setgid to group "write" so that terminals need not be world writable

author Kirk McKusick <mckusick@ucbvax.Berkeley.EDU>

Fri, 14 Mar 1986 11:23:05 +0000 (03:23 -0800)

committer Kirk McKusick <mckusick@ucbvax.Berkeley.EDU>

Fri, 14 Mar 1986 11:23:05 +0000 (03:23 -0800)
author Kirk McKusick <mckusick@ucbvax.Berkeley.EDU>
Fri, 14 Mar 1986 11:23:05 +0000 (03:23 -0800)
committer Kirk McKusick <mckusick@ucbvax.Berkeley.EDU>
Fri, 14 Mar 1986 11:23:05 +0000 (03:23 -0800)
diff --git a/usr/src/bin/Makefile b/usr/src/bin/Makefile

index df76167..9096619 100644 (file)
--- a/usr/src/bin/Makefile
+++ b/usr/src/bin/Makefile
@@ -3,7 +3,7 @@
  # All rights reserved.  The Berkeley software License Agreement
  # specifies the terms and conditions for redistribution.
  #
  # All rights reserved.  The Berkeley software License Agreement
  # specifies the terms and conditions for redistribution.
  #
-#      @(#)Makefile    5.15 (Berkeley) %G%
+#      @(#)Makefile    5.16 (Berkeley) %G%
  #
  DESTDIR=
  CFLAGS=        -O
  #
  DESTDIR=
  CFLAGS=        -O
@@ -21,7 +21,7 @@ SCRIPT=       false true
  #
  STD=   ar cat cc chmod cmp date dd du echo ed grep hostid hostname \
         kill ld ln ls mkdir mt nice nm od pagesize pr pwd rm rmail \
  #
  STD=   ar cat cc chmod cmp date dd du echo ed grep hostid hostname \
         kill ld ln ls mkdir mt nice nm od pagesize pr pwd rm rmail \
-       rmdir size stty sync tar tee test time wall who write
+       rmdir size stty sync tar tee test time wall who
  
  # C programs that live in the current directory and need explicit make lines.
  #
  
  # C programs that live in the current directory and need explicit make lines.
  #
@@ -39,7 +39,13 @@ OPERATOR= df
  #
  KMEM=  ps
  
  #
  KMEM=  ps
  
-all:   ${SUBDIR} ${STD} ${NSTD} ${SETUID} ${OPERATOR} ${KMEM} cp mv strip
+# Programs that must run set-group-id write.
+#
+WRITE= write
+
+BINS=  ${STD} ${NSTD} ${SETUID} ${OPERATOR} ${KMEM} ${WRITE} cp mv strip
+
+all:   ${SUBDIR} ${BINS}
  
  ${SUBDIR}: FRC
         cd $@; make ${MFLAGS}
  
  ${SUBDIR}: FRC
         cd $@; make ${MFLAGS}
@@ -47,7 +53,7 @@ ${SUBDIR}: FRC
  FRC:
         
  
  FRC:
         
  
-${STD} ${SETUID} ${OPERATOR} mv cp strip:
+${STD} ${SETUID} ${OPERATOR} ${WRITE} mv cp strip:
         ${CC} ${CFLAGS} -o $@ $@.c
  
  # take care with cp, strip, and mv, install uses them
         ${CC} ${CFLAGS} -o $@ $@.c
  
  # take care with cp, strip, and mv, install uses them
@@ -68,18 +74,19 @@ install:
                 (install -g operator -m 2755 -s $$i ${DESTDIR}/bin/$$i); done
         -for i in ${KMEM}; do \
                 (install -g kmem -m 2755 -s $$i ${DESTDIR}/bin/$$i); done
                 (install -g operator -m 2755 -s $$i ${DESTDIR}/bin/$$i); done
         -for i in ${KMEM}; do \
                 (install -g kmem -m 2755 -s $$i ${DESTDIR}/bin/$$i); done
+       -for i in ${WRITE}; do \
+               (install -g write -m 2755 -s $$i ${DESTDIR}/bin/$$i); done
         rm -f ${DESTDIR}/bin/[; ln ${DESTDIR}/bin/test ${DESTDIR}/bin/[
         rm -f ${DESTDIR}/bin/e; ln ${DESTDIR}/bin/ed ${DESTDIR}/bin/e
         rm -f ${DESTDIR}/bin/chfn; ln ${DESTDIR}/bin/passwd ${DESTDIR}/bin/chfn
         rm -f ${DESTDIR}/bin/chsh; ln ${DESTDIR}/bin/passwd ${DESTDIR}/bin/chsh
  
