dropping ``setgid tty'' in dump(8)

Fri Sep 24 08:49:58 PDT 2004

Hi!

The attached patch replaces the ``wall -g'' functionality built
into dump(8) directly with the call to wall(1), thus making it
possible to drop the ``setgid tty'' privilege.

The DIALUP check was weak, and was also removed.

The patch is based on the OpenBSD's work.

<PS>
I've posted another message to the -audit that makes ``wall -g''
really work.
</PS>


Cheers,
-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru at sunbay.com		Sunbay Software AG,
ru at FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age
-------------- next part --------------
Index: Makefile
===================================================================
RCS file: /home/ncvs/src/sbin/dump/Makefile,v
retrieving revision 1.14
diff -u -p -r1.14 Makefile

--- Makefile	2001/03/26 14:33:00	1.14
+++ Makefile	2001/09/03 16:57:01
@@ -18,8 +18,6 @@ LINKS=	${BINDIR}/dump ${BINDIR}/rdump
 CFLAGS+=-DRDUMP
 CFLAGS+=-I${.CURDIR}/../../libexec/rlogind
 SRCS=	itime.c main.c optr.c dumprmt.c tape.c traverse.c unctime.c
-BINGRP=	tty
-BINMODE=2555
 MAN=	dump.8
 MLINKS+=dump.8 rdump.8
 
Index: dump.h
===================================================================
RCS file: /home/ncvs/src/sbin/dump/dump.h,v
retrieving revision 1.9
diff -u -p -r1.9 dump.h
--- dump.h	2001/08/10 23:12:10	1.9
+++ dump.h	2001/09/03 16:57:01
@@ -100,7 +100,6 @@ void	msg __P((const char *fmt, ...)) __p
 void	msgtail __P((const char *fmt, ...)) __printflike(1, 2);
 int	query __P((char *question));
 void	quit __P((const char *fmt, ...)) __printflike(1, 2);
-void	set_operators __P((void));
 void	timeest __P((void));
 time_t	unctime __P((char *str));
 
@@ -151,7 +150,6 @@ void	interrupt __P((int signo));	/* in c
 #define	X_ABORT		3	/* abort dump; don't attempt checkpointing */
 
 #define	OPGRENT	"operator"		/* group entry to notify */
-#define DIALUP	"ttyd"			/* prefix for dialups */
 
 struct	fstab *fstabsearch __P((char *key));	/* search fs_file and fs_spec */
 
Index: main.c
===================================================================
RCS file: /home/ncvs/src/sbin/dump/main.c,v
retrieving revision 1.26
diff -u -p -r1.26 main.c
--- main.c	2001/07/09 03:06:56	1.26
+++ main.c	2001/09/03 16:57:03
@@ -287,7 +287,6 @@ main(argc, argv)
 	if (signal(SIGINT, interrupt) == SIG_IGN)
 		signal(SIGINT, SIG_IGN);
 
-	set_operators();	/* /etc/group snarfed */
 	getfstab();		/* /etc/fstab snarfed */
 	/*
 	 *	disk can be either the full special file name,
Index: optr.c
===================================================================
RCS file: /home/ncvs/src/sbin/dump/optr.c,v
retrieving revision 1.12
diff -u -p -r1.12 optr.c
--- optr.c	2001/01/29 09:45:51	1.12
+++ optr.c	2001/09/03 16:57:03
@@ -59,7 +59,6 @@ static const char rcsid[] =
 
 void	alarmcatch __P((/* int, int */));
 int	datesort __P((const void *, const void *));
-static	void sendmes __P((char *, char *));
 
 /*
  *	Query the operator; This previously-fascist piece of code
@@ -117,7 +116,7 @@ query(question)
 	return(back);
 }
 
-char lastmsg[100];
+char lastmsg[BUFSIZ];
 
 /*
  *	Alert the console operator, and enable the alarm clock to
@@ -159,130 +158,33 @@ interrupt(signo)
 }
 
 /*
- *	The following variables and routines manage alerting
- *	operators to the status of dump.
- *	This works much like wall(1) does.
+ *	We now use wall(1) to do the actual broadcasting.
  */
-struct	group *gp;
-
-/*
- *	Get the names from the group entry "operator" to notify.
- */
-void
-set_operators()
-{
-	if (!notify)		/*not going to notify*/
-		return;
-	gp = getgrnam(OPGRENT);
-	(void) endgrent();
-	if (gp == NULL) {
-		msg("No group entry for %s.\n", OPGRENT);
-		notify = 0;
-		return;
-	}
-}
-
-struct tm *localclock;
-
-/*
- *	We fork a child to do the actual broadcasting, so
- *	that the process control groups are not messed up
- */
 void
 broadcast(message)
 	char	*message;
 {
-	time_t		clock;
-	FILE	*f_utmp;
-	struct	utmp	utmp;
-	char	**np;
-	int	pid, s;
+	FILE *fp;
+	char buf[sizeof(_PATH_WALL) + sizeof(OPGRENT) + 3];
 
