Репозитории ALT
Группа :: Работа с файлами
Пакет: stmpclean
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: stmpclean-0.3-alt-nonroot.patch
Скачать
Скачать
diff -uprk.orig stmpclean-0.3.orig/FAQ stmpclean-0.3/FAQ
--- stmpclean-0.3.orig/FAQ 2000-10-17 21:53:58 +0400
+++ stmpclean-0.3/FAQ 2003-10-26 17:13:52 +0300
@@ -10,8 +10,7 @@ $Id: FAQ,v 1.3 2000/10/17 17:53:58 shalu
> stmpclean[24030]: RACE?: unlink("tcal") in /var/spool/mail:
> Permission denied, exiting
-Stmpclean has not been designed to be run over mail spools or home
-directories!
+Stmpclean has not been designed to be run over mail spools!
You should *not* run stmpclean on /var/spool/mail. You are risking
deleting precious mail files. You're going to delete *all* mail in
diff -uprk.orig stmpclean-0.3.orig/Makefile stmpclean-0.3/Makefile
--- stmpclean-0.3.orig/Makefile 2003-10-26 17:13:06 +0300
+++ stmpclean-0.3/Makefile 2003-10-26 17:15:44 +0300
@@ -4,8 +4,8 @@
CC = gcc
LD = gcc
-CFLAGS = -O2 -fomit-frame-pointer -Wall -W -pedantic
-LDFLAGS = -s
+CFLAGS = $(RPM_OPT_FLAGS) -W -Werror -D_FILE_OFFSET_BITS=64
+LDFLAGS =
DESTDIR =
PREFIX = /usr/local
@@ -16,9 +16,9 @@ all: stmpclean stmpclean.0
install: stmpclean
mkdir -p -m 755 $(DESTDIR)$(SBINDIR) $(DESTDIR)$(MANDIR)/man8
- install -m 700 stmpclean $(DESTDIR)$(SBINDIR)/
+ install -m 755 stmpclean $(DESTDIR)$(SBINDIR)/
ln -s stmpclean $(DESTDIR)$(SBINDIR)/tmpwatch
- install -m 644 stmpclean.8 tmpwatch.8 $(DESTDIR)$(MANDIR)/man8/
+ install -p -m 644 stmpclean.8 tmpwatch.8 $(DESTDIR)$(MANDIR)/man8/
stmpclean.o: stmpclean.c
$(CC) $(CFLAGS) -c stmpclean.c
diff -uprk.orig stmpclean-0.3.orig/stmpclean.c stmpclean-0.3/stmpclean.c
--- stmpclean-0.3.orig/stmpclean.c 2003-10-26 17:13:06 +0300
+++ stmpclean-0.3/stmpclean.c 2003-10-26 17:13:23 +0300
@@ -82,6 +82,9 @@ static const char rcsid[] =
#define GETCWD {if (getcwd(cwd, sizeof(cwd)) == NULL) \
strcpy(cwd, "/FULL/PATH/TOO/LONG");}
+/* Start uid/gid values. */
+static gid_t start_gid = -1;
+static uid_t start_uid = -1;
/* Are we emulating tmpwatch? */
static int am_tmpwatch;
/* Time at the start of the program, in seconds since beginning of epoch. */
@@ -182,29 +185,37 @@ parse_time(timespec)
}
/* Set euid to UID, egid to GID. Exit unsuccessfully on error. */
-void
-setecreds(uid, gid)
- uid_t uid;
- gid_t gid;
+static void
+setecreds(uid_t uid, id_t gid, const char *dname, const char *fname)
{
- gid_t groups[2];
+ if (start_uid == 0 && setegid(gid)) {
+ syslog(LOG_ERR,
+ "processing \"%s/%s\": cannot set EGID to %u: %m, exiting",
+ dname, fname, gid);
+ exit(1);
+ }
+ if (seteuid(uid)) {
+ syslog(LOG_ERR,
+ "processing \"%s/%s\": cannot set EUID to %u: %m, exiting",
+ dname, fname, uid);
+ exit(1);
+ }
+}
- groups[0] = groups[1] = gid;
- if (geteuid()) {
- if (seteuid(uid) || setegid(gid) ||
- (uid == 0 && setgroups(1, groups))) {
- syslog(LOG_ERR, "cannot set EUID/EGID to %d/%d, exiting",
- uid, gid);
- exit(1);
- }
- } else {
- if (setgroups(1, groups) || setegid(gid) || seteuid(uid)) {
- syslog(LOG_ERR, "cannot set EUID/EGID to %d/%d, exiting",
- uid, gid);
- exit(1);
- }
+/* Set euid/egid to start values. Exit unsuccessfully on error. */
+static void
+recover_creds(void)
+{
+ if (setegid(start_gid)) {
+ syslog(LOG_ERR, "cannot set EGID to %u: %m, exiting",
+ start_gid);
+ exit(1);
+ }
+ if (seteuid(start_uid)) {
+ syslog(LOG_ERR, "cannot set EUID to %u: %m, exiting",
+ start_uid);
+ exit(1);
}
- return;
}
/*
@@ -345,16 +356,17 @@ clean_dir(dir, depth, specified)
/* Looking at an empty directory. */
if (now - st.st_atime > minage && st.st_uid) {
/* An old non-root owned directory. */
- setecreds(st.st_uid, st.st_gid);
+ setecreds(st.st_uid, st.st_gid, dir,
+ dp->d_name);
if (rmdir(dp->d_name) == -1
&& errno != ENOENT
&& errno != EACCES
&& errno != EPERM) {
if (errno == ENOTEMPTY) {
- setecreds(0, 0);
+ recover_creds();
goto notempty;
}
- setecreds(0, 0);
+ recover_creds();
GETCWD;
syslog(LOG_ERR, "RACE?: rmdir"
"(\"%s\") in %s: %m, "
@@ -367,7 +379,7 @@ clean_dir(dir, depth, specified)
"removed dir %s/%s",
cwd, dp->d_name);
}
- setecreds(0, 0);
+ recover_creds();
}
} else {
notempty:
@@ -388,12 +400,13 @@ notempty:
* Old non-root owned regular file or
* symlink.
*/
- setecreds(st.st_uid, st.st_gid);
+ setecreds(st.st_uid, st.st_gid, dir,
+ dp->d_name);
if (unlink(dp->d_name) == -1
&& errno != ENOENT
&& errno != EACCES
&& errno != EPERM) {
- setecreds(0, 0);
+ recover_creds();
GETCWD;
syslog(LOG_ERR, "RACE?: unlink(\"%s\")"
"in %s: %m, exiting",
@@ -405,7 +418,7 @@ notempty:
syslog(LOG_INFO, "removed file %s/%s",
cwd, dp->d_name);
}
- setecreds(0, 0);
+ recover_creds();
}
}
}
@@ -483,6 +496,12 @@ main(argc, argv)
"cannot disable core dumps: setrlimit: %m, exiting");
exit(1);
}
+ start_gid = getegid();
+ start_uid = geteuid();
+ if (start_uid == 0 && setgroups(0, NULL)) {
+ syslog(LOG_ERR, "setgroups failed: %m, exiting");
+ exit(1);
+ }
for (i = 0; i < argc; i++)
if (argv[i][0] != '/') {
syslog(LOG_ERR, "directories to clean must be"