  clean:
         rm -f ${DESTDIR}/bin/[; ln ${DESTDIR}/bin/test ${DESTDIR}/bin/[
         rm -f ${DESTDIR}/bin/e; ln ${DESTDIR}/bin/ed ${DESTDIR}/bin/e
         rm -f ${DESTDIR}/bin/chfn; ln ${DESTDIR}/bin/passwd ${DESTDIR}/bin/chfn
         rm -f ${DESTDIR}/bin/chsh; ln ${DESTDIR}/bin/passwd ${DESTDIR}/bin/chsh
  
  clean:
-       rm -f a.out core *.s *.o errs
+       rm -f ${BINS} expr.c a.out core *.s *.o errs
         for i in ${SUBDIR}; do (cd $$i; make ${MFLAGS} clean); done
         for i in ${SUBDIR}; do (cd $$i; make ${MFLAGS} clean); done
-       rm -f ${STD} ${NSTD} ${KMEM} ${OPERATOR} ${SETUID} expr.c cp mv strip
  
  depend: expr.c
  
  depend: expr.c
-       for i in ${STD} ${NSTD} ${KMEM} ${OPERATOR} ${SETUID} cp mv strip; do \
+       for i in ${BINS}; do \
             cc -M ${INCPATH} $$i.c | sed 's/\.o//' | \
             awk ' { if ($$1 != prev) \
                 { if (rec != "") print rec; rec = $$0; prev = $$1; } \
             cc -M ${INCPATH} $$i.c | sed 's/\.o//' | \
             awk ' { if ($$1 != prev) \
                 { if (rec != "") print rec; rec = $$0; prev = $$1; } \
@@ -120,10 +127,10 @@ chmod: /usr/include/sys/stat.h /usr/include/sys/dir.h
  cmp: cmp.c /usr/include/stdio.h /usr/include/ctype.h
  date: date.c /usr/include/sys/param.h /usr/include/machine/machparam.h
  date: /usr/include/signal.h /usr/include/sys/types.h /usr/include/stdio.h
  cmp: cmp.c /usr/include/stdio.h /usr/include/ctype.h
  date: date.c /usr/include/sys/param.h /usr/include/machine/machparam.h
  date: /usr/include/signal.h /usr/include/sys/types.h /usr/include/stdio.h
-date: /usr/include/sys/time.h /usr/include/time.h /usr/include/sys/socket.h
-date: /usr/include/netinet/in.h /usr/include/netdb.h
-date: /usr/include/protocols/timed.h /usr/include/sys/file.h
+date: /usr/include/sys/time.h /usr/include/time.h /usr/include/sys/file.h
  date: /usr/include/errno.h /usr/include/syslog.h /usr/include/utmp.h
  date: /usr/include/errno.h /usr/include/syslog.h /usr/include/utmp.h
+date: /usr/include/sys/socket.h /usr/include/netinet/in.h /usr/include/netdb.h
+date: /usr/include/protocols/timed.h
  dd: dd.c /usr/include/stdio.h /usr/include/signal.h
  du: du.c /usr/include/stdio.h /usr/include/sys/param.h
  du: /usr/include/machine/machparam.h /usr/include/signal.h
  dd: dd.c /usr/include/stdio.h /usr/include/signal.h
  du: du.c /usr/include/stdio.h /usr/include/sys/param.h
  du: /usr/include/machine/machparam.h /usr/include/signal.h
@@ -132,7 +139,8 @@ echo: echo.c /usr/include/stdio.h
  ed: ed.c /usr/include/signal.h /usr/include/sgtty.h /usr/include/sys/ioctl.h
  ed: /usr/include/sys/ttychars.h /usr/include/sys/ttydev.h /usr/include/setjmp.h
  grep: grep.c /usr/include/stdio.h /usr/include/ctype.h
  ed: ed.c /usr/include/signal.h /usr/include/sgtty.h /usr/include/sys/ioctl.h
  ed: /usr/include/sys/ttychars.h /usr/include/sys/ttydev.h /usr/include/setjmp.h
  grep: grep.c /usr/include/stdio.h /usr/include/ctype.h
-hostid: hostid.c /usr/include/stdio.h
+hostid: hostid.c /usr/include/sys/types.h /usr/include/stdio.h
+hostid: /usr/include/ctype.h /usr/include/netdb.h
  hostname: hostname.c /usr/include/stdio.h
  kill: kill.c /usr/include/signal.h /usr/include/ctype.h
