Commit e5d33cca authored by Robert Ricci's avatar Robert Ricci

frisbeelauncher is now setuid root, so that it can write to its log file.

Appropriate enviroment cleaning and taint checking is done, and it drops
root privileges immedeately after opening the logfile, so frisbeed still
runs as the invoking user rather than root.
parent acaff641
......@@ -78,6 +78,8 @@ post-install:
chmod u+s $(INSTALL_SBINDIR)/mkacct
chown root $(INSTALL_SBINDIR)/mkgroup
chmod u+s $(INSTALL_SBINDIR)/mkgroup
chown root $(INSTALL_SBINDIR)/frisbeelauncher
chmod u+s $(INSTALL_SBINDIR)/frisbeelauncher
chown root $(INSTALL_LIBEXECDIR)/rmacct-ctrl
chmod u+s $(INSTALL_LIBEXECDIR)/rmacct-ctrl
chown root $(INSTALL_SBINDIR)/named_setup
......
#!/usr/bin/perl -w
#!/usr/bin/perl -wT
use Getopt::Std;
use POSIX 'setsid'; # For &daemonize
use Sys::Syslog;
......@@ -7,6 +7,12 @@ use Sys::Syslog;
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
#
# Untaint the path
#
$ENV{'PATH'} = "/bin:/usr/bin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Turn off line buffering on output
#
......@@ -29,6 +35,16 @@ if (@ARGV != 1) {
}
$imageid = shift @ARGV;
#
# Untaint the argument.
#
if ($imageid =~ /^([-\@\w\+]+)$/) {
$imageid = $1;
} else {
die("Invalid image '$imageid' contains illegal characters.\n");
}
# Grab the filename to give to frisbee
my $filename = &get_filename($imageid);
......@@ -70,6 +86,13 @@ if (TBBackGround($LOGFILE)) {
exit(0);
}
#
# Drop root permissions, if we have them
#
if ($EUID == 0) {
$EUID = $UID;
}
# Set up a signal handler that will clean up in case we get killed
$SIG{HUP} = $SIG{INT} = $SIG{TERM} = \&cleanup;
# XXX: Any others we should catch?
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment