Line
Link Here
|
0 |
-- kinit/start_kdeinit.c |
0 |
++ kinit/start_kdeinit.c |
Lines 37-45
Link Here
|
37 |
not have this protection, kdeinit will after forking send the new |
37 |
not have this protection, kdeinit will after forking send the new |
38 |
PID using the pipe and wait for a signal. This parent will reset the protection |
38 |
PID using the pipe and wait for a signal. This parent will reset the protection |
39 |
and SIGUSR1 the process to continue. |
39 |
and SIGUSR1 the process to continue. |
|
|
40 |
returns 1 if pid is valid |
40 |
*/ |
41 |
*/ |
41 |
|
42 |
|
42 |
static void set_protection( pid_t pid, int enable ) |
43 |
static int set_protection( pid_t pid, int enable ) |
43 |
{ |
44 |
{ |
44 |
char buf[ 1024 ]; |
45 |
char buf[ 1024 ]; |
45 |
int procfile; |
46 |
int procfile; |
Lines 49-55
static void set_protection( pid_t pid, i
Link Here
|
49 |
belongs to this user. */ |
50 |
belongs to this user. */ |
50 |
struct stat st; |
51 |
struct stat st; |
51 |
if( lstat( buf, &st ) < 0 || st.st_uid != getuid()) |
52 |
if( lstat( buf, &st ) < 0 || st.st_uid != getuid()) |
52 |
return; |
53 |
return 0; |
53 |
} |
54 |
} |
54 |
procfile = open( buf, O_WRONLY ); |
55 |
procfile = open( buf, O_WRONLY ); |
55 |
if( procfile >= 0 ) { |
56 |
if( procfile >= 0 ) { |
Lines 59-64
static void set_protection( pid_t pid, i
Link Here
|
59 |
write( procfile, "0", sizeof( "0" )); |
60 |
write( procfile, "0", sizeof( "0" )); |
60 |
close( procfile ); |
61 |
close( procfile ); |
61 |
} |
62 |
} |
|
|
63 |
return 1; |
62 |
} |
64 |
} |
63 |
|
65 |
|
64 |
int main(int argc, char **argv) |
66 |
int main(int argc, char **argv) |
Lines 67-80
int main(int argc, char **argv)
Link Here
|
67 |
int new_argc; |
69 |
int new_argc; |
68 |
const char** new_argv; |
70 |
const char** new_argv; |
69 |
char helper_num[ 1024 ]; |
71 |
char helper_num[ 1024 ]; |
70 |
int i; |
72 |
unsigned i; |
71 |
char** orig_environ = NULL; |
73 |
char** orig_environ = NULL; |
72 |
char header[ 7 ]; |
74 |
char header[ 7 ]; |
73 |
if( pipe( pipes ) < 0 ) { |
75 |
if( pipe( pipes ) < 0 ) { |
74 |
perror( "pipe()" ); |
76 |
perror( "pipe()" ); |
75 |
return 1; |
77 |
return 1; |
76 |
} |
78 |
} |
77 |
if( argc > 1000 ) |
79 |
if( argc < 0 || argc > 1000 ) |
78 |
abort(); /* paranoid */ |
80 |
abort(); /* paranoid */ |
79 |
set_protection( getpid(), 1 ); |
81 |
set_protection( getpid(), 1 ); |
80 |
switch( fork()) { |
82 |
switch( fork()) { |
Lines 82-110
int main(int argc, char **argv)
Link Here
|
82 |
perror( "fork()" ); |
84 |
perror( "fork()" ); |
83 |
return 1; |
85 |
return 1; |
84 |
default: /* parent, drop privileges and exec */ |
86 |
default: /* parent, drop privileges and exec */ |
85 |
#if defined (HAVE_SETEUID) && !defined (HAVE_SETEUID_FAKE) |
87 |