  ld: ld.c /usr/include/sys/param.h /usr/include/machine/machparam.h
  hostname: hostname.c /usr/include/stdio.h
  kill: kill.c /usr/include/signal.h /usr/include/ctype.h
  ld: ld.c /usr/include/sys/param.h /usr/include/machine/machparam.h
@@ -195,32 +203,10 @@ wall: /usr/include/signal.h /usr/include/sys/time.h /usr/include/time.h
  wall: /usr/include/fcntl.h /usr/include/sys/types.h /usr/include/sys/stat.h
  who: who.c /usr/include/stdio.h /usr/include/utmp.h /usr/include/pwd.h
  who: /usr/include/ctype.h
  wall: /usr/include/fcntl.h /usr/include/sys/types.h /usr/include/sys/stat.h
  who: who.c /usr/include/stdio.h /usr/include/utmp.h /usr/include/pwd.h
  who: /usr/include/ctype.h
-write: write.c /usr/include/stdio.h /usr/include/ctype.h
-write: /usr/include/sys/types.h /usr/include/sys/stat.h /usr/include/signal.h
-write: /usr/include/utmp.h /usr/include/sys/time.h /usr/include/time.h
  expr: expr.c /usr/include/stdio.h
  expr: expr.c /usr/include/stdio.h
-ps: ps.c /usr/include/stdio.h /usr/include/ctype.h /usr/include/nlist.h
-ps: /usr/include/pwd.h /usr/include/sys/param.h
-ps: /usr/include/machine/machparam.h /usr/include/signal.h
-ps: /usr/include/sys/types.h /usr/include/sys/ioctl.h
-ps: /usr/include/sys/ttychars.h /usr/include/sys/ttydev.h
-ps: /usr/include/sys/tty.h /usr/include/sys/ttychars.h
-ps: /usr/include/sys/ttydev.h /usr/include/sys/dir.h /usr/include/sys/user.h
-ps: /usr/include/machine/pcb.h /usr/include/sys/dmap.h /usr/include/sys/time.h
-ps: /usr/include/time.h /usr/include/sys/resource.h /usr/include/sys/namei.h
-ps: /usr/include/sys/uio.h /usr/include/errno.h /usr/include/sys/proc.h
-ps: /usr/include/machine/pte.h /usr/include/sys/vm.h /usr/include/sys/vmparam.h
-ps: /usr/include/machine/vmparam.h /usr/include/sys/vmmac.h
-ps: /usr/include/sys/vmmeter.h /usr/include/sys/vmsystm.h
-ps: /usr/include/sys/text.h /usr/include/sys/stat.h /usr/include/sys/mbuf.h
-ps: /usr/include/math.h /usr/include/errno.h
  chgrp: chgrp.c /usr/include/stdio.h /usr/include/ctype.h
  chgrp: /usr/include/sys/types.h /usr/include/sys/stat.h /usr/include/grp.h
  chgrp: /usr/include/pwd.h /usr/include/sys/dir.h
  chgrp: chgrp.c /usr/include/stdio.h /usr/include/ctype.h
  chgrp: /usr/include/sys/types.h /usr/include/sys/stat.h /usr/include/grp.h
  chgrp: /usr/include/pwd.h /usr/include/sys/dir.h
-df: df.c /usr/include/sys/param.h /usr/include/machine/machparam.h
-df: /usr/include/signal.h /usr/include/sys/types.h /usr/include/sys/fs.h
-df: /usr/include/sys/stat.h /usr/include/errno.h /usr/include/stdio.h
-df: /usr/include/fstab.h /usr/include/mtab.h
  login: login.c /usr/include/sys/param.h /usr/include/machine/machparam.h
  login: /usr/include/signal.h /usr/include/sys/types.h /usr/include/sys/quota.h
  login: /usr/include/sys/stat.h /usr/include/sys/time.h /usr/include/time.h
  login: login.c /usr/include/sys/param.h /usr/include/machine/machparam.h
  login: /usr/include/signal.h /usr/include/sys/types.h /usr/include/sys/quota.h
  login: /usr/include/sys/stat.h /usr/include/sys/time.h /usr/include/time.h
@@ -229,6 +215,7 @@ login: /usr/include/sys/ioctl.h /usr/include/sys/ttychars.h
  login: /usr/include/sys/ttydev.h /usr/include/utmp.h /usr/include/signal.h
