1
1

Make cons.saver runable by non-root users.

Этот коммит содержится в:
Pavel Machek 1999-05-12 11:48:11 +00:00
родитель 71ef20af35
Коммит bfe05cff74
2 изменённых файлов: 22 добавлений и 1 удалений

Просмотреть файл

@ -1,3 +1,13 @@
1999-05-12 Pavel Machek <pavel@artax.karlin.mff.cuni.cz>
* cons.saver.c (main): change cons.saver so it can be run without
root privileges. It is well possible to run cons.saver with
privileges only to /dev/vcsa: create new user and make vcsa's
owned by that user instead of root.
Distribution maintainers please take this text as idea of what you
should do to make your system more secure.
1999-05-05 Miguel de Icaza <miguel@nuclecu.unam.mx> 1999-05-05 Miguel de Icaza <miguel@nuclecu.unam.mx>
* cmd.c (view_file_at_line): gmc_view never fails, so we handle * cmd.c (view_file_at_line): gmc_view never fails, so we handle

Просмотреть файл

@ -21,6 +21,14 @@
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
/* This code does _not_ need to be setuid root. However, it needs
read/write access to /dev/vcsa* (which is priviledged
operation). You should create user vcsa, make cons.saver setuid
user vcsa, and make all vcsa's owned by user vcsa.
Seeing other peoples consoles is bad thing, but believe me, full
root is even worse. */
#include <config.h> #include <config.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
@ -323,8 +331,11 @@ int main (int argc, char **argv)
*/ */
close (2); close (2);
stderr_fd = open ("/dev/tty", O_RDWR); stderr_fd = open ("/dev/tty", O_RDWR);
if (stderr_fd == -1) /* This may well happen if program is running non-root */
stderr_fd = open ("/dev/null", O_RDWR);
if (stderr_fd == -1) if (stderr_fd == -1)
exit (1); exit (1);
if (stderr_fd != 2) if (stderr_fd != 2)
while (dup2 (stderr_fd, 2) == -1 && errno == EINTR) while (dup2 (stderr_fd, 2) == -1 && errno == EINTR)