From: Mark Wooding Date: Sun, 13 Apr 2008 17:23:33 +0000 (+0100) Subject: Merge branch 'master' of chiark:src/checkpath X-Git-Tag: 1.2.0~1 X-Git-Url: https://git.distorted.org.uk/~mdw/checkpath/commitdiff_plain/60538794f1efdac9d84632579e36b61ca58c925c?hp=7d5bdc256357b94d74eccc6f6ae6d133fb9bc45a Merge branch 'master' of chiark:src/checkpath * 'master' of chiark:src/checkpath: tmpdir: Allow trusting of particular groups. tmpdir: Introduce option for verbose reporting, for diagnosing problems. Improve formatting before we get too stuck in. Conflicts: tmpdir.c --- diff --git a/.gitignore b/.gitignore index eafb46c..6e8de04 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ ltmain.sh missing mkinstalldirs depcomp +config diff --git a/.links b/.links index fa33922..dd8b261 100644 --- a/.links +++ b/.links @@ -1,2 +1,2 @@ COPYING -lib-config.in +config/confsubst diff --git a/Makefile.am b/Makefile.am index 0a6813d..42e907d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,49 +1,100 @@ -## -*-makefile-*- -## -## $Id: Makefile.am,v 1.6 2004/04/08 01:36:22 mdw Exp $ -## -## Makefile for chkpath -## -## (c) 1999 Mark Wooding -## - -##----- Licensing notice ---------------------------------------------------- -## -## This file is part of chkpath. -## -## chkpath is free software; you can redistribute it and/or modify -## it under the terms of the GNU General Public License as published by -## the Free Software Foundation; either version 2 of the License, or -## (at your option) any later version. -## -## chkpath is distributed in the hope that it will be useful, -## but WITHOUT ANY WARRANTY; without even the implied warranty of -## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -## GNU General Public License for more details. -## -## You should have received a copy of the GNU General Public License -## along with chkpath; if not, write to the Free Software Foundation, -## Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - -AUTOMAKE_OPTIONS = foreign - -lib_LTLIBRARIES = libcheckpath.la -libcheckpath_la_LDFLAGS = -version-info 2:0:1 -## Middle number is the patchlevel. Final number is the minor version. The -## difference between the first and last numbers is the major version. -libcheckpath_la_SOURCES = checkpath.c -include_HEADERS = checkpath.h - -bin_SCRIPTS = checkpath-config -bin_PROGRAMS = chkpath tmpdir -man_MANS = chkpath.1 tmpdir.1 checkpath.3 - -EXTRA_DIST = \ - $(man_MANS) \ - debian/control debian/copyright debian/changelog debian/rules - -chkpath_SOURCES = chkpath.c -tmpdir_SOURCES = tmpdir.c -LDADD = libcheckpath.la - -##----- That's all, folks --------------------------------------------------- +### -*-makefile-*- +### +### Makefile for chkpath +### +### (c) 1999 Mark Wooding +### + +###----- Licensing notice --------------------------------------------------- +### +### This file is part of chkpath. +### +### chkpath is free software; you can redistribute it and/or modify +### it under the terms of the GNU General Public License as published by +### the Free Software Foundation; either version 2 of the License, or +### (at your option) any later version. +### +### chkpath is distributed in the hope that it will be useful, +### but WITHOUT ANY WARRANTY; without even the implied warranty of +### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +### GNU General Public License for more details. +### +### You should have received a copy of the GNU General Public License +### along with chkpath; if not, write to the Free Software Foundation, +### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +bin_PROGRAMS = +lib_LTLIBRARIES = +include_HEADERS = +dist_man_MANS = + +CLEANFILES = +EXTRA_DIST = + +###-------------------------------------------------------------------------- +### Library. + +## The library itself. +lib_LTLIBRARIES += libcheckpath.la +libcheckpath_la_SOURCES = +libcheckpath_la_LDFLAGS = -version-info $(LIBTOOL_VERSION_INFO) +libcheckpath_la_LIBADD = $(mLib_LIBS) +dist_man_MANS += checkpath.3 + +libcheckpath_la_SOURCES += checkpath.c +include_HEADERS += checkpath.h + +## Package description. +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = checkpath.pc +CLEANFILES += checkpath.pc +EXTRA_DIST += checkpath.pc.in + +checkpath.pc: checkpath.pc.in Makefile + $(top_srcdir)/config/confsubst $(srcdir)/checkpath.pc.in >$@.new \ + prefix=$(prefix) exec_prefix=$(exec_prefix) \ + libdir=$(libdir) includedir=$(includedir) \ + VERSION=$(VERSION) + mv $@.new $@ + +###-------------------------------------------------------------------------- +### Programs. + +LDADD = libcheckpath.la $(mLib_LIBS) + +## chkpath +bin_PROGRAMS += chkpath +dist_man_MANS += chkpath.1 + +## tmpdir +bin_PROGRAMS += tmpdir +dist_man_MANS += tmpdir.1 + +###-------------------------------------------------------------------------- +### Other finishing touches. + +## Version stamp. +dist-hook:: + echo $(VERSION) >$(distdir)/RELEASE + +## Build tools. +EXTRA_DIST += config/confsubst + +###-------------------------------------------------------------------------- +### Debian. + +## Main stuff. +EXTRA_DIST += debian/rules +EXTRA_DIST += debian/copyright +EXTRA_DIST += debian/control +EXTRA_DIST += debian/changelog + +## Library. +EXTRA_DIST += debian/libcheckpath1.install +EXTRA_DIST += debian/libcheckpath-dev.install + +## Binaries. +EXTRA_DIST += debian/tmpdir.install +EXTRA_DIST += debian/chkpath.install + +###----- That's all, folks -------------------------------------------------- diff --git a/checkpath.3 b/checkpath.3 index 8bc8faf..8c2b5ac 100644 --- a/checkpath.3 +++ b/checkpath.3 @@ -17,7 +17,7 @@ function checks a path for security. It ensures that only acceptble users and groups can change the files or file contents accessible through the path. .PP -The function is given a +The function is given a .I path to be checked, and a pointer .I cp @@ -30,7 +30,7 @@ of the problems. This structure contains the following members: .TP .B "uid_t cp_uid" -The user running the check. Files and directories owned by +The user running the check. Files and directories owned by .B root (uid 0) and by .B cp_uid @@ -38,7 +38,7 @@ are considered safe. .TP .B "gid_t cp_gid[NGROUPS_MAX + 1]" The groups of which the user is a member. Files whose groups are in -this set may be considered safe, depending on the +this set may be considered safe, depending on the .B cp_what configuration. See below. .TP @@ -46,7 +46,7 @@ configuration. See below. The number of gids in the .B cp_gid array. -.TP +.TP .B "int cp_verbose" The verbosity level. Messages are only given to the reporting function if their verbosity level is less than or equal to this setting. As a @@ -57,7 +57,7 @@ levels 2 and above. The recommended value is 1. .B "unsigned cp_what" A bitmask of flags determining what conditions are considered problems, and other behaviour. See below. -.TP +.TP .B "void (*cp_report)(...)" The reporting function. See below. .TP diff --git a/checkpath.c b/checkpath.c index 85c4b09..2047800 100644 --- a/checkpath.c +++ b/checkpath.c @@ -5,7 +5,7 @@ * (c) 1999 Mark Wooding */ -/*----- Licensing notice --------------------------------------------------* +/*----- Licensing notice --------------------------------------------------* * * This file is part of chkpath. * @@ -13,12 +13,12 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. - * + * * chkpath is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with chkpath; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. @@ -26,6 +26,8 @@ /*----- Header files ------------------------------------------------------*/ +#include "config.h" + #include #include #include @@ -502,7 +504,7 @@ void checkpath_setids(struct checkpath *cp) cp->cp_uid = getuid(); n = getgroups(sizeof(cp->cp_gid) / sizeof(cp->cp_gid[0]), cp->cp_gid); - + for (i = 0; i < n; i++) { if (cp->cp_gid[i] == g) goto gid_ok; diff --git a/checkpath.h b/checkpath.h index e2f6385..bd9d256 100644 --- a/checkpath.h +++ b/checkpath.h @@ -5,7 +5,7 @@ * (c) 1999 Mark Wooding */ -/*----- Licensing notice --------------------------------------------------* +/*----- Licensing notice --------------------------------------------------* * * This file is part of chkpath. * @@ -13,12 +13,12 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. - * + * * chkpath is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with chkpath; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. diff --git a/checkpath.pc.in