  login: /usr/include/pwd.h /usr/include/stdio.h /usr/include/lastlog.h
  login: /usr/include/errno.h /usr/include/ttyent.h /usr/include/syslog.h
  login: /usr/include/sys/ttydev.h /usr/include/utmp.h /usr/include/signal.h
  login: /usr/include/pwd.h /usr/include/stdio.h /usr/include/lastlog.h
  login: /usr/include/errno.h /usr/include/ttyent.h /usr/include/syslog.h
+login: /usr/include/grp.h
  mail: mail.c /usr/include/sys/types.h /usr/include/sys/stat.h
  mail: /usr/include/sys/file.h /usr/include/ctype.h /usr/include/stdio.h
  mail: /usr/include/pwd.h /usr/include/utmp.h /usr/include/signal.h
  mail: mail.c /usr/include/sys/types.h /usr/include/sys/stat.h
  mail: /usr/include/sys/file.h /usr/include/ctype.h /usr/include/stdio.h
  mail: /usr/include/pwd.h /usr/include/utmp.h /usr/include/signal.h
@@ -249,6 +236,28 @@ rcp: /usr/include/errno.h /usr/include/sys/dir.h
  su: su.c /usr/include/stdio.h /usr/include/pwd.h /usr/include/grp.h
  su: /usr/include/syslog.h /usr/include/sys/types.h /usr/include/sys/time.h
  su: /usr/include/time.h /usr/include/sys/resource.h
  su: su.c /usr/include/stdio.h /usr/include/pwd.h /usr/include/grp.h
  su: /usr/include/syslog.h /usr/include/sys/types.h /usr/include/sys/time.h
  su: /usr/include/time.h /usr/include/sys/resource.h
+df: df.c /usr/include/sys/param.h /usr/include/machine/machparam.h
+df: /usr/include/signal.h /usr/include/sys/types.h /usr/include/sys/fs.h
+df: /usr/include/sys/stat.h /usr/include/errno.h /usr/include/stdio.h
+df: /usr/include/fstab.h /usr/include/mtab.h
+ps: ps.c /usr/include/stdio.h /usr/include/ctype.h /usr/include/a.out.h
+ps: /usr/include/sys/exec.h /usr/include/pwd.h /usr/include/sys/param.h
+ps: /usr/include/machine/machparam.h /usr/include/signal.h
+ps: /usr/include/sys/types.h /usr/include/sys/ioctl.h
+ps: /usr/include/sys/ttychars.h /usr/include/sys/ttydev.h
+ps: /usr/include/sys/tty.h /usr/include/sys/ttychars.h
+ps: /usr/include/sys/ttydev.h /usr/include/sys/dir.h /usr/include/sys/user.h
+ps: /usr/include/machine/pcb.h /usr/include/sys/dmap.h /usr/include/sys/time.h
+ps: /usr/include/time.h /usr/include/sys/resource.h /usr/include/sys/namei.h
+ps: /usr/include/sys/uio.h /usr/include/errno.h /usr/include/sys/proc.h
+ps: /usr/include/machine/pte.h /usr/include/sys/vm.h /usr/include/sys/vmparam.h
+ps: /usr/include/machine/vmparam.h /usr/include/sys/vmmac.h
+ps: /usr/include/sys/vmmeter.h /usr/include/sys/vmsystm.h
+ps: /usr/include/sys/text.h /usr/include/sys/stat.h /usr/include/sys/mbuf.h
+ps: /usr/include/math.h /usr/include/errno.h /usr/include/utmp.h
+write: write.c /usr/include/stdio.h /usr/include/ctype.h
+write: /usr/include/sys/types.h /usr/include/sys/stat.h /usr/include/signal.h
+write: /usr/include/utmp.h /usr/include/sys/time.h /usr/include/time.h
  cp: cp.c /usr/include/stdio.h /usr/include/sys/param.h
  cp: /usr/include/machine/machparam.h /usr/include/signal.h
  cp: /usr/include/sys/types.h /usr/include/sys/stat.h /usr/include/sys/dir.h
  cp: cp.c /usr/include/stdio.h /usr/include/sys/param.h
  cp: /usr/include/machine/machparam.h /usr/include/signal.h
  cp: /usr/include/sys/types.h /usr/include/sys/stat.h /usr/include/sys/dir.h
diff --git a/usr/src/usr.bin/login/login.c b/usr/src/usr.bin/login/login.c

