annotate src/system-init.pl @ 20:c75924bd38e3

fix security hole relating to path for package user.
author Robert McIntyre <rlm@mit.edu>
date Thu, 10 Jan 2013 04:25:17 +0000
parents 4fbe69d24a9c
children d46aeb3166d0
rev   line source
rlm@17 1 #!/usr/bin/env perl
rlm@17 2
rlm@19 3 use Cwd;
rlm@17 4
rlm@17 5 sub create_install_dir{
rlm@17 6 @install_cmd =
rlm@17 7 ("install", "-d", "-m",
rlm@17 8 "775", "-o", "root", "-g",
rlm@17 9 "install", $_[0]);
rlm@17 10 print "@install_cmd\n";
rlm@17 11 system(@install_cmd) and die $!;}
rlm@17 12
rlm@17 13 @install_dirs = qw(
rlm@17 14 /usr/bin
rlm@17 15 /usr/sbin
rlm@17 16 /usr/include
rlm@17 17 /usr/lib
rlm@17 18 /usr/man/man1
rlm@17 19 /usr/man/man2
rlm@17 20 /usr/man/man3
rlm@17 21 /usr/man/man4
rlm@17 22 /usr/man/man5
rlm@17 23 /usr/man/man6
rlm@17 24 /usr/man/man7
rlm@17 25 /usr/man/man8
rlm@17 26 /usr/doc
rlm@17 27 /usr/info
rlm@17 28 /usr/local/man/man1
rlm@17 29 /usr/local/man/man2
rlm@17 30 /usr/local/man/man3
rlm@17 31 /usr/local/man/man4
rlm@17 32 /usr/local/man/man5
rlm@17 33 /usr/local/man/man6
rlm@17 34 /usr/local/man/man7
rlm@17 35 /usr/local/man/man8
rlm@17 36 /usr/local/doc
rlm@17 37 /usr/local/info
rlm@17 38 /usr/share
rlm@17 39 /usr/share/dict
rlm@17 40 /usr/share/doc
rlm@17 41 /usr/share/info
rlm@17 42 /usr/share/locale
rlm@17 43 /usr/share/man/man1
rlm@17 44 /usr/share/man/man2
rlm@17 45 /usr/share/man/man3
rlm@17 46 /usr/share/man/man4
rlm@17 47 /usr/share/man/man5
rlm@17 48 /usr/share/man/man6
rlm@17 49 /usr/share/man/man7
rlm@17 50 /usr/share/man/man8
rlm@17 51 /usr/share/nls
rlm@17 52 /usr/share/misc
rlm@17 53 /usr/share/terminfo
rlm@17 54 /usr/share/zoneinfo
rlm@17 55 /usr/share/i18n
rlm@17 56 /usr/share/aclocal
rlm@17 57 /usr/local/bin
rlm@17 58 /usr/local/etc
rlm@17 59 /usr/local/include
rlm@17 60 /usr/local/lib
rlm@17 61 /usr/local/sbin
rlm@17 62 /usr/local/share
rlm@17 63 /usr/local/share/dict
rlm@17 64 /usr/local/share/doc
rlm@17 65 /usr/local/share/info
rlm@17 66 /usr/local/share/locale
rlm@17 67 /usr/local/share/man/man1
rlm@17 68 /usr/local/share/man/man2
rlm@17 69 /usr/local/share/man/man3
rlm@17 70 /usr/local/share/man/man4
rlm@17 71 /usr/local/share/man/man5
rlm@17 72 /usr/local/share/man/man6
rlm@17 73 /usr/local/share/man/man7
rlm@17 74 /usr/local/share/man/man8
rlm@17 75 /usr/local/share/nls
rlm@17 76 /usr/local/share/misc
rlm@17 77 /usr/local/share/terminfo
rlm@17 78 /usr/local/share/zoneinfo
rlm@17 79 /opt
rlm@17 80 /opt/doc
rlm@17 81 /opt/info
rlm@17 82 /opt/bin
rlm@17 83 /opt/include
rlm@17 84 /opt/lib
rlm@17 85 /opt/man/man1
rlm@17 86 /opt/man/man2
rlm@17 87 /opt/man/man3
rlm@17 88 /opt/man/man4
rlm@17 89 /opt/man/man5
rlm@17 90 /opt/man/man6
rlm@17 91 /opt/man/man7
rlm@17 92 /opt/man/man8
rlm@17 93 /var/lib
rlm@17 94 /var/opt
rlm@17 95 /etc
rlm@17 96 /etc/opt
rlm@17 97 /sbin
rlm@17 98 /bin
rlm@17 99 /lib);
rlm@17 100
rlm@19 101
rlm@19 102 sub execute{
rlm@19 103 print "\t$_[0]\n";
rlm@19 104 `$_[0]`;
rlm@19 105 if ($?){die $!;}
rlm@19 106 }
rlm@19 107
rlm@19 108 execute("groupadd --force install");
rlm@19 109
rlm@17 110 foreach $install_dir(@install_dirs){
rlm@17 111 create_install_dir($install_dir);}
rlm@17 112
rlm@19 113
rlm@19 114 execute("find /.hg -type d -print0 | xargs -0 -L 1 -t chmod 770");
rlm@19 115 execute("find /.hg -type f -print0 | xargs -0 -L 1 -t chmod 660");
rlm@19 116
rlm@19 117
rlm@19 118 execute("groupadd --force hg-committer");
rlm@19 119 execute("groupadd --force hg-wheel");
rlm@19 120
rlm@19 121 if (!`id hg-committer`){
rlm@19 122 execute("useradd -c hg-committer -d /pkg/hg-committer -g hg-committer -s /bin/bash hg-committer");
rlm@19 123 }
rlm@19 124
rlm@19 125 execute("chown -Rv hg-committer:hg-wheel /.hg");
rlm@19 126
rlm@19 127 $pwd = getcwd;
rlm@19 128 execute("gpasswd --add hg-committer hg-wheel");
rlm@20 129 execute("ln -sf $pwd/profile /pkg/hg-committer/.profile");
rlm@20 130 execute("ln -sf $pwd/hg-wrapper /pkg/hg-committer/");
rlm@20 131 execute("ln -sf `which hg` /pkg/hg-committer/");
rlm@19 132
rlm@19 133
rlm@19 134
rlm@20 135