b/checkpath.pc.in new file mode 100644 index 0000000..067c116 --- /dev/null +++ b/checkpath.pc.in @@ -0,0 +1,10 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ +configdir=@configdir@ +socketdir=@socketdir@ + +Name: Checkpath +Description: Check filesystem paths for security problems. +Version: @VERSION@ diff --git a/chkpath.1 b/chkpath.1 index f8ce180..3668936 100644 --- a/chkpath.1 +++ b/chkpath.1 @@ -46,7 +46,7 @@ Displays a relatively verbose message describing how to use .TP .B "\-V, \-\-version" Displays -.BR chkpath 's +.BR chkpath 's version number. .TP .B "\-u, \-\-usage" diff --git a/chkpath.c b/chkpath.c index 4230637..65d9390 100644 --- a/chkpath.c +++ b/chkpath.c @@ -5,7 +5,7 @@ * (c) 1999 Mark Wooding */ -/*----- Licensing notice --------------------------------------------------* +/*----- Licensing notice --------------------------------------------------* * * This file is part of chkpath. * @@ -13,12 +13,12 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. - * + * * chkpath is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with chkpath; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. @@ -26,6 +26,8 @@ /*----- Header files ------------------------------------------------------*/ +#include "config.h" + #include #include #include @@ -124,7 +126,7 @@ int main(int argc, char *argv[]) { "print", 0, 0, 'p' }, { 0, 0, 0, 0 } }; - int i = mdwopt(argc, argv, "hVu vqstp", opts, 0, 0, 0); + int i = mdwopt(argc, argv, "hVu" "vqstp", opts, 0, 0, 0); if (i < 0) break; diff --git a/configure.in b/configure.ac similarity index 54% rename from configure.in rename to configure.ac index f1c51c3..99b488e 100644 --- a/configure.in +++ b/configure.ac @@ -1,13 +1,11 @@ -dnl -*-m4-*- -dnl -dnl $Id: configure.in,v 1.5 2004/04/08 01:36:22 mdw Exp $ +dnl -*-autoconf-*- dnl dnl Configurator for chkpath dnl dnl (c) 1999 Mark Wooding dnl -dnl ----- Licensing notice -------------------------------------------------- +dnl----- Licensing notice --------------------------------------------------- dnl dnl This file is part of chkpath. dnl @@ -15,22 +13,43 @@ dnl chkpath is free software; you can redistribute it and/or modify dnl it under the terms of the GNU General Public License as published by dnl the Free Software Foundation; either version 2 of the License, or dnl (at your option) any later version. -dnl +dnl dnl chkpath is distributed in the hope that it will be useful, dnl but WITHOUT ANY WARRANTY; without even the implied warranty of dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the dnl GNU General Public License for more details. -dnl +dnl dnl You should have received a copy of the GNU General Public License dnl along with chkpath; if not, write to the Free Software Foundation, dnl Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -AC_INIT(chkpath.c) -mdw_INIT_LIB(checkpath, checkpath, 1.1.0, chkpath) +mdw_AUTO_VERSION +AC_INIT([Checkpath], AUTO_VERSION, [mdw@distorted.org.uk]) +AC_CONFIG_SRCDIR([checkpath.c]) +AC_CONFIG_AUX_DIR([config]) +AM_INIT_AUTOMAKE([foreign]) + +dnl-------------------------------------------------------------------------- +dnl C language environemnt. + +dnl Compiler and tools. AC_PROG_CC -mdw_GCC_FLAGS +AX_CFLAGS_WARN_ALL AM_PROG_LIBTOOL -mdw_MLIB(1.6.0) -AC_OUTPUT(Makefile checkpath-config:lib-config.in) +mdw_LIBTOOL_VERSION_INFO + +dnl Types. +AC_TYPE_UID_T + +dnl Packages. +PKG_CHECK_MODULES([mLib], [mLib >= 2.0.4]) + +dnl-------------------------------------------------------------------------- +dnl Output. + +AC_CONFIG_FILES([Makefile]) +AC_CONFIG_HEADER([config/config.h]) + +AC_OUTPUT -dnl ----- That's all, folks ------------------------------------------------- +dnl----- That's all, folks -------------------------------------------------- diff --git a/debian/.gitignore b/debian/.gitignore index 5c6c630..e36bd48 100644 --- a/debian/.gitignore +++ b/debian/.gitignore @@ -8,3 +8,8 @@ libcheckpath-dev checkpath checkpath1 libcheckpath1 +tmpdir +chkpath +compat +stamp-* +q diff --git a/debian/chkpath.install b/debian/chkpath.install new file mode 100644 index 0000000..ea25bb7 --- /dev/null +++ b/debian/chkpath.install @@ -0,0 +1,2 @@ +debian/tmp/usr/bin/chkpath +debian/tmp/usr/share/man/man1/chkpath.1 