chkpath: Add options for trusting other groups.

diff --git a/chkpath.1 b/chkpath.1
index 3668936..181cc09 100644 (file)
--- a/chkpath.1
+++ b/chkpath.1
@@ -5,6 +5,8 @@ chkpath \- check a path string for security
 .SH SYNOPSIS
 .B chkpath
 .RB [ \-vqstp ]
 .SH SYNOPSIS
 .B chkpath
 .RB [ \-vqstp ]

+.RB [ \-g
+.IR group ]

 .RI [ path ...]
 .SH USAGE
 The
 .RI [ path ...]
 .SH USAGE
 The


@@ -60,6 +62,19 @@ effect, so put more in for more verbosity.  Note that verbose doesn't
 mean the same as interesting.  The default is to report problems with
 directories and system errors.
 .TP
 mean the same as interesting.  The default is to report problems with
 directories and system errors.
 .TP

+.B "\-g, \-\-group " group
+Consider members of
+.I group
+to be trustworthy:
+.B chkpath
+won't warn about a directory being group-writable if its gid matches
+.IR group .
+The
+.I group
+may be a group name (looked up in
+.BR /etc/group )
+or a numeric gid in decimal.
+.TP

 .B "\-q, \-\-quiet"
 Makes
 .B chkpath
 .B "\-q, \-\-quiet"
 Makes
 .B chkpath

diff --git a/chkpath.c b/chkpath.c
index 65d9390..08c39c7 100644 (file)
--- a/chkpath.c
+++ b/chkpath.c
@@ -34,6 +34,9 @@
 #include <stdlib.h>
 #include <string.h>
 
 #include <stdlib.h>
 #include <string.h>
 

+#include <pwd.h>
+#include <grp.h>
+

 #include <mLib/alloc.h>
 #include <mLib/mdwopt.h>
 #include <mLib/quis.h>
 #include <mLib/alloc.h>
 #include <mLib/mdwopt.h>
 #include <mLib/quis.h>


@@ -53,7 +56,7 @@ static void report(unsigned what, int verbose,
 /* --- @usage@ --- */
 
 static void usage(FILE *fp)
 /* --- @usage@ --- */
 
 static void usage(FILE *fp)

-  { fprintf(fp, "Usage: %s [-vqstp] [PATH...]\n", QUIS); }
+  { fprintf(fp, "Usage: %s [-vqstp] [-g NAME] [PATH...]\n", QUIS); }

 
 /* --- @version@ --- */
 
 
 /* --- @version@ --- */
 


@@ -84,6 +87,7 @@ Options provided are:\n\
 -s, --sticky           Consider sticky directories secure against\n\
                        modification by world and group (not recommended).\n\
 -t, --trust-group      Consider other members of your group trustworthy.\n\
 -s, --sticky           Consider sticky directories secure against\n\
                        modification by world and group (not recommended).\n\
 -t, --trust-group      Consider other members of your group trustworthy.\n\

+-g, --group NAME       Consider members of group NAME trustworthy.\n\

 -p, --print            Write the secure path elements to standard output.\n\
 ",
        fp);
 -p, --print            Write the secure path elements to standard output.\n\
 ",
        fp);


@@ -107,10 +111,11 @@ int main(int argc, char *argv[])
   /* --- Set up path scanning defaults --- */
 
   cp.cp_verbose = 1;
   /* --- Set up path scanning defaults --- */
 
   cp.cp_verbose = 1;

-  cp.cp_what = CP_PROBLEMS | CP_REPORT | CP_SYMLINK;
+  cp.cp_what = (CP_PROBLEMS | CP_REPORT | CP_SYMLINK) & ~CP_WRGRP;

   cp.cp_report = report;
   cp.cp_arg = 0;
   cp.cp_report = report;
   cp.cp_arg = 0;

-  checkpath_setids(&cp);
+  cp.cp_gids = 0;
+  checkpath_setuid(&cp);

 
   /* --- Parse the options --- */
 
 
   /* --- Parse the options --- */
 


@@ -126,7 +131,7 @@ int main(int argc, char *argv[])
       { "print",       0,              0,      'p' },
       { 0,             0,              0,      0 }
     };
       { "print",       0,              0,      'p' },
       { 0,             0,              0,      0 }
     };

-    int i = mdwopt(argc, argv, "hVu" "vqstp", opts, 0, 0, 0);
+    int i = mdwopt(argc, argv, "hVu" "vqstpg:", opts, 0, 0, 0);

 
     if (i < 0)
       break;
 
     if (i < 0)
       break;


@@ -151,7 +156,11 @@ int main(int argc, char *argv[])
        cp.cp_what |= CP_STICKYOK;
        break;
       case 't':
        cp.cp_what |= CP_STICKYOK;
        break;
       case 't':

-       cp.cp_what = (cp.cp_what & ~CP_WRGRP) | CP_WROTHGRP;
+       if (checkpath_setgid(&cp) || checkpath_setgroups(&cp))
+         die(1, "too many groups");
+       break;
+      case 'g':
+       allowgroup(&cp, optarg);

        break;
       case 'p':
        f |= f_print;
        break;
       case 'p':
        f |= f_print;