From 24d6db4b64a2335d85edced05776ba087ae86eef Mon Sep 17 00:00:00 2001 From: Thomas Schmitt Date: Wed, 26 Sep 2007 15:53:43 +0000 Subject: [PATCH] Disabled --allow_emulated_drives in setuid runs --- cdrskin/cdrskin.1 | 5 ++++- cdrskin/cdrskin.c | 31 ++++++++++++++++++++++--------- cdrskin/cdrskin_timestamp.h | 2 +- 3 files changed, 27 insertions(+), 11 deletions(-) diff --git a/cdrskin/cdrskin.1 b/cdrskin/cdrskin.1 index 7944f5f..1e777ff 100644 --- a/cdrskin/cdrskin.1 +++ b/cdrskin/cdrskin.1 @@ -2,7 +2,7 @@ .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) -.TH CDRSKIN 1 "September 19, 2007" +.TH CDRSKIN 1 "September 26, 2007" .\" Please adjust this date whenever revising the manpage. .\" .\" Some roff macros, for reference: @@ -285,6 +285,9 @@ The target file address is given after prefix "stdio:". .br E.g.: dev=stdio:/tmp/my_pseudo_drive .br +Note: --allow_emulated_drives will not work if cdrskin has changed user +identity via the setuid bit of its access permissions. +.br Warning: Superusers must take care not to spoil their hard disk via its raw block device (like /dev/hda or /dev/sd0). .br diff --git a/cdrskin/cdrskin.c b/cdrskin/cdrskin.c index a541b34..ca963f5 100644 --- a/cdrskin/cdrskin.c +++ b/cdrskin/cdrskin.c @@ -1946,6 +1946,16 @@ int Cdrpreskin_queue_msgs(struct CdrpreskiN *o, int flag) } +int Cdrpreskin_consider_normal_user(int flag) +{ + fprintf(stderr, + "cdrskin: HINT : Consider to allow rw-access to the writer devices and\n"); + fprintf(stderr, + "cdrskin: HINT : to run cdrskin under your normal user identity.\n"); + return(1); +} + + /* Start the fallback program as replacement of the cdrskin run. @param flag bit0=do not report start command */ @@ -1959,10 +1969,7 @@ int Cdrpreskin_fallback(struct CdrpreskiN *preskin, int argc, char **argv, if(getuid()!=geteuid() && !preskin->allow_setuid) { fprintf(stderr, "cdrskin: SORRY : uid and euid differ. Will not start external fallback program.\n"); - fprintf(stderr, - "cdrskin: HINT : Consider to allow rw-access to the writer device and\n"); - fprintf(stderr, - "cdrskin: HINT : to run cdrskin under your normal user identity.\n"); + Cdrpreskin_consider_normal_user(0); fprintf(stderr, "cdrskin: HINT : Option --allow_setuid disables this safety check.\n"); goto failure; @@ -2213,7 +2220,12 @@ return: o->abort_handler= 3; } else if(strcmp(argv[i],"--allow_emulated_drives")==0) { - o->allow_emulated_drives= 1; + if(getuid()!=geteuid()) { + fprintf(stderr, + "cdrskin: SORRY : uid and euid differ. Will not --allow_emulated_drives\n"); + Cdrpreskin_consider_normal_user(0); + } else + o->allow_emulated_drives= 1; } else if(strcmp(argv[i],"--allow_setuid")==0) { o->allow_setuid= 1; @@ -6538,10 +6550,7 @@ sorry_failed_to_eject:; if(getuid()!=geteuid()) { fprintf(stderr, "cdrskin: SORRY : uid and euid differ. Will not start external eject.\n"); - fprintf(stderr, - "cdrskin: HINT : Consider to allow rw-access to the writer device and\n"); - fprintf(stderr, - "cdrskin: HINT : to run cdrskin under your normal user identity.\n"); + Cdrpreskin_consider_normal_user(0); return(0); } @@ -7534,6 +7543,10 @@ int Cdrskin_create(struct CdrskiN **o, struct CdrpreskiN **preskin, (*preskin)->demands_cdrskin_caps= 1; } else { fprintf(stderr,"cdrskin: SORRY : dev=stdio:... works only with option --allow_emulated_drives\n"); + if(getuid()!=geteuid()) { + fprintf(stderr,"cdrskin: SORRY : but uid and euid differ. So this option will be rejected.\n"); + Cdrpreskin_consider_normal_user(0); + } {*exit_value= 2; goto ex;} } } diff --git a/cdrskin/cdrskin_timestamp.h b/cdrskin/cdrskin_timestamp.h index 3243f99..4710fcf 100644 --- a/cdrskin/cdrskin_timestamp.h +++ b/cdrskin/cdrskin_timestamp.h @@ -1 +1 @@ -#define Cdrskin_timestamP "2007.09.24.181340" +#define Cdrskin_timestamP "2007.09.26.155301"