index 1f76ffe..2762be2 100644 (file)
--- a/usr/src/usr.bin/login/login.c
+++ b/usr/src/usr.bin/login/login.c
@@ -11,7 +11,7 @@ char copyright[] =
  #endif not lint
  
  #ifndef lint
  #endif not lint
  
  #ifndef lint
-static char sccsid[] = "@(#)login.c    5.12 (Berkeley) %G%";
+static char sccsid[] = "@(#)login.c    5.13 (Berkeley) %G%";
  #endif not lint
  
  /*
  #endif not lint
  
  /*
@@ -36,6 +36,10 @@ static char sccsid[] = "@(#)login.c  5.12 (Berkeley) %G%";
  #include <errno.h>
  #include <ttyent.h>
  #include <syslog.h>
  #include <errno.h>
  #include <ttyent.h>
  #include <syslog.h>
+#include <grp.h>
+
+#define WRITENAME       "write"         /* name of group to own ttys */
+#define WRITEGID        write_gid()     /* gid that owns all ttys */
  
  #define        SCMPN(a, b)     strncmp(a, b, sizeof(a))
  #define        SCPYN(a, b)     strncpy(a, b, sizeof(a))
  
  #define        SCMPN(a, b)     strncmp(a, b, sizeof(a))
  #define        SCPYN(a, b)     strncpy(a, b, sizeof(a))
@@ -324,10 +328,10 @@ main(argc, argv)
                 write(f, (char *) &ll, sizeof ll);
                 close(f);
         }
                 write(f, (char *) &ll, sizeof ll);
                 close(f);
         }
-       chown(ttyn, pwd->pw_uid, pwd->pw_gid);
+       chown(ttyn, pwd->pw_uid, WRITEGID);
         if (!hflag && !rflag)                                   /* XXX */
                 ioctl(0, TIOCSWINSZ, &win);
         if (!hflag && !rflag)                                   /* XXX */
                 ioctl(0, TIOCSWINSZ, &win);
-       chmod(ttyn, 0622);
+       chmod(ttyn, 0620);
         setgid(pwd->pw_gid);
         strncpy(name, utmp.ut_name, NMAX);
         name[NMAX] = '\0';
         setgid(pwd->pw_gid);
         strncpy(name, utmp.ut_name, NMAX);
         name[NMAX] = '\0';
@@ -566,3 +570,17 @@ setenv(var, value, clobber)
         strcat(environ[index], value);
         environ[++index] = NULL;
  }
         strcat(environ[index], value);
         environ[++index] = NULL;
  }
+
+write_gid()
+{
+       struct group *getgrnam(), *gr;
+       int gid = 0;
+
+       gr = getgrnam(WRITENAME);
+       if (gr != (struct group *) 0)
+               gid = gr->gr_gid;
+
+       endgrent();
+
+       return gid;
+}
diff --git a/usr/src/usr.bin/login/login.c.1 b/usr/src/usr.bin/login/login.c.1

