From c25f05b8e3c97f1629fb5a685288881eff4cbf8d Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 13 Apr 2008 22:00:51 +0100
Subject: [PATCH] chkpath: Add options for trusting other groups.

---
 chkpath.1 | 15 +++++++++++++++
 chkpath.c | 19 ++++++++++++++-----
 2 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/chkpath.1 b/chkpath.1
index 3668936..181cc09 100644
--- a/chkpath.1
+++ b/chkpath.1
@@ -5,6 +5,8 @@ chkpath \- check a path string for security
 .SH SYNOPSIS
 .B chkpath
 .RB [ \-vqstp ]
+.RB [ \-g
+.IR group ]
 .RI [ path ...]
 .SH USAGE
 The
@@ -60,6 +62,19 @@ effect, so put more in for more verbosity.  Note that verbose doesn't
 mean the same as interesting.  The default is to report problems with
 directories and system errors.
 .TP
+.B "\-g, \-\-group " group
+Consider members of
+.I group
+to be trustworthy:
+.B chkpath
+won't warn about a directory being group-writable if its gid matches
+.IR group .
+The
+.I group
+may be a group name (looked up in
+.BR /etc/group )
+or a numeric gid in decimal.
+.TP
 .B "\-q, \-\-quiet"
 Makes
 .B chkpath
diff --git a/chkpath.c b/chkpath.c
index 65d9390..08c39c7 100644
--- a/chkpath.c
+++ b/chkpath.c
@@ -34,6 +34,9 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include <pwd.h>
+#include <grp.h>
+
 #include <mLib/alloc.h>
 #include <mLib/mdwopt.h>
 #include <mLib/quis.h>
@@ -53,7 +56,7 @@ static void report(unsigned what, int verbose,
 /* --- @usage@ --- */
 
 static void usage(FILE *fp)
-  { fprintf(fp, "Usage: %s [-vqstp] [PATH...]\n", QUIS); }
+  { fprintf(fp, "Usage: %s [-vqstp] [-g NAME] [PATH...]\n", QUIS); }
 
 /* --- @version@ --- */
 
@@ -84,6 +87,7 @@ Options provided are:\n\
 -s, --sticky		Consider sticky directories secure against\n\
 			modification by world and group (not recommended).\n\
 -t, --trust-group	Consider other members of your group trustworthy.\n\
+-g, --group NAME	Consider members of group NAME trustworthy.\n\
 -p, --print		Write the secure path elements to standard output.\n\
 ",
 	fp);
@@ -107,10 +111,11 @@ int main(int argc, char *argv[])
   /* --- Set up path scanning defaults --- */
 
   cp.cp_verbose = 1;
-  cp.cp_what = CP_PROBLEMS | CP_REPORT | CP_SYMLINK;
+  cp.cp_what = (CP_PROBLEMS | CP_REPORT | CP_SYMLINK) & ~CP_WRGRP;
   cp.cp_report = report;
   cp.cp_arg = 0;
-  checkpath_setids(&cp);
+  cp.cp_gids = 0;
+  checkpath_setuid(&cp);
 
   /* --- Parse the options --- */
 
@@ -126,7 +131,7 @@ int main(int argc, char *argv[])
       { "print",	0,		0,	'p' },
       { 0,		0,		0,	0 }
     };
-    int i = mdwopt(argc, argv, "hVu" "vqstp", opts, 0, 0, 0);
+    int i = mdwopt(argc, argv, "hVu" "vqstpg:", opts, 0, 0, 0);
 
     if (i < 0)
       break;
@@ -151,7 +156,11 @@ int main(int argc, char *argv[])
 	cp.cp_what |= CP_STICKYOK;
 	break;
       case 't':
-	cp.cp_what = (cp.cp_what & ~CP_WRGRP) | CP_WROTHGRP;
+	if (checkpath_setgid(&cp) || checkpath_setgroups(&cp))
+	  die(1, "too many groups");
+	break;
+      case 'g':
+	allowgroup(&cp, optarg);
 	break;
       case 'p':
 	f |= f_print;
-- 
2.11.0