Group :: Networking/Remote access
RPM: telnet
Navigation
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: telnet-3.0-owl-drop-root.patch
Download
Download
diff -ur telnet-3.0-owl-no-mini_inetd/libexec/telnetd/ext.h telnet-3.0-owl-drop-root/libexec/telnetd/ext.h
--- telnet-3.0-owl-no-mini_inetd/libexec/telnetd/ext.h Wed Nov 21 05:29:38 2001
+++ telnet-3.0-owl-drop-root/libexec/telnetd/ext.h Sun Nov 25 04:47:24 2001
@@ -122,8 +122,8 @@
void startslave (const char *host, const char *, int autologin, char *autoname);
void my_telnet (int f, int p, const char *, const char *, int, char *);
#else
-void startslave (const char *host, int autologin, char *autoname);
-void my_telnet (int f, int p, const char *, int, char *);
+void startslave (const char *host, int channel[2]);
+void my_telnet (int f, int p, const char *, int, char *, FILE *);
#endif
void init_env (void);
void start_login (const char *host, int autologin, char *name);
diff -ur telnet-3.0-owl-no-mini_inetd/libexec/telnetd/state.c telnet-3.0-owl-drop-root/libexec/telnetd/state.c
--- telnet-3.0-owl-no-mini_inetd/libexec/telnetd/state.c Sun Nov 25 04:20:14 2001
+++ telnet-3.0-owl-drop-root/libexec/telnetd/state.c Sun Nov 25 04:47:24 2001
@@ -920,7 +920,7 @@
};
/* This list comes from Linux NetKit telnetd, version 0.17 */
-static char *goodenv_table[] = {+char *goodenv_table[] = {"TERM",
"DISPLAY",
"USER",
@@ -930,7 +930,7 @@
};
/* check that variable is safe to pass to login or shell */
-static int
+int
envvarok(varp, valp)
char *varp, *valp;
{diff -ur telnet-3.0-owl-no-mini_inetd/libexec/telnetd/sys_term.c telnet-3.0-owl-drop-root/libexec/telnetd/sys_term.c
--- telnet-3.0-owl-no-mini_inetd/libexec/telnetd/sys_term.c Sun Nov 25 04:43:43 2001
+++ telnet-3.0-owl-drop-root/libexec/telnetd/sys_term.c Sun Nov 25 04:49:01 2001
@@ -1115,6 +1115,42 @@
}
#endif
+static int
+fgets0(char *s, int size, FILE *f)
+{+ int i, c, trunc;
+
+ i = 0;
+ trunc = 0;
+ while ((c = getc(f)) != EOF && c)
+ if (i < size - 1)
+ s[i++] = c;
+ else
+ trunc = 1;
+ s[i] = 0;
+
+ if (c == EOF)
+ fatal(-1, "fgets0: Unexpected EOF");
+
+ return trunc;
+}
+
+extern char *goodenv_table[];
+extern int envvarok(char *varp, char *valp);
+
+static void
+fgetenv(FILE *f)
+{+ char **name, value[0x100];
+
+ for (name = goodenv_table; *name; name++) {+ if (fgets0(value, sizeof(value), f) || !value[0])
+ continue;
+ if (envvarok(*name, value))
+ setenv(*name, value, 1);
+ }
+}
+
/*
* startslave(host)
*
@@ -1124,15 +1160,19 @@
/* ARGSUSED */
void
-startslave(const char *host,
-#ifdef PARENT_DOES_UTMP
- const char *utmp_host,
-#endif
- int autologin, char *autoname)
+startslave(const char *host, int channel[2])
{int i;
+ int autologin;
+ char autoname[9];
+ FILE *masterf;
+
+ autologin = -1; /* shouldn't be used */
+ autoname[0] = 0;
#ifdef AUTHENTICATION
+ autologin = AUTH_REJECT;
+
if (!autoname || !autoname[0])
autologin = 0;
@@ -1185,6 +1225,27 @@
utmp_sig_notify(pid);
# endif /* PARENT_DOES_UTMP */
} else {+ close(channel[1]);
+
+ masterf = fdopen(channel[0], "r");
+ if (!masterf)
+ fatalperror(-1, "fdopen");
+
+#ifdef AUTHENTICATION
+ if (fread(&autologin, sizeof(autologin), 1, masterf) != 1)
+ fatalperror(-1, "fread");
+
+ if (fgets0(autoname, sizeof(autoname), masterf)) {+ /* Truncation of a username isn't safe */
+ autologin = AUTH_REJECT;
+ autoname[0] = 0;
+ }
+#endif
+
+ fgetenv(masterf);
+
+ fclose(masterf);
+
getptyslave();
#if defined(DCE)
/* if we authenticated via K5, try and join the PAG */
diff -ur telnet-3.0-owl-no-mini_inetd/libexec/telnetd/telnetd.c telnet-3.0-owl-drop-root/libexec/telnetd/telnetd.c
--- telnet-3.0-owl-no-mini_inetd/libexec/telnetd/telnetd.c Sun Nov 25 04:46:07 2001
+++ telnet-3.0-owl-drop-root/libexec/telnetd/telnetd.c Sun Nov 25 06:56:20 2001
@@ -37,6 +37,8 @@
#include <fcntl.h>
#include <syslog.h>
#include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
#include <sys/ioctl.h>
#include <sys/param.h> /* for MAXHOSTNAMELEN */
#include <netinet/in.h>
@@ -139,6 +141,8 @@
char *gettytab[2] = { "/etc/gettytab", NULL };#endif
+static int issue_fd;
+
static void usage (void);
/*
@@ -457,7 +461,8 @@
}
#endif /* _SC_CRAY_SECURE_SYS */
- openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);+ tzset();
+ openlog("telnetd", LOG_PID | LOG_NDELAY, LOG_DAEMON);sa_size = sizeof (__ss);
if (getpeername(STDIN_FILENO, sa, &sa_size) < 0) {fprintf(stderr, "%s: ", progname);
@@ -734,6 +739,28 @@
return 1;
}
+static void
+drop_root(void)
+{+ struct passwd *pw;
+
+ pw = getpwnam(TELNETD_USER);
+ if (!pw)
+ fatal(-1, "getpwnam: telnetd: No such user");
+
+ if (chroot(TELNETD_CHROOT))
+ fatalperror(-1, "chroot");
+ if (chdir("/"))+ fatalperror(-1, "chdir");
+
+ if (setgroups(0, NULL))
+ fatalperror(-1, "setgroups");
+ if (setgid(pw->pw_gid))
+ fatalperror(-1, "setgid");
+ if (setuid(pw->pw_uid))
+ fatalperror(-1, "setuid");
+}
+
/*
* Get a pty, scan input lines.
