=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/sudo_edit.c,v retrieving revision 1.6 retrieving revision 1.7 diff -c -r1.6 -r1.7 *** src/usr.bin/sudo/Attic/sudo_edit.c 2008/07/31 16:44:03 1.6 --- src/usr.bin/sudo/Attic/sudo_edit.c 2008/11/14 11:58:08 1.7 *************** *** 1,5 **** /* ! * Copyright (c) 2004-2005 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above --- 1,5 ---- /* ! * Copyright (c) 2004-2008 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above *************** *** 41,54 **** #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ - #ifdef HAVE_ERR_H - # include - #else - # include "emul/err.h" - #endif /* HAVE_ERR_H */ #include #include - #include #include #include #include --- 41,48 ---- *************** *** 62,77 **** #include "sudo.h" #ifndef lint ! __unused static const char rcsid[] = "$Sudo: sudo_edit.c,v 1.6.2.9 2008/06/21 00:47:52 millert Exp $"; #endif /* lint */ extern sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp; extern char **environ; /* * Wrapper to allow users to edit privileged files with their own uid. */ ! int sudo_edit(argc, argv, envp) int argc; char **argv; char **envp; --- 56,74 ---- #include "sudo.h" #ifndef lint ! __unused static const char rcsid[] = "$Sudo: sudo_edit.c,v 1.37 2008/11/09 14:13:12 millert Exp $"; #endif /* lint */ extern sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp; extern char **environ; + static char *find_editor(); + /* * Wrapper to allow users to edit privileged files with their own uid. */ ! int ! sudo_edit(argc, argv, envp) int argc; char **argv; char **envp; *************** *** 82,88 **** char **nargv, **ap, *editor, *cp; char buf[BUFSIZ]; int error, i, ac, ofd, tfd, nargc, rval, tmplen, wasblank; - sigaction_t sa; struct stat sb; struct timespec ts1, ts2; struct tempfile { --- 79,84 ---- *************** *** 108,130 **** tmplen--; /* * For each file specified by the user, make a temporary version * and copy the contents of the original to it. */ tf = emalloc2(argc - 1, sizeof(*tf)); ! memset(tf, 0, (argc - 1) * sizeof(*tf)); for (i = 0, ap = argv + 1; i < argc - 1 && *ap != NULL; i++, ap++) { error = -1; set_perms(PERM_RUNAS); - - /* - * We close the password file before we try to open the user-specified - * path to prevent the opening of things like /dev/fd/4. - */ - endpwent(); if ((ofd = open(*ap, O_RDONLY, 0644)) != -1 || errno == ENOENT) { if (ofd == -1) { ! memset(&sb, 0, sizeof(sb)); /* new file */ error = 0; } else { #ifdef HAVE_FSTAT --- 104,127 ---- tmplen--; /* + * Close password, shadow, and group files before we try to open + * user-specified files to prevent the opening of things like /dev/fd/4 + */ + sudo_endpwent(); + sudo_endgrent(); + + /* * For each file specified by the user, make a temporary version * and copy the contents of the original to it. */ tf = emalloc2(argc - 1, sizeof(*tf)); ! zero_bytes(tf, (argc - 1) * sizeof(*tf)); for (i = 0, ap = argv + 1; i < argc - 1 && *ap != NULL; i++, ap++) { error = -1; set_perms(PERM_RUNAS); if ((ofd = open(*ap, O_RDONLY, 0644)) != -1 || errno == ENOENT) { if (ofd == -1) { ! zero_bytes(&sb, sizeof(sb)); /* new file */ error = 0; } else { #ifdef HAVE_FSTAT *************** *** 137,145 **** set_perms(PERM_ROOT); if (error || (ofd != -1 && !S_ISREG(sb.st_mode))) { if (error) ! warn("%s", *ap); else ! warnx("%s: not a regular file", *ap); if (ofd != -1) close(ofd); argc--; --- 134,142 ---- set_perms(PERM_ROOT); if (error || (ofd != -1 && !S_ISREG(sb.st_mode))) { if (error) ! warning("%s", *ap); else ! warningx("%s: not a regular file", *ap); if (ofd != -1) close(ofd); argc--; *************** *** 159,174 **** tfd = mkstemp(tf[i].tfile); set_perms(PERM_ROOT); if (tfd == -1) { ! warn("mkstemp"); goto cleanup; } if (ofd != -1) { while ((nread = read(ofd, buf, sizeof(buf))) != 0) { if ((nwritten = write(tfd, buf, nread)) != nread) { if (nwritten == -1) ! warn("%s", tf[i].tfile); else ! warnx("%s: short write", tf[i].tfile); goto cleanup; } } --- 156,171 ---- tfd = mkstemp(tf[i].tfile); set_perms(PERM_ROOT); if (tfd == -1) { ! warning("mkstemp"); goto cleanup; } if (ofd != -1) { while ((nread = read(ofd, buf, sizeof(buf))) != 0) { if ((nwritten = write(tfd, buf, nread)) != nread) { if (nwritten == -1) ! warning("%s", tf[i].tfile); else ! warningx("%s: short write", tf[i].tfile); goto cleanup; } } *************** *** 194,213 **** if (argc == 1) return(1); /* no files readable, you lose */ - /* - * Determine which editor to use. We don't bother restricting this - * based on def_env_editor or def_editor since the editor runs with - * the uid of the invoking user, not the runas (privileged) user. - */ environ = envp; ! if (((editor = getenv("VISUAL")) != NULL && *editor != '\0') || ! ((editor = getenv("EDITOR")) != NULL && *editor != '\0')) { ! editor = estrdup(editor); ! } else { ! editor = estrdup(def_editor); ! if ((cp = strchr(editor, ':')) != NULL) ! *cp = '\0'; /* def_editor could be a path */ ! } /* * Allocate space for the new argument vector and fill it in. --- 191,198 ---- if (argc == 1) return(1); /* no files readable, you lose */ environ = envp; ! editor = find_editor(); /* * Allocate space for the new argument vector and fill it in. *************** *** 232,240 **** nargv[ac] = NULL; /* Allow the editor to be suspended. */ - sigemptyset(&sa.sa_mask); - sa.sa_flags = SA_RESTART; - sa.sa_handler = SIG_DFL; (void) sigaction(SIGTSTP, &saved_sa_tstp, NULL); /* --- 217,222 ---- *************** *** 244,261 **** gettime(&ts1); kidpid = fork(); if (kidpid == -1) { ! warn("fork"); goto cleanup; } else if (kidpid == 0) { /* child */ (void) sigaction(SIGINT, &saved_sa_int, NULL); (void) sigaction(SIGQUIT, &saved_sa_quit, NULL); set_perms(PERM_FULL_USER); ! endpwent(); ! endgrent(); ! closefrom(STDERR_FILENO + 1); execvp(nargv[0], nargv); ! warn("unable to execute %s", nargv[0]); _exit(127); } --- 226,241 ---- gettime(&ts1); kidpid = fork(); if (kidpid == -1) { ! warning("fork"); goto cleanup; } else if (kidpid == 0) { /* child */ (void) sigaction(SIGINT, &saved_sa_int, NULL); (void) sigaction(SIGQUIT, &saved_sa_quit, NULL); set_perms(PERM_FULL_USER); ! closefrom(def_closefrom + 1); execvp(nargv[0], nargv); ! warning("unable to execute %s", nargv[0]); _exit(127); } *************** *** 299,308 **** set_perms(PERM_ROOT); if (error || !S_ISREG(sb.st_mode)) { if (error) ! warn("%s", tf[i].tfile); else ! warnx("%s: not a regular file", tf[i].tfile); ! warnx("%s left unmodified", tf[i].ofile); if (tfd != -1) close(tfd); continue; --- 