Mercurial > pkg

changeset 9:a0c0ccd22ca5
progress on setuid wrapper script.
author: Robert McIntyre <rlm@mit.edu>
date: Wed, 09 Jan 2013 04:53:59 +0000
parents: 7b9d471fc1d3
children: bd465da5cd0f
files: .hgignore defaults/Makefile defaults/create-skeleton.sh defaults/hg-wrapper defaults/hg-wrapper.c defaults/hg-wrapper.cpp src/pkg.pl
diffstat: 7 files changed, 69 insertions(+), 17 deletions(-) [+]
[-]

.hgignore 2

defaults/Makefile 5

defaults/create-skeleton.sh 2

defaults/hg-wrapper 0

defaults/hg-wrapper.c 12

defaults/hg-wrapper.cpp 59

src/pkg.pl 6 .hgignore 2 defaults/Makefile 5 defaults/create-skeleton.sh 2 defaults/hg-wrapper 0 defaults/hg-wrapper.c 12 defaults/hg-wrapper.cpp 59 src/pkg.pl 6
.hgignore 2
defaults/Makefile 5
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/.hgignore	Wed Jan 09 04:53:59 2013 +0000
     1.3 @@ -0,0 +1,2 @@
     1.4 +syntax:glob
     1.5 +./defaults/hg-wrapper
     1.6 \ No newline at end of file

     2.1 --- a/defaults/Makefile	Tue Jan 08 18:13:48 2013 +0000
     2.2 +++ b/defaults/Makefile	Wed Jan 09 04:53:59 2013 +0000
     2.3 @@ -1,2 +1,5 @@
     2.4  all:
     2.5 -	gcc hg-wrapper.c -o hg-wrapper
     2.6 +	g++ -I/usr/include hg-wrapper.cpp -o hg-wrapper
     2.7 +	chmod +s hg-wrapper
     2.8 +clean:
     2.9 +	rm hg-wrapper

     3.1 --- a/defaults/create-skeleton.sh	Tue Jan 08 18:13:48 2013 +0000
     3.2 +++ b/defaults/create-skeleton.sh	Wed Jan 09 04:53:59 2013 +0000
     3.3 @@ -1,4 +1,4 @@
     3.4  mkdir -pv /pkg/defaults
     3.5 -ln -sfv $(pwd)ls/profile /pkg/defaults/.profile
     3.6 +ln -sfv $(pwd)/profile  /pkg/defaults/.profile
     3.7  ln -sfv $(pwd)/hg-wrapper /pkg/defaults/.hg-wrapper
     3.8  

     5.1 --- a/defaults/hg-wrapper.c	Tue Jan 08 18:13:48 2013 +0000
     5.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     5.3 @@ -1,12 +0,0 @@
     5.4 -#include <unistd.h>
     5.5 -#include <errno.h>
     5.6 -
     5.7 -main( int argc, char ** argv, char ** envp )
     5.8 -{
     5.9 -              if( setgid(getegid()) ) perror( "setgid" );
    5.10 -              if( setuid(geteuid()) ) perror( "setuid" );
    5.11 -              envp = 0; /* blocks IFS attack on non-bash shells */
    5.12 -              system( "/usr/bin/hg", argv, envp );
    5.13 -              perror( argv[0] );
    5.14 -              return errno;
    5.15 -}

     6.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     6.2 +++ b/defaults/hg-wrapper.cpp	Wed Jan 09 04:53:59 2013 +0000
     6.3 @@ -0,0 +1,59 @@
     6.4 +#include <stdio.h>
     6.5 +//#include <stdlib.h>
     6.6 +#include <cstdlib>
     6.7 +#include <iostream>
     6.8 +#include <vector>
     6.9 +#include <string>
    6.10 +
    6.11 +#include <algorithm>
    6.12 +
    6.13 +#include <unistd.h>
    6.14 +//#include <numeric>
    6.15 +
    6.16 +
    6.17 +#include <boost/algorithm/string/join.hpp>
    6.18 +
    6.19 +// void print_element(std::string x){
    6.20 +//   std::cout << x << std::endl;
    6.21 +// }
    6.22 +
    6.23 +
    6.24 +main( int argc, char ** argv){
    6.25 +
    6.26 +  // remove first element of argv, the program's name
    6.27 +  std::vector<std::string> input(argv, argv+argc);
    6.28 +  
    6.29 +
    6.30 +  //std::cout << input.size() << std::endl;
    6.31 +  
    6.32 +  input[0] = std::string("hg");
    6.33 +  
    6.34 +  //input.insert(input.begin(),std::string("hg"));
    6.35 +  
    6.36 +  //std::cout << input.size() << std::endl;
    6.37 +
    6.38 +  // for(unsigned i = 0; i < input.size(); i++){
    6.39 +  //   std::cout << input[i] << std::endl;
    6.40 +    
    6.41 +  // }
    6.42 +
    6.43 +  //for_each(input.begin(),input.end(), print_element);
    6.44 + 
    6.45 +
    6.46 +  // std::string command = 
    6.47 +  //   accumulate(input.begin(), input.end(), std::string(" "));
    6.48 +  
    6.49 +  std::string command = boost::algorithm::join(input, " ");
    6.50 +
    6.51 +
    6.52 +  //.c_str();
    6.53 +
    6.54 +  //std::cout << command << std::endl;
    6.55 +
    6.56 +  setreuid( geteuid(),  geteuid() );
    6.57 +  //envp = 0; /* blocks IFS attack on non-bash shells */
    6.58 +  //system( "/usr/bin/hg", argv, envp );
    6.59 +  return system(command.c_str());
    6.60 +  //perror( argv[0] );
    6.61 +  //return errno;
    6.62 +}

     7.1 --- a/src/pkg.pl	Tue Jan 08 18:13:48 2013 +0000
     7.2 +++ b/src/pkg.pl	Wed Jan 09 04:53:59 2013 +0000
     7.3 @@ -69,7 +69,7 @@
     7.4  
     7.5  @pkg_create_home_cmd = 
     7.6    ("install", "-d", "-g", $pkg_name, "-o", $pkg_name, 
     7.7 -   "-m", "700", $pkg_home);
     7.8 +   "-m", "755", $pkg_home);
     7.9  
    7.10  @pkg_add_install_cmd = 
    7.11    ("gpasswd", "--add", $pkg_name, "install");
    7.12 @@ -82,8 +82,8 @@
    7.13     "/pkg/defaults/.profile", "$pkg_home/.profile");
    7.14  
    7.15  @pkg_copy_hg_wrapper_cmd =
    7.16 -  (install, "-g", "hg-commit", "-o", "hg-commit",
    7.17 -   "-m", "4711", "/pkg/defaults/.hg-wrapper", $pkg_home);
    7.18 +  (install, "-g", "users", "-o", "r",
    7.19 +   "-m", "4777", "/pkg/defaults/.hg-wrapper", $pkg_home);
    7.20  
    7.21  #determine if the user already exists:
    7.22  `id $pkg_name 2>/dev/null`;