index ca6cf39..9d1f126 100644 (file)
--- a/usr/src/usr.bin/login/login.c.1
+++ b/usr/src/usr.bin/login/login.c.1
@@ -11,7 +11,7 @@ char copyright[] =
  #endif not lint
  
  #ifndef lint
  #endif not lint
  
  #ifndef lint
-static char sccsid[] = "@(#)login.c.1  5.12 (Berkeley) %G%";
+static char sccsid[] = "@(#)login.c.1  5.13 (Berkeley) %G%";
  #endif not lint
  
  /*
  #endif not lint
  
  /*
@@ -36,6 +36,10 @@ static char sccsid[] = "@(#)login.c.1        5.12 (Berkeley) %G%";
  #include <errno.h>
  #include <ttyent.h>
  #include <syslog.h>
  #include <errno.h>
  #include <ttyent.h>
  #include <syslog.h>
+#include <grp.h>
+
+#define WRITENAME       "write"         /* name of group to own ttys */
+#define WRITEGID        write_gid()     /* gid that owns all ttys */
  
  #define        SCMPN(a, b)     strncmp(a, b, sizeof(a))
  #define        SCPYN(a, b)     strncpy(a, b, sizeof(a))
  
  #define        SCMPN(a, b)     strncmp(a, b, sizeof(a))
  #define        SCPYN(a, b)     strncpy(a, b, sizeof(a))
@@ -324,10 +328,10 @@ main(argc, argv)
                 write(f, (char *) &ll, sizeof ll);
                 close(f);
         }
                 write(f, (char *) &ll, sizeof ll);
                 close(f);
         }
-       chown(ttyn, pwd->pw_uid, pwd->pw_gid);
+       chown(ttyn, pwd->pw_uid, WRITEGID);
         if (!hflag && !rflag)                                   /* XXX */
                 ioctl(0, TIOCSWINSZ, &win);
         if (!hflag && !rflag)                                   /* XXX */
                 ioctl(0, TIOCSWINSZ, &win);
-       chmod(ttyn, 0622);
+       chmod(ttyn, 0620);
         setgid(pwd->pw_gid);
         strncpy(name, utmp.ut_name, NMAX);
         name[NMAX] = '\0';
         setgid(pwd->pw_gid);
         strncpy(name, utmp.ut_name, NMAX);
         name[NMAX] = '\0';
@@ -566,3 +570,17 @@ setenv(var, value, clobber)
         strcat(environ[index], value);
         environ[++index] = NULL;
  }
         strcat(environ[index], value);
         environ[++index] = NULL;
  }
+
+write_gid()
+{
+       struct group *getgrnam(), *gr;
+       int gid = 0;
+
+       gr = getgrnam(WRITENAME);
+       if (gr != (struct group *) 0)
+               gid = gr->gr_gid;
+
+       endgrent();
+
+       return gid;
+}
author	Kirk McKusick <mckusick@ucbvax.Berkeley.EDU>
	Fri, 14 Mar 1986 11:23:05 +0000 (03:23 -0800)
committer	Kirk McKusick <mckusick@ucbvax.Berkeley.EDU>
	Fri, 14 Mar 1986 11:23:05 +0000 (03:23 -0800)
usr/src/bin/Makefile		patch \| blob \| blame \| history
usr/src/usr.bin/login/login.c		patch \| blob \| blame \| history
usr/src/usr.bin/login/login.c.1		patch \| blob \| blame \| history