if (setgid(getgid())) { |
86 |
seteuid(getuid()); |
88 |
perror("setgid()"); |
87 |
#else |
89 |
return 1; |
88 |
setreuid(-1, getuid()); |
90 |
} |
89 |
#endif |
91 |
if (setuid(getuid()) || geteuid() != getuid()) { |
90 |
if (geteuid() != getuid()) { |
|
|
91 |
perror("setuid()"); |
92 |
perror("setuid()"); |
92 |
return 1; |
93 |
return 1; |
93 |
} |
94 |
} |
94 |
close( pipes[ 0 ] ); |
95 |
close( pipes[ 0 ] ); |
95 |
/* read original environment passed by start_kdeinit_wrapper */ |
96 |
/* read original environment passed by start_kdeinit_wrapper */ |
96 |
if( read( 0, header, 7 ) == 7 && strncmp( header, "environ", 7 ) == 0 ) { |
97 |
if( read( 0, header, 7 ) == 7 && strncmp( header, "environ", 7 ) == 0 ) { |
97 |
int count; |
98 |
unsigned count; |
98 |
if( read( 0, &count, sizeof( int )) == sizeof( int )) { |
99 |
if( read( 0, &count, sizeof( unsigned )) == sizeof( unsigned ) |
|
|
100 |
&& count && count < (1<<16)) { |
99 |
char** env = malloc(( count + 1 ) * sizeof( char* )); |
101 |
char** env = malloc(( count + 1 ) * sizeof( char* )); |
100 |
int ok = 1; |
102 |
int ok = 1; |
101 |
for( i = 0; |
103 |
for( i = 0; |
102 |
i < count && ok; |
104 |
i < count && ok; |
103 |
++i ) { |
105 |
++i ) { |
104 |
int len; |
106 |
unsigned len; |
105 |
if( read( 0, &len, sizeof( int )) == sizeof( int )) { |
107 |
if( read( 0, &len, sizeof( unsigned )) == sizeof( unsigned ) |
|
|
108 |
&& len && len < (1<<12)) { |
106 |
env[ i ] = malloc( len + 1 ); |
109 |
env[ i ] = malloc( len + 1 ); |
107 |
if( read( 0, env[ i ], len ) == len ) { |
110 |
if( (unsigned) read( 0, env[ i ], len ) == len ) { |
108 |
env[ i ][ len ] = '\0'; |
111 |
env[ i ][ len ] = '\0'; |
109 |
} else { |
112 |
} else { |
110 |
ok = 0; |
113 |
ok = 0; |
Lines 128-134
int main(int argc, char **argv)
Link Here
|
128 |
sprintf( helper_num, "%d", pipes[ 1 ] ); |
131 |
sprintf( helper_num, "%d", pipes[ 1 ] ); |
129 |
new_argv[ 2 ] = helper_num; |
132 |
new_argv[ 2 ] = helper_num; |
130 |
for( i = 1; |
133 |
for( i = 1; |
131 |
i <= argc; |
134 |
i <= (unsigned) argc; |
132 |
++i ) |
135 |
++i ) |
133 |
new_argv[ i + 2 ] = argv[ i ]; |
136 |
new_argv[ i + 2 ] = argv[ i ]; |
134 |
if( orig_environ ) |
137 |
if( orig_environ ) |
Lines 145-154
int main(int argc, char **argv)
Link Here
|
145 |
if( ret < 0 && errno == EINTR ) |
148 |
if( ret < 0 && errno == EINTR ) |
146 |
continue; |
149 |
continue; |
147 |
if( ret <= 0 ) /* pipe closed or error, exit */ |
150 |
if( ret <= 0 ) /* pipe closed or error, exit */ |
148 |
return 0; |
151 |
_exit(0); |
149 |
if( pid != 0 ) { |
152 |
if( pid != 0 ) { |
150 |
set_protection( pid, 0 ); |
153 |
if (set_protection( pid, 0 )) |
151 |
kill( pid, SIGUSR1 ); |
154 |
kill( pid, SIGUSR1 ); |
152 |
} |
155 |
} |
153 |
} |
156 |
} |
154 |
} |
157 |
} |