-	if (!notify || gp == NULL)
+	if (!notify)
 		return;
 
-	switch (pid = fork()) {
-	case -1:
+	snprintf(buf, sizeof(buf), "%s -g %s", _PATH_WALL, OPGRENT);
+	if ((fp = popen(buf, "w")) == NULL)
 		return;
-	case 0:
-		break;
-	default:
-		while (wait(&s) != pid)
-			continue;
-		return;
-	}
-
-	clock = time((time_t *)0);
-	localclock = localtime(&clock);
-
-	if ((f_utmp = fopen(_PATH_UTMP, "r")) == NULL) {
-		msg("Cannot open %s: %s\n", _PATH_UTMP, strerror(errno));
-		return;
-	}
 
-	while (!feof(f_utmp)) {
-		if (fread((char *) &utmp, sizeof (struct utmp), 1, f_utmp) != 1)
-			break;
-		if (utmp.ut_name[0] == 0)
-			continue;
-		for (np = gp->gr_mem; *np; np++) {
-			if (strncmp(*np, utmp.ut_name, sizeof(utmp.ut_name)) != 0)
-				continue;
-			/*
-			 *	Do not send messages to operators on dialups
-			 */
-			if (strncmp(utmp.ut_line, DIALUP, strlen(DIALUP)) == 0)
-				continue;
-#ifdef DEBUG
-			msg("Message to %s at %s\n", *np, utmp.ut_line);
-#endif
-			sendmes(utmp.ut_line, message);
-		}
-	}
-	(void) fclose(f_utmp);
-	Exit(0);	/* the wait in this same routine will catch this */
-	/* NOTREACHED */
-}
+	(void) fputs("\a\a\aMessage from the dump program to all operators\n\nDUMP: NEEDS ATTENTION: ", fp);
+	if (lastmsg[0])
+		(void) fputs(lastmsg, fp);
+	if (message[0])
+		(void) fputs(message, fp);
 
-static void
-sendmes(tty, message)
-	char *tty, *message;
-{
-	char t[MAXPATHLEN], buf[BUFSIZ];
-	register char *cp;
-	int lmsg = 1;
-	FILE *f_tty;
-
-	(void) strcpy(t, _PATH_DEV);
-	(void) strncat(t, tty, sizeof t - strlen(_PATH_DEV) - 1);
-
-	if ((f_tty = fopen(t, "w")) != NULL) {
-		setbuf(f_tty, buf);
-		(void) fprintf(f_tty,
-		    "\n\
-\a\a\aMessage from the dump program to all operators at %d:%02d ...\r\n\n\
-DUMP: NEEDS ATTENTION: ",
-		    localclock->tm_hour, localclock->tm_min);
-		for (cp = lastmsg; ; cp++) {
-			if (*cp == '\0') {
-				if (lmsg) {
-					cp = message;
-					if (*cp == '\0')
-						break;
-					lmsg = 0;
-				} else
-					break;
-			}
-			if (*cp == '\n')
-				(void) putc('\r', f_tty);
-			(void) putc(*cp, f_tty);
-		}
-		(void) fclose(f_tty);
-	}
+	(void) pclose(fp);
 }
 
 /*
- *	print out an estimate of the amount of time left to do the dump
+ *	Print out an estimate of the amount of time left to do the dump
  */
 
 time_t	tschedule = 0;
Index: pathnames.h
===================================================================
RCS file: /home/ncvs/src/sbin/dump/pathnames.h,v
retrieving revision 1.6
diff -u -p -r1.6 pathnames.h
--- pathnames.h	2001/03/08 09:04:39	1.6
+++ pathnames.h	2001/09/03 16:57:03
@@ -41,3 +41,4 @@
 #define	_PATH_DUMPDATES	"/etc/dumpdates"
 #define	_PATH_LOCK	"/tmp/dumplockXXXXXX"
 #define	_PATH_RMT	"/etc/rmt"		/* path on remote host */
+#define	_PATH_WALL	"/usr/bin/wall"
