diff options
| -rw-r--r-- | Misc/NEWS | 2 | ||||
| -rw-r--r-- | Misc/README | 3 | ||||
| -rw-r--r-- | Misc/setuid-prog.c | 176 | 
3 files changed, 2 insertions, 179 deletions
| @@ -62,6 +62,8 @@ Tests  Tools/Demos  ----------- +- Issue #10710: ``Misc/setuid-prog.c`` is removed from the source tree. +  - Issue #10706: Remove outdated script runtests.sh.  Either ``make test``    or ``python -m test`` should be used instead. diff --git a/Misc/README b/Misc/README index e7a59c7182..d12820af64 100644 --- a/Misc/README +++ b/Misc/README @@ -20,7 +20,6 @@ NEWS                    News for this release (for some meaning of "this")  NEWS.help               How to edit NEWS  Porting                 Mini-FAQ on porting to new platforms  PURIFY.README           Information for Purify users -pymemcompat.h           Memory interface compatibility file.  python-config.in        Python script template for python-config  python.man              UNIX man page for the python interpreter  python-mode.el          Emacs mode for editing Python programs @@ -31,9 +30,7 @@ README.coverity         Information about running Coverity's Prevent on Python  README.klocwork         Information about running Klocwork's K7 on Python  README.OpenBSD          Help for building problems on OpenBSD  README.valgrind         Information for Valgrind users, see valgrind-python.supp -RFD                     Request For Discussion about a Python newsgroup  RPM                     (Old) tools to build RPMs -setuid-prog.c           C helper program for set-uid Python scripts  SpecialBuilds.txt       Describes extra symbols you can set for debug builds  TextMate                A TextMate bundle for Python development  valgrind-python.supp    Valgrind suppression file, see README.valgrind diff --git a/Misc/setuid-prog.c b/Misc/setuid-prog.c deleted file mode 100644 index 3785d99d7f..0000000000 --- a/Misc/setuid-prog.c +++ /dev/null @@ -1,176 +0,0 @@ -/* -   Template for a setuid program that calls a script. - -   The script should be in an unwritable directory and should itself -   be unwritable.  In fact all parent directories up to the root -   should be unwritable.  The script must not be setuid, that's what -   this program is for. - -   This is a template program.  You need to fill in the name of the -   script that must be executed.  This is done by changing the -   definition of FULL_PATH below. - -   There are also some rules that should be adhered to when writing -   the script itself. - -   The first and most important rule is to never, ever trust that the -   user of the program will behave properly.  Program defensively. -   Check your arguments for reasonableness.  If the user is allowed to -   create files, check the names of the files.  If the program depends -   on argv[0] for the action it should perform, check it. - -   Assuming the script is a Bourne shell script, the first line of the -   script should be -    #!/bin/sh - -   The - is important, don't omit it.  If you're using esh, the first -   line should be -    #!/usr/local/bin/esh -f -   and for ksh, the first line should be -    #!/usr/local/bin/ksh -p -   The script should then set the variable IFS to the string -   consisting of <space>, <tab>, and <newline>.  After this (*not* -   before!), the PATH variable should be set to a reasonable value and -   exported.  Do not expect the PATH to have a reasonable value, so do -   not trust the old value of PATH.  You should then set the umask of -   the program by calling -    umask 077 # or 022 if you want the files to be readable -   If you plan to change directories, you should either unset CDPATH -   or set it to a good value.  Setting CDPATH to just ``.'' (dot) is a -   good idea. -   If, for some reason, you want to use csh, the first line should be -    #!/bin/csh -fb -   You should then set the path variable to something reasonable, -   without trusting the inherited path.  