diff options
author | Julian Blake Kongslie <jblake@omgwallhack.org> | 2013-04-11 22:11:58 -0700 |
---|---|---|
committer | Julian Blake Kongslie <jblake@omgwallhack.org> | 2013-04-11 22:11:58 -0700 |
commit | 09918cfe4f1f75bef96d5179e37d88f247baf781 (patch) | |
tree | ab5a8be2536cc64452fe11cad8c44ead8bab8842 | |
parent | 06a19bdd081d1b81cbca7c7b675f5cf3637063a1 (diff) | |
download | insecuresuexec-09918cfe4f1f75bef96d5179e37d88f247baf781.tar.gz insecuresuexec-09918cfe4f1f75bef96d5179e37d88f247baf781.zip |
Adding a whole lot of debugging messages.
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | Makefile | 7 | ||||
-rw-r--r-- | main.cc | 30 |
3 files changed, 37 insertions, 1 deletions
@@ -1 +1,2 @@ /insecuresuexec +/insecuresuexec-noisy @@ -1,7 +1,12 @@ +default: insecuresuexec insecuresuexec-noisy + insecuresuexec: main.cc clang++ -Wall -Werror -std=c++11 -Os -o $@ $+ +insecuresuexec-noisy: main.cc + clang++ -Wall -Werror -std=c++11 -Os -o $@ -DNOISY $+ + clean: - rm -f insecuresuexec + rm -f insecuresuexec insecuresuexec-noisy .PHONY: clean @@ -10,17 +10,30 @@ #include <utility> #include <vector> +#ifdef NOISY +# define DEBUG(...) fprintf( stderr, __VA_ARGS__ ) +#else +# define DEBUG(...) do { } while ( 0 ) +#endif + uid_t parse_user( const char *user ) { char *end; unsigned long tmp; + DEBUG( "insecuresuexec parse_user( %s )\n", user ); + tmp = strtoul( user, &end, 10 ); if ( end != user && ! *end ) { + DEBUG( " which is the uid %lu\n", tmp ); return tmp; } else { + DEBUG( " which is a username\n" ); + errno = 0; struct passwd *pw = getpwnam( user ); + assert_perror( errno ); assert( pw ); + DEBUG( " corresponding to the uid %u\n", pw->pw_uid ); return pw->pw_uid; }; @@ -31,12 +44,19 @@ gid_t parse_group( const char *group ) { char *end; unsigned long tmp; + DEBUG( "insecuresuexec parse_group( %s )\n", group ); + tmp = strtoul( group, &end, 10 ); if ( end != group && ! *end ) { + DEBUG( " which is the gid %lu\n", tmp ); return tmp; } else { + DEBUG( " which is a groupname\n" ); + errno = 0; struct group *gr = getgrnam( group ); + assert_perror( errno ); assert( gr ); + DEBUG( " corresponding to the gid %u\n", gr->gr_gid ); return gr->gr_gid; }; @@ -174,9 +194,13 @@ int main( int argc, char *argv[] ) { char *cmd = argv[3]; char **args = argv + 3; + DEBUG( "insecuresuexec user=%s group=%s cmd=%s\n", user, group, cmd ); + uid_t uid; gid_t gid; + DEBUG( "insecuresuexec is parsing the command-line user and group...\n" ); + uid = parse_user( user ); gid = parse_group( group ); @@ -186,8 +210,12 @@ int main( int argc, char *argv[] ) { _exit( 1 ); }; + DEBUG( "insecuresuexec is parsing the stored permissions...\n" ); + auto allowed = read_permissions( "/etc/insecuresuexec/permissions" ); + DEBUG( "insecuresuexec is running the configured security checks...\n" ); + // the configurable security checks bool ok = false; for ( auto i = allowed->begin( ); i != allowed->end( ); ++i ) { @@ -199,6 +227,8 @@ int main( int argc, char *argv[] ) { _exit( 1 ); }; + DEBUG( "insecuresuexec is going to go ahead with the exec...\n" ); + if ( setgroups( 0, NULL ) != 0 ) assert_perror( errno ); |