Commit | Line | Data |
a0d0e21e |
1 | #!/usr/bin/perl |
2 | 'di'; |
3 | 'ig00'; |
4 | # |
5 | # $Header: wrapsuid,v 1.1 90/08/11 13:51:29 lwall Locked $ |
6 | # |
7 | # $Log: wrapsuid,v $ |
8 | # Revision 1.1 90/08/11 13:51:29 lwall |
9 | # Initial revision |
10 | # |
11 | |
12 | $xdev = '-xdev' unless -d '/dev/iop'; |
13 | |
14 | if ($#ARGV >= 0) { |
15 | @list = @ARGV; |
16 | foreach $name (@ARGV) { |
17 | die "You must use absolute pathnames.\n" unless $name =~ m|^/|; |
18 | } |
19 | } |
20 | else { |
21 | open(DF,"/etc/mount|") || die "Can't run /etc/mount"; |
22 | |
23 | while (<DF>) { |
24 | chop; |
25 | $_ .= <DF> if length($_) < 50; |
26 | @ary = split; |
27 | push(@list,$ary[2]) if ($ary[0] =~ m|^/dev|); |
28 | } |
29 | } |
30 | $fslist = join(' ',@list); |
31 | |
32 | die "Can't find local filesystems" unless $fslist; |
33 | |
34 | open(FIND, |
35 | "find $fslist $xdev -type f \\( -perm -04000 -o -perm -02000 \\) -print|"); |
36 | |
37 | while (<FIND>) { |
38 | chop; |
39 | next unless -T; |
40 | print "Fixing ", $_, "\n"; |
41 | ($dir,$file) = m|(.*)/(.*)|; |
42 | chdir $dir || die "Can't chdir to $dir"; |
43 | ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime, |
44 | $blksize,$blocks) = stat($file); |
45 | die "Can't stat $_" unless $ino; |
46 | chmod $mode & 01777, $file; # wipe out set[ug]id bits |
47 | rename($file,".$file"); |
48 | open(C,">.tmp$$.c") || die "Can't write C program for $_"; |
49 | $real = "$dir/.$file"; |
50 | print C ' |
51 | main(argc,argv) |
52 | int argc; |
53 | char **argv; |
54 | { |
55 | execv("' . $real . '",argv); |
56 | } |
57 | '; |
58 | close C; |
59 | system '/bin/cc', ".tmp$$.c", '-o', $file; |
60 | die "Can't compile new $_" if $?; |
61 | chmod $mode, $file; |
62 | chown $uid, $gid, $file; |
63 | unlink ".tmp$$.c"; |
64 | chdir '/'; |
65 | } |
66 | ############################################################################## |
67 | |
68 | # These next few lines are legal in both Perl and nroff. |
69 | |
70 | .00; # finish .ig |
71 | |
72 | 'di \" finish diversion--previous line must be blank |
73 | .nr nl 0-1 \" fake up transition to first page again |
74 | .nr % 0 \" start at page 1 |
75 | '; __END__ ############# From here on it's a standard manual page ############ |
76 | .TH SUIDSCRIPT 1 "July 30, 1990" |
77 | .AT 3 |
78 | .SH NAME |
79 | wrapsuid \- puts a compiled C wrapper around a setuid or setgid script |
80 | .SH SYNOPSIS |
81 | .B wrapsuid [dirlist] |
82 | .SH DESCRIPTION |
83 | .I Wrapsuid |
84 | creates a small C program to execute a script with setuid or setgid privileges |
85 | without having to set the setuid or setgid bit on the script, which is |
86 | a security problem on many machines. |
87 | Specify the list of directories or files that you wish to process. |
88 | The names must be absolute pathnames. |
89 | With no arguments it will attempt to process all the local directories |
90 | for this machine. |
91 | The scripts to be processed must have the setuid or setgid bit set. |
92 | The wrapsuid program will delete the bits and set them on the wrapper. |
93 | .PP |
94 | Non-superusers may only process their own files. |
95 | .SH ENVIRONMENT |
96 | No environment variables are used. |
97 | .SH FILES |
98 | None. |
99 | .SH AUTHOR |
100 | Larry Wall |
101 | .SH "SEE ALSO" |
102 | .SH DIAGNOSTICS |
103 | .SH BUGS |
104 | .ex |