diff --git a/debian/control b/debian/control index 21f8e57..0e34a93 100644 --- a/debian/control +++ b/debian/control @@ -1,43 +1,51 @@ Source: checkpath Section: admin Priority: extra -Build-Depends: mlib-dev, debhelper (>= 4.0.2) -Maintainer: Mark Wooding +Build-Depends: mlib-dev, cdbs +Maintainer: Mark Wooding Standards-Version: 3.1.1 Package: checkpath +Architecture: all +Depends: chkpath, tmpdir +Description: Convenience package for the checkpath binaries. + +Package: tmpdir Architecture: any -Depends: ${shlibs:Depends}, libcheckpath1 (= ${Source-Version}) +Depends: ${shlibs:Depends} +Description: Create a secure temporary directory. + tmpdir creates a temporary directory which can't be subverted by other + users. Nobody except you and root will be able to read or write to your + temporary directory, or make you refer to files outside of it by messing + with parent directories. + +Package: chkpath +Architecture: any +Depends: ${shlibs:Depends} Description: Checks PATH variable for security - Contains two handy programs. - chkpath -- Warns about other users who can write to directories on - your PATH, or rename them, or whatever. If checkpath gives you a - clean bill of health then nobody but you and root can make command - names mean different things without direct write access to the - program files. - tmpdir -- Creates a temporary directory which can't be subverted by - other users. Nobody except you and root will be able to read or - write to your temporary directory, or make you refer to files - outside of it by messing with parent directories. + chkpath warns about other users who can write to directories on your PATH, + or rename them, or whatever. If checkpath gives you a clean bill of health + then nobody but you and root can make command names mean different things + without direct write access to the program files. Package: libcheckpath1 Architecture: any Section: libs Depends: ${shlibs:Depends} Description: Checks paths for security - Walks a pathname, checking every symlink and directory on the way, - and issuing alerts if any element is writable by someone other than - the calling uid or root. Useful if you're paranoid. This package - just contains the shared library. If you want to write programs which - use this library, you need libcheckpath-dev. + Walks a pathname, checking every symlink and directory on the way, and + issuing alerts if any element is writable by someone other than the calling + uid or root. Useful if you're paranoid. This package just contains the + shared library. If you want to write programs which use this library, you + need libcheckpath-dev. Package: libcheckpath-dev Architecture: any Section: devel Depends: libcheckpath1 (= ${Source-Version}), mlib-dev (>= 2.0.0), libc6-dev Description: Checks paths for security - Walks a pathname, checking every symlink and directory on the way, - and issuing alerts if any element is writable by someone other than - the calling uid or root. Useful if you're paranoid. This package - contains the header files and static libraries you need to compile - programs which use the library. + Walks a pathname, checking every symlink and directory on the way, and + issuing alerts if any element is writable by someone other than the calling + uid or root. Useful if you're paranoid. This package contains the header + files and static libraries you need to compile programs which use the + library. diff --git a/debian/libcheckpath-dev.install b/debian/libcheckpath-dev.install new file mode 100644 index 0000000..29981bd --- /dev/null +++ b/debian/libcheckpath-dev.install @@ -0,0 +1,4 @@ +debian/tmp/usr/include +debian/tmp/usr/share/man/man3 +debian/tmp/usr/lib/libcheckpath.la +debian/tmp/usr/lib/libcheckpath.so diff --git a/debian/libcheckpath1.install b/debian/libcheckpath1.install new file mode 100644 index 0000000..182f140 --- /dev/null +++ b/debian/libcheckpath1.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/libcheckpath.so.