5 # $Header: wrapsuid,v 1.1 90/08/11 13:51:29 lwall Locked $
8 # Revision 1.1 90/08/11 13:51:29 lwall
12 $xdev = '-xdev' unless -d '/dev/iop';
16 foreach $name (@ARGV) {
17 die "You must use absolute pathnames.\n" unless $name =~ m|^/|;
21 open(DF,"/etc/mount|") || die "Can't run /etc/mount";
25 $_ .= <DF> if length($_) < 50;
27 push(@list,$ary[2]) if ($ary[0] =~ m|^/dev|);
30 $fslist = join(' ',@list);
32 die "Can't find local filesystems" unless $fslist;
35 "find $fslist $xdev -type f \\( -perm -04000 -o -perm -02000 \\) -print|");
40 print "Fixing ", $_, "\n";
41 ($dir,$file) = m|(.*)/(.*)|;
42 chdir $dir || die "Can't chdir to $dir";
43 ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,
44 $blksize,$blocks) = stat($file);
45 die "Can't stat $_" unless $ino;
46 chmod $mode & 01777, $file; # wipe out set[ug]id bits
47 rename($file,".$file");
48 open(C,">.tmp$$.c") || die "Can't write C program for $_";
49 $real = "$dir/.$file";
55 execv("' . $real . '",argv);
59 system '/bin/cc', ".tmp$$.c", '-o', $file;
60 die "Can't compile new $_" if $?;
62 chown $uid, $gid, $file;
66 ##############################################################################
68 # These next few lines are legal in both Perl and nroff.
72 'di \" finish diversion--previous line must be blank
73 .nr nl 0-1 \" fake up transition to first page again
74 .nr % 0 \" start at page 1
75 '; __END__ ############# From here on it's a standard manual page ############
76 .TH SUIDSCRIPT 1 "July 30, 1990"
79 wrapsuid \- puts a compiled C wrapper around a setuid or setgid script
84 creates a small C program to execute a script with setuid or setgid privileges
85 without having to set the setuid or setgid bit on the script, which is
86 a security problem on many machines.
87 Specify the list of directories or files that you wish to process.
88 The names must be absolute pathnames.
89 With no arguments it will attempt to process all the local directories
91 The scripts to be processed must have the setuid or setgid bit set.
92 The wrapsuid program will delete the bits and set them on the wrapper.
94 Non-superusers may only process their own files.
96 No environment variables are used.