Patch #: 109 Type: operational change Priority: none Modification: increase security of LWSRV_AUFS_SECURITY Submitted: Heather Ebey Archived: munnari.OZ.AU mac/cap.patches/cap60.patch109 Application: 'cd cap60; patch -p < cap60.patches/cap60.patch109' Summary: move flag file into user owned mode 0700 directory File: cap60/applications/lwsrv/lwsrv.c File: cap60/applications/aufs/aufs.c File: cap60/applications/aufs/afpos.c File: cap60/Configure *** applications/lwsrv/lwsrv.c.orig Tue Jun 30 02:00:33 1992 --- applications/lwsrv/lwsrv.c Sat Jul 4 12:32:53 1992 *************** *** 1,6 **** ! static char rcsid[] = "$Author: djh $ $Date: 1992/06/29 16:00:15 $"; ! static char rcsident[] = "$Header: /mac/src/cap60/applications/lwsrv/RCS/lwsrv.c,v 2.20 1992/06/29 16:00:15 djh Rel djh $"; ! static char revision[] = "$Revision: 2.20 $"; /* * lwsrv - UNIX AppleTalk spooling program: act as a laserwriter --- 1,6 ---- ! static char rcsid[] = "$Author: djh $ $Date: 1992/07/04 02:32:42 $"; ! static char rcsident[] = "$Header: /mac/src/cap60/applications/lwsrv/RCS/lwsrv.c,v 2.21 1992/07/04 02:32:42 djh Rel djh $"; ! static char revision[] = "$Revision: 2.21 $"; /* * lwsrv - UNIX AppleTalk spooling program: act as a laserwriter *************** *** 48,53 **** --- 48,55 ---- #include /* include appletalk definitions */ #include + #include + #ifdef USESTRINGDOTH # include #else USESTRINGDOTH *************** *** 60,74 **** # include #endif NEEDFCNTLDOTH #include "papstream.h" #if defined (LWSRV_AUFS_SECURITY) | defined (RUN_AS_USER) #include #endif LWSRV_AUFS_SECURITY | RUN_AS_USER #ifdef AUTHENTICATE #include - #include #include "../../lib/cap/abpap.h" /* urk, puke, etc */ #endif AUTHENTICATE - #ifdef RUN_AS_USER #ifndef USER_FILE #define USER_FILE "/usr/local/lib/cap/macusers" --- 62,75 ---- # include #endif NEEDFCNTLDOTH #include "papstream.h" + #if defined (LWSRV_AUFS_SECURITY) | defined (RUN_AS_USER) #include #endif LWSRV_AUFS_SECURITY | RUN_AS_USER #ifdef AUTHENTICATE #include #include "../../lib/cap/abpap.h" /* urk, puke, etc */ #endif AUTHENTICATE #ifdef RUN_AS_USER #ifndef USER_FILE #define USER_FILE "/usr/local/lib/cap/macusers" *************** *** 502,512 **** if( aufsdb != NULL ) { char fname[ 256 ]; char filename[ 256 ]; ! int f, cc, ok; struct passwd *pw; struct stat statbuf; ! ok = 0; /* false */ make_userlogin( filename, aufsdb, addr ); if( (f = open( filename, 0)) >= 0) { if( (cc = read( f, fname, sizeof( fname )-1 )) > 0 ) { if( fname[cc-1] == '\n' ) --- 503,522 ---- if( aufsdb != NULL ) { char fname[ 256 ]; char filename[ 256 ]; ! int f, cc, ok = 0; struct passwd *pw; struct stat statbuf; ! #ifdef HIDE_LWSEC_FILE ! char protecteddir[MAXPATHLEN]; ! (void) strcpy(protecteddir, aufsdb); ! make_userlogin(filename, protecteddir, addr); ! (void) strcpy(protecteddir, filename); ! filename[0] = '\0'; ! make_userlogin(filename, protecteddir, addr); ! #else HIDE_LWSEC_FILE make_userlogin( filename, aufsdb, addr ); + #endif HIDE_LWSEC_FILE + if( (f = open( filename, 0)) >= 0) { if( (cc = read( f, fname, sizeof( fname )-1 )) > 0 ) { if( fname[cc-1] == '\n' ) *** applications/aufs/aufs.c.orig Wed Jun 24 09:33:52 1992 --- applications/aufs/aufs.c Sat Jul 4 12:33:35 1992 *************** *** 1,7 **** /* ! * $Author: djh $ $Date: 1992/06/23 23:33:37 $ ! * $Header: /mac/src/cap60/applications/aufs/RCS/aufs.c,v 2.15 1992/06/23 23:33:37 djh Rel djh $ ! * $Revision: 2.15 $ */ /* --- 1,7 ---- /* ! * $Author: djh $ $Date: 1992/07/04 02:33:26 $ ! * $Header: /mac/src/cap60/applications/aufs/RCS/aufs.c,v 2.16 1992/07/04 02:33:26 djh Rel djh $ ! * $Revision: 2.16 $ */ /* *************** *** 1444,1459 **** #ifdef LWSRV_AUFS_SECURITY /**************** budd... ****************/ ! clearuserlogin() { if( userlogindir != NULL ) { char fname[ 100 ]; int fd; make_userlogin( fname, userlogindir, addr ); if( unlink( fname ) < 0 ) { if( (fd = open( fname, O_WRONLY|O_TRUNC )) != -1 ) close( fd ); } /* unlink failed */ } /* have userlogindir */ } /* clearuserlogin */ --- 1444,1481 ---- #ifdef LWSRV_AUFS_SECURITY /**************** budd... ****************/ ! clearuserlogin() ! { ! #ifdef HIDE_LWSEC_FILE ! char protecteddir[MAXPATHLEN]; ! char dir_fname[MAXPATHLEN]; ! #endif HIDE_LWSEC_FILE ! if( userlogindir != NULL ) { char fname[ 100 ]; int fd; + #ifdef HIDE_LWSEC_FILE + strcpy(protecteddir, userlogindir); + make_userlogin(fname, protecteddir, addr); + strcpy(protecteddir, fname); + strcpy(dir_fname, fname); + fname[0] = '\0'; + make_userlogin(fname, protecteddir, addr); + if (unlink(fname) < 0) { + logit(0, "clearuserlogin: unlink failed for %s", fname); + if ((fd = open(fname, O_WRONLY|O_TRUNC)) >= 0) + close(fd); + } else + if (rmdir(dir_fname) < 0) + logit(0, "clearuserlogin: rmdir failed for %s", dir_fname); + #else HIDE_LWSEC_FILE make_userlogin( fname, userlogindir, addr ); if( unlink( fname ) < 0 ) { if( (fd = open( fname, O_WRONLY|O_TRUNC )) != -1 ) close( fd ); } /* unlink failed */ + #endif HIDE_LWSEC_FILE } /* have userlogindir */ } /* clearuserlogin */ *** applications/aufs/afpos.c.orig Wed Jun 24 09:31:56 1992 --- applications/aufs/afpos.c Sat Jul 4 12:34:33 1992 *************** *** 1,7 **** /* ! * $Author: djh $ $Date: 1992/06/23 23:31:43 $ ! * $Header: /mac/src/cap60/applications/aufs/RCS/afpos.c,v 2.24 1992/06/23 23:31:43 djh Rel djh $ ! * $Revision: 2.24 $ */ /* --- 1,7 ---- /* ! * $Author: djh $ $Date: 1992/07/04 02:34:18 $ ! * $Header: /mac/src/cap60/applications/aufs/RCS/afpos.c,v 2.25 1992/07/04 02:34:18 djh Rel djh $ ! * $Revision: 2.25 $ */ /* *************** *** 85,90 **** --- 85,91 ---- #endif xenix5 #include #include + #include #include #ifdef aux # include *************** *** 3181,3190 **** char fname[ 100 ]; FILE *f; /* create file before setuid call so we can write in directory. */ make_userlogin( fname, userlogindir, addr ); if( (f = fopen( fname, "w" )) != NULL ) { /* sigh. leaves race. */ ! logit(0," writting bin = %s into auth-file\n", bin); fprintf( f, "%s\n", bin ); /* perhaps write temp */ fclose( f ); /* and rename? */ /* sigh. fchown and fchmod are BSDisms */ --- 3182,3199 ---- char fname[ 100 ]; FILE *f; + #ifdef HIDE_LWSEC_FILE + if (hideLWSec(fname, userlogindir, usruid, usrgid, addr) < 0) { + logit(0, "OSLogin: error in hideLWSec() for %s", fname); + return(aeMiscErr); + } + #else HIDE_LWSEC_FILE /* create file before setuid call so we can write in directory. */ make_userlogin( fname, userlogindir, addr ); + #endif HIDE_LWSEC_FILE + if( (f = fopen( fname, "w" )) != NULL ) { /* sigh. leaves race. */ ! logit(0," writing bin = %s into auth-file", bin); fprintf( f, "%s\n", bin ); /* perhaps write temp */ fclose( f ); /* and rename? */ /* sigh. fchown and fchmod are BSDisms */ *************** *** 3931,3933 **** --- 3940,3998 ---- return(0); /* no locks left */ } #endif APPLICATION_MANAGER + #ifdef HIDE_LWSEC_FILE + /* + * int HideLWSec(char *fname, char *userlogindir, int usruid, int + * usrgid, AddrBlock addr ) + * + * Add additional security to LW security flag file when using + * LWSRV_AUFS_SECURITY. Only relevant if both HIDE_LWSEC_FILE + * and LWSRV_AUFS_SECURITY defined in m4.features. + * Original flag file in world read/writeable directory + * permitted links and "borrowing" laserWriters from others, thus + * circumventing laser page charges. + * This creates a directory with user id ownership and the flag + * file is placed in this directory. + * + */ + + int + hideLWSec(fname, userlogindir, usruid, usrgid, addr) + char *fname, *userlogindir; + int usruid, usrgid; + AddrBlock addr; + { + char protecteddir[MAXPATHLEN], flagfile[MAXPATHLEN]; + struct stat *dbuf; + DIR *locdirp; + + (void) strcpy(protecteddir, userlogindir); + make_userlogin(fname, protecteddir, addr); + (void) strcpy(protecteddir, fname); + fname[0] = '\0'; + make_userlogin(fname, protecteddir, addr); /* create flag file */ + + if (stat(protecteddir, &dbuf) == 0) { + /* dir found and stat sucessful, we need to zap dir */ + if (stat(fname, &dbuf) == 0) + if (S_ISREG(dbuf->st_mode)) + if (unlink(fname) < 0 ) + logit(0, "hideLWSec: errno=%d unlinking %s\n", errno, fname); + if (rmdir(protecteddir ) < 0 ) { + logit(0, "hideLWSec: errno=%d Can't zap %s\n", errno, fname); + return(-1); + } + } else /* error occured in stat, but not no entry */ + if (errno != ENOENT ) { + logit(0, "hideLWSec: stat errno= %d for %s\n", errno, fname); + return(-1); + } + if (mkdir(protecteddir, 0700) < 0) { + logit(0, "hideLWSec: unable to create %s,errno=%d\n", fname, errno); + return(-1); + } else { + chown(protecteddir, usruid, usrgid); + } + return(0); + } + #endif HIDE_LWSEC_FILE *** Configure.orig Wed Jul 1 01:53:30 1992 --- Configure Sat Jul 4 12:31:32 1992 *************** *** 1,7 **** #!/bin/sh ! # $Author: djh $ $Date: 1992/06/30 15:53:15 $ ! # $Header: /mac/src/cap60/RCS/Configure,v 2.45 1992/06/30 15:53:15 djh Rel djh $ ! # $Revision: 2.45 $ # CAP configuration shell script. This ain't perfect, but it's a start. # Execute with /bin/sh Configure if your system won't run it (ksh is okay too) # --- 1,7 ---- #!/bin/sh ! # $Author: djh $ $Date: 1992/07/04 02:31:19 $ ! # $Header: /mac/src/cap60/RCS/Configure,v 2.46 1992/07/04 02:31:19 djh Rel djh $ ! # $Revision: 2.46 $ # CAP configuration shell script. This ain't perfect, but it's a start. # Execute with /bin/sh Configure if your system won't run it (ksh is okay too) # *************** *** 582,587 **** --- 582,591 ---- # # + LWSRV_AUFS_SECURITY provides printer security based on AUFS connection. # define(`specialcflags',concat(specialcflags,` -DLWSRV_AUFS_SECURITY')) + # + # + HIDE_LWSEC_FILE increases security of LWSRV_AUFS_SECURITY flag file + # define(`aufsosflags',concat(aufsosflags,` -DHIDE_LWSEC_FILE')) + # define(`lwflags',concat(lwflags,` -DHIDE_LWSEC_FILE')) # # + LWSRV_LPR_LOG causes stdout/stderr lpr output to be included in lwsrv log # define(`specialcflags',concat(specialcflags,` -DLWSRV_LPR_LOG')) *** lib/cap/abversion.c.orig Wed Jul 1 01:58:39 1992 --- lib/cap/abversion.c Sat Jul 4 12:35:36 1992 *************** *** 1,7 **** /* ! * $Author: djh $ $Date: 1992/06/30 15:58:30 $ ! * $Header: /mac/src/cap60/lib/cap/RCS/abversion.c,v 2.8 1992/06/30 15:58:30 djh Rel djh $ ! * $Revision: 2.8 $ */ /* --- 1,7 ---- /* ! * $Author: djh $ $Date: 1992/07/04 02:35:28 $ ! * $Header: /mac/src/cap60/lib/cap/RCS/abversion.c,v 2.9 1992/07/04 02:35:28 djh Rel djh $ ! * $Revision: 2.9 $ */ /* *************** *** 31,38 **** myversion.cv_name = "CAP"; myversion.cv_version = 6; myversion.cv_subversion = 0; ! myversion.cv_patchlevel = 108; ! myversion.cv_rmonth = "June"; myversion.cv_ryear = "1992"; switch (lap_proto) { case LAP_KIP: --- 31,38 ---- myversion.cv_name = "CAP"; myversion.cv_version = 6; myversion.cv_subversion = 0; ! myversion.cv_patchlevel = 109; ! myversion.cv_rmonth = "July"; myversion.cv_ryear = "1992"; switch (lap_proto) { case LAP_KIP: *** README.orig Wed Jul 1 01:59:38 1992 --- README Sat Jul 4 12:36:37 1992 *************** *** 2,8 **** CAP - Columbia AppleTalk Package for UNIX o RELEASE NOTES ! o CAP Distribution 6.0, Patch Level 108, June 1992 Notice ------ --- 2,8 ---- CAP - Columbia AppleTalk Package for UNIX o RELEASE NOTES ! o CAP Distribution 6.0, Patch Level 109, July 1992 Notice ------