-case "$host_alias" in
- *ultrix) ac_cv_func_setsid='no' ;;
- *) break;;
-esac
-
-
-
-
for ac_func in \
- atexit \
revoke \
unsetenv \
setutent \
seteuid \
+ setresuid \
setreuid \
- setsid \
- setpgrp \
- setpgid \
_getpty \
getpt \
posix_openpt \
#define HAVE_UNIX_FDPASS 1
_ACEOF
+else
+ { { echo "$as_me:$LINENO: error: urxvt requires unix-compliant filehandle passing ability" >&5
+echo "$as_me: error: urxvt requires unix-compliant filehandle passing ability" >&2;}
+ { (exit 1); exit 1; }; }
fi
echo "$as_me:$LINENO: checking for broken XIM callback" >&5
PERLLIB="`$PERL -MExtUtils::Embed -e ldopts`"
PERLPRIVLIBEXP="`$PERL -MConfig -e 'print $Config{privlibexp}'`"
else
- support_perl=no
- echo "$as_me:$LINENO: result: no, unable to link" >&5
-echo "${ECHO_T}no, unable to link" >&6
+ { { echo "$as_me:$LINENO: error: no, unable to link" >&5
+echo "$as_me: error: no, unable to link" >&2;}
+ { (exit 1); exit 1; }; }
fi
else
- { { echo "$as_me:$LINENO: error: no working perl found" >&5
-echo "$as_me: error: no working perl found" >&2;}
- { (exit or perl not version >= 5.8); exit or perl not version >= 5.8; }; }
- support_perl=no
+ { { echo "$as_me:$LINENO: error: no working perl found, or perl not version >= 5.8" >&5
+echo "$as_me: error: no working perl found, or perl not version >= 5.8" >&2;}
+ { (exit 1); exit 1; }; }
fi
fi
unsetenv \
setutent \
seteuid \
+ setresuid \
setreuid \
_getpty \
getpt \
if (cmd_pid)
kill (-cmd_pid, SIGHUP);
-#ifdef UTMP_SUPPORT
- privileged_utmp (RESTORE);
-#endif
-
delete pty; pty = 0;
}
void
rxvt_init ()
{
+ uid_t uid = getuid ();
+ gid_t gid = getgid ();
+
+ // before doing anything else, check for setuid/setgid operation,
+ // start the helper process and drop privileges
+ if (uid != geteuid ()
+ || 1 //D
+ || gid != getegid ())
+ {
+#if PTYTTY_HELPER
+ rxvt_ptytty_server ();
+#else
+ rxvt_warn ("running setuid/setgid without pty helper compiled in, continuing unprivileged.\n");
+#endif
+
+ // drop privileges
+#if HAVE_SETRESUID
+ setresgid (gid, gid, gid);
+ setresuid (uid, uid, uid);
+#elif HAVE_SETREUID
+ setregid (gid, gid);
+ setreuid (uid, uid);
+#elif HAVE_SETUID
+ setgid (gid);
+ setuid (uid);
+#endif
+
+ if (uid != geteuid ()
+ || gid != getegid ())
+ rxvt_fatal ("unable to drop privileges, aborting.\n");
+ }
+
rxvt_environ = environ;
/*
#ifdef PTYS_ARE_OPENPTY
char tty_name[sizeof "/dev/pts/????\0"];
- rxvt_privileges(RESTORE);
int res = openpty (&pfd, fd_tty, tty_name, NULL, NULL);
- rxvt_privileges(IGNORE);
if (res != -1)
{
if (!name || !*name)
return;
- rxvt_privileges (RESTORE);
-
if (action == SAVE)
{
# ifndef RESET_TTY_TO_COMMON_DEFAULTS
# endif
}
-
- rxvt_privileges (IGNORE);
}
#endif
{
rxvt_ptytty *id;
- rxvt_ptytty_proxy ();
~rxvt_ptytty_proxy ();
bool get ();
cmd.hostname[sizeof (cmd.hostname) - 1] = 0;
cmd.id->login (cmd.cmd_pid, cmd.login_shell, cmd.hostname);
}
- else printf ("xxx hiya login no match %p\n", cmd.id);
}
else if (cmd.type == command::destroy)
{
ptys.erase (pty);
delete *pty;
}
- else printf ("xxx hiya destroy no match %p\n", cmd.id);
}
else
break;
}
else
{
+ setgid (getegid ());
+ setuid (geteuid ());
+
// server, pty-helper
sock_fd = sv[1];
- close (sv[0]);//D
-// for (int fd = 0; fd < 1023; fd++)
-// if (fd != sock_fd)
-// close (fd);
+ for (int fd = 0; fd < 1023; fd++)
+ if (fd != sock_fd)
+ close (fd);
serve ();
_exit (EXIT_SUCCESS);
{
#if PTYTTY_HELPER
if (pid > 0)
- {
- // use helper process
- return new rxvt_ptytty_proxy;
- }
+ // use helper process
+ return new rxvt_ptytty_proxy;
else
#endif
return new rxvt_ptytty_unix;
int
main (int argc, const char *const *argv)
{
+ rxvt_init ();
+
for (int i = 1; i < argc; i++)
{
if (!strcmp (argv [i], "-f") || !strcmp (argv [i], "--fork"))
}
}
- rxvt_init ();
-
chdir ("/");
if (opt_opendisplay)