From 09918cfe4f1f75bef96d5179e37d88f247baf781 Mon Sep 17 00:00:00 2001 From: Julian Blake Kongslie Date: Thu, 11 Apr 2013 22:11:58 -0700 Subject: Adding a whole lot of debugging messages. --- .gitignore | 1 + Makefile | 7 ++++++- main.cc | 30 ++++++++++++++++++++++++++++++ 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index b78e996..105df7b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /insecuresuexec +/insecuresuexec-noisy diff --git a/Makefile b/Makefile index 10107f0..ff256cf 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,12 @@ +default: insecuresuexec insecuresuexec-noisy + insecuresuexec: main.cc clang++ -Wall -Werror -std=c++11 -Os -o $@ $+ +insecuresuexec-noisy: main.cc + clang++ -Wall -Werror -std=c++11 -Os -o $@ -DNOISY $+ + clean: - rm -f insecuresuexec + rm -f insecuresuexec insecuresuexec-noisy .PHONY: clean diff --git a/main.cc b/main.cc index 27c7806..61946e3 100644 --- a/main.cc +++ b/main.cc @@ -10,17 +10,30 @@ #include #include +#ifdef NOISY +# define DEBUG(...) fprintf( stderr, __VA_ARGS__ ) +#else +# define DEBUG(...) do { } while ( 0 ) +#endif + uid_t parse_user( const char *user ) { char *end; unsigned long tmp; + DEBUG( "insecuresuexec parse_user( %s )\n", user ); + tmp = strtoul( user, &end, 10 ); if ( end != user && ! *end ) { + DEBUG( " which is the uid %lu\n", tmp ); return tmp; } else { + DEBUG( " which is a username\n" ); + errno = 0; struct passwd *pw = getpwnam( user ); + assert_perror( errno ); assert( pw ); + DEBUG( " corresponding to the uid %u\n", pw->pw_uid ); return pw->pw_uid; }; @@ -31,12 +44,19 @@ gid_t parse_group( const char *group ) { char *end; unsigned long tmp; + DEBUG( "insecuresuexec parse_group( %s )\n", group ); + tmp = strtoul( group, &end, 10 ); if ( end != group && ! *end ) { + DEBUG( " which is the gid %lu\n", tmp ); return tmp; } else { + DEBUG( " which is a groupname\n" ); + errno = 0; struct group *gr = getgrnam( group ); + assert_perror( errno ); assert( gr ); + DEBUG( " corresponding to the gid %u\n", gr->gr_gid ); return gr->gr_gid; }; @@ -174,9 +194,13 @@ int main( int argc, char *argv[] ) { char *cmd = argv[3]; char **args = argv + 3; + DEBUG( "insecuresuexec user=%s group=%s cmd=%s\n", user, group, cmd ); + uid_t uid; gid_t gid; + DEBUG( "insecuresuexec is parsing the command-line user and group...\n" ); + uid = parse_user( user ); gid = parse_group( group ); @@ -186,8 +210,12 @@ int main( int argc, char *argv[] ) { _exit( 1 ); }; + DEBUG( "insecuresuexec is parsing the stored permissions...\n" ); + auto allowed = read_permissions( "/etc/insecuresuexec/permissions" ); + DEBUG( "insecuresuexec is running the configured security checks...\n" ); + // the configurable security checks bool ok = false; for ( auto i = allowed->begin( ); i != allowed->end( ); ++i ) { @@ -199,6 +227,8 @@ int main( int argc, char *argv[] ) { _exit( 1 ); }; + DEBUG( "insecuresuexec is going to go ahead with the exec...\n" ); + if ( setgroups( 0, NULL ) != 0 ) assert_perror( errno ); -- cgit v1.2.3