Reincarnate SETUID code in man(1), not compiled in by default.

The code will be fixed for all known security vulnerabilities,
and a make.conf(5) knob (ENABLE_SUID_MAN) will be provided for
those who still want it installed setuid for whatever reasons.
This commit is contained in:
Ruslan Ermilov 2002-01-22 15:15:38 +00:00
parent 93dee74a5d
commit 322628519e
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=89653
5 changed files with 60 additions and 14 deletions

View File

@ -40,6 +40,7 @@
libexec
..
man
/set uname=man
cat1
..
cat2
@ -62,7 +63,7 @@
..
catn
..
de.ISO8859-1
de.ISO8859-1 uname=root
cat1
..
cat2
@ -85,6 +86,7 @@
..
catn
..
/set uname=root
man1
..
man2
@ -109,6 +111,7 @@
..
..
en.ISO8859-1
/set uname=man
cat1
..
cat1aout
@ -142,7 +145,7 @@
catn
..
..
ja
ja uname=root
cat1
..
cat2
@ -165,6 +168,7 @@
..
catn
..
/set uname=root
man1
..
man2

View File

@ -645,6 +645,7 @@
..
..
man
/set uname=man
cat1
..
cat1aout
@ -677,7 +678,7 @@
..
catn
..
en.ISO8859-1
en.ISO8859-1 uname=root
cat1
..
cat1aout
@ -711,7 +712,7 @@
catn
..
..
ja
ja uname=root
cat1
..
cat2
@ -732,6 +733,7 @@
..
catn
..
/set uname=root
man1
..
man2
@ -968,7 +970,7 @@
..
perl
man
cat3
cat3 uname=man
..
man3
..

View File

@ -314,6 +314,7 @@
libexec
..
man
/set uname=man
cat1
..
cat2
@ -336,7 +337,7 @@
..
catn
..
ja
ja uname=root
cat1
..
cat2
@ -359,6 +360,7 @@
..
catn
..
/set uname=root
man1
..
man2

View File

@ -196,6 +196,7 @@
libexec
..
man
/set uname=man
cat1
..
cat2
@ -218,7 +219,7 @@
..
catn
..
ja
ja uname=root
cat1
..
cat2
@ -241,6 +242,7 @@
..
catn
..
/set uname=root
man1
..
man2

View File

@ -45,11 +45,6 @@
#endif
#endif
#ifdef SECURE_MAN_UID
extern uid_t getuid ();
extern int setuid ();
#endif
#ifdef STDC_HEADERS
#include <stdlib.h>
#else
@ -121,6 +116,11 @@ static char args[] = "M:P:S:adfhkm:p:w?";
#endif
#endif
#ifdef SETUID
uid_t ruid;
uid_t euid;
#endif
int
main (argc, argv)
int argc;
@ -158,6 +158,12 @@ main (argc, argv)
gripe_no_name (tmp);
}
#ifdef SETUID
ruid = getuid();
euid = geteuid();
seteuid(ruid);
#endif
while (optind < argc)
{
nextarg = argv[optind++];
@ -1107,7 +1113,7 @@ restore_sigs()
* 1 for success and 0 for failure.
*/
int
make_cat_file (path, man_file, cat_file)
make_cat_file (path, man_file, cat_file, manid)
register char *path;
register char *man_file;
register char *cat_file;
@ -1148,16 +1154,29 @@ make_cat_file (path, man_file, cat_file)
if (debug)
fprintf (stderr, "\ntrying command: %s\n", command);
else {
#ifdef SETUID
if (manid)
seteuid(ruid);
#endif
if ((pp = popen(command, "r")) == NULL) {
s = errno;
fprintf(stderr, "Failed.\n");
errno = s;
perror("popen");
#ifdef SETUID
if (manid)
seteuid(euid);
#endif
unlink(temp);
restore_sigs();
fclose(fp);
return 0;
}
#ifdef SETUID
if (manid)
seteuid(euid);
#endif
f = 0;
while ((s = getc(pp)) != EOF) {
@ -1293,7 +1312,24 @@ format_and_display (path, man_file, cat_file)
}
else
{
found = make_cat_file (path, man_file, cat_file);
#ifdef SETUID
seteuid(euid);
found = make_cat_file (path, man_file, cat_file, 1);
seteuid(ruid);
if (!found)
{
/* Try again as real user - see note below.
By running with
effective group (user) ID == real group (user) ID
except for the call above, I believe the problems
of reading private man pages is avoided. */
found = make_cat_file (path, man_file, cat_file, 0);
}
#else
found = make_cat_file (path, man_file, cat_file, 0);
#endif
if (found)
{
/*