FCL/sf/adapt/qemu: comparison symbian-qemu-0.9.1-12/python-2.6.1/Misc/setuid-prog.c

equal deleted inserted replaced

-:ffa851df0825
+:2fb8b9db1c86
+/*
+Template for a setuid program that calls a script.
+The script should be in an unwritable directory and should itself
+be unwritable.  In fact all parent directories up to the root
+should be unwritable.  The script must not be setuid, that's what
+this program is for.
+This is a template program.  You need to fill in the name of the
+script that must be executed.  This is done by changing the
+definition of FULL_PATH below.
+There are also some rules that should be adhered to when writing
+the script itself.
+The first and most important rule is to never, ever trust that the
+user of the program will behave properly.  Program defensively.
+Check your arguments for reasonableness.  If the user is allowed to
+create files, check the names of the files.  If the program depends
+on argv[0] for the action it should perform, check it.
+Assuming the script is a Bourne shell script, the first line of the
+script should be
+	#!/bin/sh -
+The - is important, don't omit it.  If you're using esh, the first
+line should be
+	#!/usr/local/bin/esh -f
+and for ksh, the first line should be
+	#!/usr/local/bin/ksh -p
+The script should then set the variable IFS to the string
+consisting of <space>, <tab>, and <newline>.  After this (*not*
+before!), the PATH variable should be set to a reasonable value and
+exported.  Do not expect the PATH to have a reasonable value, so do
+not trust the old value of PATH.  You should then set the umask of
+the program by calling
+	umask 077 # or 022 if you want the files to be readable
+If you plan to change directories, you should either unset CDPATH
+or set it to a good value.  Setting CDPATH to just ``.'' (dot) is a
+good idea.
+If, for some reason, you want to use csh, the first line should be
+	#!/bin/csh -fb
+You should then set the path variable to something reasonable,
+without trusting the inherited path.  Here too, you should set the
+umask using the command
+	umask 077 # or 022 if you want the files to be readable
+*/
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <string.h>
+/* CONFIGURATION SECTION */
+#ifndef FULL_PATH	/* so that this can be specified from the Makefile */
+/* Uncomment the following line:
+#define FULL_PATH	"/full/path/of/script"
+* Then comment out the #error line. */
+#error "You must define FULL_PATH somewhere"
+#endif
+#ifndef UMASK
+#define UMASK		077
+#endif
+/* END OF CONFIGURATION SECTION */
+#if defined(__STDC__) && defined(__sgi)
+#define environ _environ
+#endif
+/* don't change def_IFS */
+char def_IFS[] = "IFS= \t\n";
+/* you may want to change def_PATH, but you should really change it in */
+/* your script */
+#ifdef __sgi
+char def_PATH[] = "PATH=/usr/bsd:/usr/bin:/bin:/usr/local/bin:/usr/sbin";
+#else
+char def_PATH[] = "PATH=/usr/ucb:/usr/bin:/bin:/usr/local/bin";
+#endif
+/* don't change def_CDPATH */
+char def_CDPATH[] = "CDPATH=.";
+/* don't change def_ENV */
+char def_ENV[] = "ENV=:";
+/*
+This function changes all environment variables that start with LD_
+into variables that start with XD_.  This is important since we
+don't want the script that is executed to use any funny shared
+libraries.
+The other changes to the environment are, strictly speaking, not
+needed here.  They can safely be done in the script.  They are done
+here because we don't trust the script writer (just like the script
+writer shouldn't trust the user of the script).
+If IFS is set in the environment, set it to space,tab,newline.
+If CDPATH is set in the environment, set it to ``.''.
+Set PATH to a reasonable default.
+*/
+void
+clean_environ(void)
+{
+	char **p;
+	extern char **environ;
+	for (p = environ; *p; p++) {
+		if (strncmp(*p, "LD_", 3) == 0)
+			**p = 'X';
+		else if (strncmp(*p, "_RLD", 4) == 0)
+			**p = 'X';
+		else if (strncmp(*p, "PYTHON", 6) == 0)
+			**p = 'X';
+		else if (strncmp(*p, "IFS=", 4) == 0)
+			*p = def_IFS;
+		else if (strncmp(*p, "CDPATH=", 7) == 0)
+			*p = def_CDPATH;
+		else if (strncmp(*p, "ENV=", 4) == 0)
+			*p = def_ENV;
+	}
+	putenv(def_PATH);
+}
+int
+main(int argc, char **argv)
+{
+	struct stat statb;
+	gid_t egid = getegid();
+	uid_t euid = geteuid();
+	/*
+	   Sanity check #1.
+	   This check should be made compile-time, but that's not possible.
+	   If you're sure that you specified a full path name for FULL_PATH,
+	   you can omit this check.
+	*/
+	if (FULL_PATH[0] != '/') {
+		fprintf(stderr, "%s: %s is not a full path name\n", argv[0],
+			FULL_PATH);
+		fprintf(stderr, "You can only use this wrapper if you\n");
+		fprintf(stderr, "compile it with an absolute path.\n");
+		exit(1);
+	}
+	/*
+	   Sanity check #2.
+	   Check that the owner of the script is equal to either the
+	   effective uid or the super user.
+	*/
+	if (stat(FULL_PATH, &statb) < 0) {
+		perror("stat");
+		exit(1);
+	}
+	if (statb.st_uid != 0 && statb.st_uid != euid) {
+		fprintf(stderr, "%s: %s has the wrong owner\n", argv[0],
+			FULL_PATH);
+		fprintf(stderr, "The script should be owned by root,\n");
+		fprintf(stderr, "and shouldn't be writeable by anyone.\n");
+		exit(1);
+	}
+	if (setregid(egid, egid) < 0)
+		perror("setregid");
+	if (setreuid(euid, euid) < 0)
+		perror("setreuid");
+	clean_environ();
+	umask(UMASK);
+	while (**argv == '-')	/* don't let argv[0] start with '-' */
+		(*argv)++;
+	execv(FULL_PATH, argv);
+	fprintf(stderr, "%s: could not execute the script\n", argv[0]);
+	exit(1);
+}