Here too, you should set the -   umask using the command -    umask 077 # or 022 if you want the files to be readable -*/ - -#include <unistd.h> -#include <stdlib.h> -#include <stdio.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <string.h> - -/* CONFIGURATION SECTION */ - -#ifndef FULL_PATH       /* so that this can be specified from the Makefile */ -/* Uncomment the following line: -#define FULL_PATH       "/full/path/of/script" -* Then comment out the #error line. */ -#error "You must define FULL_PATH somewhere" -#endif -#ifndef UMASK -#define UMASK           077 -#endif - -/* END OF CONFIGURATION SECTION */ - -#if defined(__STDC__) && defined(__sgi) -#define environ _environ -#endif - -/* don't change def_IFS */ -char def_IFS[] = "IFS= \t\n"; -/* you may want to change def_PATH, but you should really change it in */ -/* your script */ -#ifdef __sgi -char def_PATH[] = "PATH=/usr/bsd:/usr/bin:/bin:/usr/local/bin:/usr/sbin"; -#else -char def_PATH[] = "PATH=/usr/ucb:/usr/bin:/bin:/usr/local/bin"; -#endif -/* don't change def_CDPATH */ -char def_CDPATH[] = "CDPATH=."; -/* don't change def_ENV */ -char def_ENV[] = "ENV=:"; - -/* -   This function changes all environment variables that start with LD_ -   into variables that start with XD_.  This is important since we -   don't want the script that is executed to use any funny shared -   libraries. - -   The other changes to the environment are, strictly speaking, not -   needed here.  They can safely be done in the script.  They are done -   here because we don't trust the script writer (just like the script -   writer shouldn't trust the user of the script). -   If IFS is set in the environment, set it to space,tab,newline. -   If CDPATH is set in the environment, set it to ``.''. -   Set PATH to a reasonable default. -*/ -void -clean_environ(void) -{ -    char **p; -    extern char **environ; - -    for (p = environ; *p; p++) { -        if (strncmp(*p, "LD_", 3) == 0) -            **p = 'X'; -        else if (strncmp(*p, "_RLD", 4) == 0) -            **p = 'X'; -        else if (strncmp(*p, "PYTHON", 6) == 0) -            **p = 'X'; -        else if (strncmp(*p, "IFS=", 4) == 0) -            *p = def_IFS; -        else if (strncmp(*p, "CDPATH=", 7) == 0) -            *p = def_CDPATH; -        else if (strncmp(*p, "ENV=", 4) == 0) -            *p = def_ENV; -    } -    putenv(def_PATH); -} - -int -main(int argc, char **argv) -{ -    struct stat statb; -    gid_t egid = getegid(); -    uid_t euid = geteuid(); - -    /* -       Sanity check #1. -       This check should be made compile-time, but that's not possible. -       If you're sure that you specified a full path name for FULL_PATH, -       you can omit this check. -    */ -    if (FULL_PATH[0] != '/') { -        fprintf(stderr, "%s: %s is not a full path name\n", argv[0], -            FULL_PATH); -        fprintf(stderr, "You can only use this wrapper if you\n"); -        fprintf(stderr, "compile it with an absolute path.\n"); -        exit(1); -    } - -    /* -       Sanity check #2. -       Check that the owner of the script is equal to either the -       effective uid or the super user. -    */ -    if (stat(FULL_PATH, &statb) < 0) { -        perror("stat"); -        exit(1); -    } -    if (statb.st_uid != 0 && statb.st_uid != euid) { -        fprintf(stderr, "%s: %s has the wrong owner\n", argv[0], -            FULL_PATH); -        fprintf(stderr, "The script should be owned by root,\n"); -        fprintf(stderr, "and shouldn't be writable by anyone.\n"); -        exit(1); -    } - -    if (setregid(egid, egid) < 0) -        perror("setregid"); -    if (setreuid(euid, euid) < 0) -        perror("setreuid"); - -    clean_environ(); - -    umask(UMASK); - -    while (**argv == '-')       /* don't let argv[0] start with '-' */ -        (*argv)++; -    execv(FULL_PATH, argv); -    fprintf(stderr, "%s: could not execute the script\n", argv[0]); -    exit(1); -} | 