279,288 ---- set_perms(PERM_ROOT); if (error || !S_ISREG(sb.st_mode)) { if (error) ! warning("%s", tf[i].tfile); else ! warningx("%s: not a regular file", tf[i].tfile); ! warningx("%s left unmodified", tf[i].ofile); if (tfd != -1) close(tfd); continue; *************** *** 319,325 **** timespecsub(&ts1, &ts2, &ts2); #endif if (timespecisset(&ts2)) { ! warnx("%s unchanged", tf[i].ofile); unlink(tf[i].tfile); close(tfd); continue; --- 299,305 ---- timespecsub(&ts1, &ts2, &ts2); #endif if (timespecisset(&ts2)) { ! warningx("%s unchanged", tf[i].ofile); unlink(tf[i].tfile); close(tfd); continue; *************** *** 329,345 **** ofd = open(tf[i].ofile, O_WRONLY|O_TRUNC|O_CREAT, 0644); set_perms(PERM_ROOT); if (ofd == -1) { ! warn("unable to write to %s", tf[i].ofile); ! warnx("contents of edit session left in %s", tf[i].tfile); close(tfd); continue; } while ((nread = read(tfd, buf, sizeof(buf))) > 0) { if ((nwritten = write(ofd, buf, nread)) != nread) { if (nwritten == -1) ! warn("%s", tf[i].ofile); else ! warnx("%s: short write", tf[i].ofile); break; } } --- 309,325 ---- ofd = open(tf[i].ofile, O_WRONLY|O_TRUNC|O_CREAT, 0644); set_perms(PERM_ROOT); if (ofd == -1) { ! warning("unable to write to %s", tf[i].ofile); ! warningx("contents of edit session left in %s", tf[i].tfile); close(tfd); continue; } while ((nread = read(tfd, buf, sizeof(buf))) > 0) { if ((nwritten = write(ofd, buf, nread)) != nread) { if (nwritten == -1) ! warning("%s", tf[i].ofile); else ! warningx("%s: short write", tf[i].ofile); break; } } *************** *** 347,357 **** /* success, got EOF */ unlink(tf[i].tfile); } else if (nread < 0) { ! warn("unable to read temporary file"); ! warnx("contents of edit session left in %s", tf[i].tfile); } else { ! warn("unable to write to %s", tf[i].ofile); ! warnx("contents of edit session left in %s", tf[i].tfile); } close(ofd); } --- 327,337 ---- /* success, got EOF */ unlink(tf[i].tfile); } else if (nread < 0) { ! warning("unable to read temporary file"); ! warningx("contents of edit session left in %s", tf[i].tfile); } else { ! warning("unable to write to %s", tf[i].ofile); ! warningx("contents of edit session left in %s", tf[i].tfile); } close(ofd); } *************** *** 364,367 **** --- 344,384 ---- unlink(tf[i].tfile); } return(1); + } + + /* + * Determine which editor to use. We don't bother restricting this + * based on def_env_editor or def_editor since the editor runs with + * the uid of the invoking user, not the runas (privileged) user. + */ + static char * + find_editor() + { + char *cp, *editor = NULL, **ev, *ev0[4]; + + ev0[0] = "SUDO_EDITOR"; + ev0[1] = "VISUAL"; + ev0[2] = "EDITOR"; + ev0[3] = NULL; + for (ev = ev0; *ev != NULL; ev++) { + if ((editor = getenv(*ev)) != NULL && *editor != '\0') { + if ((cp = strrchr(editor, '/')) != NULL) + cp++; + else + cp = editor; + /* Ignore "sudoedit" and "sudo" to avoid an endless loop. */ + if (strncmp(cp, "sudo", 4) != 0 || + (cp[4] != ' ' && cp[4] != '\0' && strcmp(cp + 4, "edit") != 0)) { + editor = estrdup(editor); + break; + } + } + editor = NULL; + } + if (editor == NULL) { + editor = estrdup(def_editor); + if ((cp = strchr(editor, ':')) != NULL) + *cp = '\0'; /* def_editor could be a path */ + } + return(editor); }