* diff --git a/debian/rules b/debian/rules index f9674e8..abe7ec8 100755 --- a/debian/rules +++ b/debian/rules @@ -1,58 +1,12 @@ #! /usr/bin/make -f -export DH_COMPAT = 4 +CDBS = /usr/share/cdbs/1 +include $(CDBS)/class/autotools.mk +include $(CDBS)/rules/debhelper.mk -build: - rm -rf build deb-build - mkdir deb-build - cd deb-build; ../configure --prefix=/usr --mandir=/usr/share/man - make -C deb-build - touch build +###-------------------------------------------------------------------------- +### General settings. -clean: - dh_clean - rm -rf deb-build build +DEB_BUILDDIR = $(CURDIR)/build -install: build - dh_clean - make -C deb-build install DESTDIR=`pwd`/debian/checkpath - mkdir -p debian/libcheckpath1/usr debian/libcheckpath-dev/usr - mv debian/checkpath/usr/lib debian/libcheckpath1/usr/lib - mkdir -p debian/libcheckpath-dev/usr/lib - mv debian/libcheckpath1/usr/lib/*.a debian/libcheckpath-dev/usr/lib - mv debian/libcheckpath1/usr/lib/*.so debian/libcheckpath-dev/usr/lib - mv debian/libcheckpath1/usr/lib/*.la debian/libcheckpath-dev/usr/lib - mkdir -p debian/libcheckpath-dev/usr/share/man - mv debian/checkpath/usr/share/man/man3 \ - debian/libcheckpath-dev/usr/share/man - mkdir -p debian/libcheckpath-dev/usr/bin - mv debian/checkpath/usr/bin/checkpath-config \ - debian/libcheckpath-dev/usr/bin - -binary-indep: - -binary-arch: install - dh_testdir -a - dh_testroot -a - dh_compress -a - dh_installdocs -a - dh_strip -a - dh_makeshlibs -a -V - dh_shlibdeps -a - dh_gencontrol -a - dh_fixperms -a - dh_installdeb -a - dh_md5sums -a - dh_builddeb -a - -binary: binary-indep binary-arch - -source: - rm -rf deb-build/*.tar.gz deb-build/=deb= - make -C deb-build dist PACKAGE=checkpath - mkdir deb-build/=deb= - cd deb-build/=deb=; tar xvfz ../*.tar.gz - d=`pwd`; cd ..; dpkg-source -i -b $$d/deb-build/=deb=/* - rm -rf deb-build/=deb= - -.PHONY: binary binary-arch binary-indep clean install source +###----- That's all, folks -------------------------------------------------- diff --git a/debian/tmpdir.install b/debian/tmpdir.install new file mode 100644 index 0000000..be1ebff --- /dev/null +++ b/debian/tmpdir.install @@ -0,0 +1,2 @@ +debian/tmp/usr/bin/tmpdir +debian/tmp/usr/share/man/man1/tmpdir.1 diff --git a/tmpdir.1 b/tmpdir.1 index 4023ed9..05030ba 100644 --- a/tmpdir.1 +++ b/tmpdir.1 @@ -13,7 +13,7 @@ tmpdir \- choose, or check a choice of, temporary directory The .B tmpdir program creates a secure place for temporary files to be stored, and -outputs an assignment to the +outputs an assignment to the .B TMPDIR variable suitable for execution by a shell. .PP diff --git a/tmpdir.c b/tmpdir.c index e4cdde5..f0fcb5f 100644 --- a/tmpdir.c +++ b/tmpdir.c @@ -5,7 +5,7 @@ * (c) 1999 Mark Wooding */ -/*----- Licensing notice --------------------------------------------------* +/*----- Licensing notice --------------------------------------------------* * * This file is part of chkpath. * @@ -13,12 +13,12 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. - * + * * chkpath is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with chkpath; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. @@ -26,6 +26,8 @@ /*----- Header files ------------------------------------------------------*/ +#include "config.h" + #include #include #include @@ -181,9 +183,7 @@ good: */ static int fullcheck(const char *p) -{ - return (checkpath(p, &cp) == 0 && ok(p, 0)); -} + { return (checkpath(p, &cp) == 0 && ok(p, 0)); } /* --- @goodtmp@ --- * * @@ -206,16 +206,12 @@ static char *goodtmp(void) /* --- Try making a directory in `/tmp' --- */ - if (!(q = getenv("USER")) && !(q = getenv("LOGNAME"))) - q = pw->pw_name; - if ((q = trytmp("/tmp", q)) != 0) + if ((q = trytmp("/tmp", pw->pw_name)) != 0) return (q); /* --- That failed: try a directory in the user's home --- */ - if (!(q = getenv("HOME"))) - q = pw->pw_dir; - if ((q = trytmp(q, "tmp")) != 0) + if ((q = trytmp(pw->pw_dir, "tmp")) != 0) return (q); /* --- Still no joy: give up --- * @@ -341,7 +337,7 @@ int main(int argc, char *argv[]) /* --- Initialize variables --- */ ego(argv[0]); - me = getuid(); + me = geteuid(); cp.cp_what = (CP_WRWORLD | CP_WROTHGRP | CP_WROTHUSR | CP_STICKYOK | CP_REPORT); cp.cp_verbose = 0; @@ -368,7 +364,7 @@ int main(int argc, char *argv[]) { "group", OPTF_ARGREQ, 0, 'g' }, { 0, 0, 0, 0 } }; - int i = mdwopt(argc, argv, "hVu bcvtg:c:", opts, 0, 0, 0); + int i = mdwopt(argc, argv, "hVu" "bcvtg:c:", opts, 0, 0, 0); if (i < 0) break;