*/
@@ -744,6 +771,8 @@
int ptynum;
char user_name[256];
int error;
+ int channel[2];
+ FILE *slavef;
/*
* Find an available pty to use.
@@ -817,6 +846,21 @@
#endif
init_env();
+
+ if (pipe(channel))
+ fatalperror(-1, "pipe");
+
+ startslave(remote_host_name, channel);
+ close(channel[0]);
+
+ issue_fd = open("/etc/issue.net", O_RDONLY);+
+ drop_root();
+
+ slavef = fdopen(channel[1], "w");
+ if (!slavef)
+ fatalperror(-1, "fdopen");
+
/*
* get terminal type.
*/
@@ -838,7 +882,7 @@
#ifdef PARENT_DOES_UTMP
remote_utmp_name,
#endif
- level, user_name);
+ level, user_name, slavef);
/*NOTREACHED*/
} /* end of doit */
@@ -850,7 +894,10 @@
char buf[128];
char *p;
- f = fopen("/etc/issue.net", "r");+ if (issue_fd < 0)
+ return;
+
+ f = fdopen(issue_fd, "r");
if (f) { while (fgets(buf, sizeof(buf) - 1, f)) {p = strchr(buf, '\n');
@@ -859,6 +906,21 @@
writenet((unsigned char *)buf, strlen(buf));
}
fclose(f);
+ } else
+ close(issue_fd);
+}
+
+extern char *goodenv_table[];
+
+static void
+fputenv(FILE *f)
+{+ char **name, *value;
+
+ for (name = goodenv_table; *name; name++) {+ value = getenv(*name) ?: "";
+ if (fwrite(value, strlen(value) + 1, 1, f) != 1)
+ fatalperror(-1, "fwrite");
}
}
@@ -871,7 +933,8 @@
#ifdef PARENT_DOES_UTMP
const char *utmp_host,
#endif
- int level, char *autoname)
+ int level, char *autoname,
+ FILE *slavef)
{int on = 1;
#ifdef HAVE_CGETENT
@@ -880,8 +943,6 @@
char *buf;
#endif
int nfd;
- int startslave_called = 0;
- time_t timeout;
/*
* Initialize the slc mapping table.
@@ -1068,23 +1129,21 @@
output_data("td: Entering processing loop\r\n");});
+#ifdef AUTHENTICATION
+ if (fwrite(&level, sizeof(level), 1, slavef) != 1 ||
+ fwrite(autoname, strlen(autoname) + 1, 1, slavef) != 1)
+ fatalperror(-1, "fwrite");
+#endif
+
+ fputenv(slavef);
+
+ fclose(slavef);
+
nfd = ((f > p) ? f : p) + 1;
- timeout = time(NULL) + 5;
for (;;) {fd_set ibits, obits, xbits;
int c;
-
- /* wait for encryption to be turned on, but don't wait
- indefinitely */
- if(!startslave_called && (!encrypt_delay() || timeout > time(NULL))){- startslave_called = 1;
-#ifdef PARENT_DOES_UTMP
- startslave(host, utmp_host, level, autoname);
-#else
- startslave(host, level, autoname);
-#endif
- }
if (ncc < 0 && pcc < 0)
break;
diff -ur telnet-3.0-owl-no-mini_inetd/libexec/telnetd/telnetd.h telnet-3.0-owl-drop-root/libexec/telnetd/telnetd.h
--- telnet-3.0-owl-no-mini_inetd/libexec/telnetd/telnetd.h Sun Nov 25 04:46:07 2001
+++ telnet-3.0-owl-drop-root/libexec/telnetd/telnetd.h Sun Nov 25 04:47:24 2001
@@ -58,8 +58,15 @@
#define HAVE_OPENPTY
#define HAVE_LOGWTMP
+#define TELNETD_USER "telnetd"
+#define TELNETD_CHROOT "/var/empty"
+
#if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H))
# define PARENT_DOES_UTMP
+#endif
+
+#ifdef PARENT_DOES_UTMP
+#error PARENT_DOES_UTMP would require root privileges to work
#endif
#ifdef HAVE_SYS_TYPES_H