(rpath);
}
static char **
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment