kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-05 04:11:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged revisions 86066 via svnmerge from

Browse Source 
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r86066 | tilghman | 2007-10-17 10:23:51 -0500 (Wed, 17 Oct 2007) | 3 lines

When runuser/rungroup is specified, a remote console could only be attained by root
(Closes issue #9999)

........


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@86079 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Tilghman Lesher
2007-10-17 15:39:24 +00:00
parent 746dc07e2c
commit 616ec5d340
1 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
main/asterisk.c
View File

@@ -2617,7 +2617,7 @@ int main(int argc, char *argv[])
FILE *f; FILE *f;
sigset_t sigs; sigset_t sigs;
int num; int num;
int is_child_of_nonroot = 0; int isroot = 1;
char *buf; char *buf;
char *runuser = NULL, *rungroup = NULL; char *runuser = NULL, *rungroup = NULL;
@@ -2630,6 +2630,9 @@ int main(int argc, char *argv[])
_argv[x] = argv[x]; _argv[x] = argv[x];
_argv[x] = NULL; _argv[x] = NULL;
if (geteuid() != 0)
isroot = 0;
/* if the progname is rasterisk consider it a remote console */ /* if the progname is rasterisk consider it a remote console */
if (argv[0] && (strstr(argv[0], "rasterisk")) != NULL) { if (argv[0] && (strstr(argv[0], "rasterisk")) != NULL) {
ast_set_flag(&ast_options, AST_OPT_FLAG_NO_FORK | AST_OPT_FLAG_REMOTE); ast_set_flag(&ast_options, AST_OPT_FLAG_NO_FORK | AST_OPT_FLAG_REMOTE);
@@ -2643,11 +2646,7 @@ int main(int argc, char *argv[])
ast_builtins_init(); ast_builtins_init();
ast_utils_init(); ast_utils_init();
tdd_init(); tdd_init();
/* When Asterisk restarts after it has dropped the root privileges,
* it can't issue setuid(), setgid(), setgroups() or set_priority()
*/
if (getenv("ASTERISK_ALREADY_NONROOT"))
is_child_of_nonroot=1;
if (getenv("HOME")) if (getenv("HOME"))
snprintf(filename, sizeof(filename), "%s/.asterisk_history", getenv("HOME")); snprintf(filename, sizeof(filename), "%s/.asterisk_history", getenv("HOME"));
/* Check for options */ /* Check for options */
@@ -2792,10 +2791,10 @@ int main(int argc, char *argv[])
#ifndef __CYGWIN__ #ifndef __CYGWIN__
if (!is_child_of_nonroot) if (isroot)
ast_set_priority(ast_opt_high_priority); ast_set_priority(ast_opt_high_priority);
if (!is_child_of_nonroot && rungroup) { if (isroot && rungroup) {
struct group *gr; struct group *gr;
gr = getgrnam(rungroup); gr = getgrnam(rungroup);
if (!gr) { if (!gr) {
@@ -2814,7 +2813,7 @@ int main(int argc, char *argv[])
ast_verbose("Running as group '%s'\n", rungroup); ast_verbose("Running as group '%s'\n", rungroup);
} }
if (!is_child_of_nonroot && runuser) { if (runuser && !ast_test_flag(&ast_options, AST_OPT_FLAG_REMOTE)) {
#ifdef HAVE_CAP #ifdef HAVE_CAP
int has_cap = 1; int has_cap = 1;
#endif /* HAVE_CAP */ #endif /* HAVE_CAP */
@@ -2830,6 +2829,10 @@ int main(int argc, char *argv[])
has_cap = 0; has_cap = 0;
} }
#endif /* HAVE_CAP */ #endif /* HAVE_CAP */
if (!isroot && pw->pw_uid != geteuid()) {
ast_log(LOG_ERROR, "Asterisk started as nonroot, but runuser '%s' requested.\n", runuser);
exit(1);
}
if (!rungroup) { if (!rungroup) {
if (setgid(pw->pw_gid)) { if (setgid(pw->pw_gid)) {
ast_log(LOG_WARNING, "Unable to setgid to %d!\n", (int)pw->pw_gid); ast_log(LOG_WARNING, "Unable to setgid to %d!\n", (int)pw->pw_gid);
@@ -2844,7 +2847,6 @@ int main(int argc, char *argv[])
ast_log(LOG_WARNING, "Unable to setuid to %d (%s)\n", (int)pw->pw_uid, runuser); ast_log(LOG_WARNING, "Unable to setuid to %d (%s)\n", (int)pw->pw_uid, runuser);
exit(1); exit(1);
} }
setenv("ASTERISK_ALREADY_NONROOT", "yes", 1);
if (option_verbose) if (option_verbose)
ast_verbose("Running as user '%s'\n", runuser); ast_verbose("Running as user '%s'\n", runuser);
#ifdef HAVE_CAP #ifdef HAVE_CAP