version 1.72, 2017/05/27 09:51:07 |
version 1.73, 2018/08/08 18:32:51 |
|
|
} |
} |
|
|
int |
int |
|
unveilcommands(const char *ipath, const char *cmd) |
|
{ |
|
char *path = NULL, *p; |
|
int unveils = 0; |
|
|
|
if (strchr(cmd, '/') != NULL) { |
|
if (unveil(cmd, "x") != -1) |
|
unveils++; |
|
goto done; |
|
} |
|
|
|
if (!ipath) { |
|
errno = ENOENT; |
|
goto done; |
|
} |
|
path = strdup(ipath); |
|
if (!path) { |
|
errno = ENOENT; |
|
goto done; |
|
} |
|
for (p = path; p && *p; ) { |
|
char buf[PATH_MAX]; |
|
char *cp = strsep(&p, ":"); |
|
|
|
if (cp) { |
|
int r = snprintf(buf, sizeof buf, "%s/%s", cp, cmd); |
|
if (r != -1 && r < sizeof buf) { |
|
if (unveil(buf, "x") != -1) |
|
unveils++; |
|
} |
|
} |
|
} |
|
done: |
|
free(path); |
|
return (unveils); |
|
} |
|
|
|
int |
main(int argc, char **argv) |
main(int argc, char **argv) |
{ |
{ |
const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:" |
const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:" |
|
|
authuser(myname, login_style, rule->options & PERSIST); |
authuser(myname, login_style, rule->options & PERSIST); |
} |
} |
|
|
|
if (unveil(_PATH_LOGIN_CONF, "r") == -1) |
|
err(1, "unveil"); |
|
if (rule->cmd) { |
|
if (setenv("PATH", safepath, 1) == -1) |
|
err(1, "failed to set PATH '%s'", safepath); |
|
} |
|
if (unveilcommands(getenv("PATH"), cmd) == 0) |
|
goto fail; |
|
|
if (pledge("stdio rpath getpw exec id", NULL) == -1) |
if (pledge("stdio rpath getpw exec id", NULL) == -1) |
err(1, "pledge"); |
err(1, "pledge"); |
|
|
|
|
|
|
envp = prepenv(rule); |
envp = prepenv(rule); |
|
|
if (rule->cmd) { |
|
if (setenv("PATH", safepath, 1) == -1) |
|
err(1, "failed to set PATH '%s'", safepath); |
|
} |
|
execvpe(cmd, argv, envp); |
execvpe(cmd, argv, envp); |
|
fail: |
if (errno == ENOENT) |
if (errno == ENOENT) |
errx(1, "%s: command not found", cmd); |
errx(1, "%s: command not found", cmd); |
err(1, "%s", cmd); |
err(1, "%s", cmd); |