From 9fab3e050f7b4e1816a966e7ce74fce74b991709 Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Mon, 18 Nov 2013 19:39:48 +0100 Subject: more flexible MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mattias Andrée --- Makefile | 23 ++++++++++++++++++++++- src/cerberus.c | 10 +++++----- src/security.c | 22 +++++++++++----------- 3 files changed, 38 insertions(+), 17 deletions(-) diff --git a/Makefile b/Makefile index 79fb87f..1c64f75 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,26 @@ +BIN = /bin +DEV = /dev + +EXTRA_CPP_FLAGS = +# -DOWN_VCS -DOWN_VCSA -DUSE_TTY_GROUP + +TTY_GROUP = tty +DEFAULT_HOME = / +DEFAULT_SHELL = $(BIN)/sh +DEFAULT_TERM = dumb +VCS = $(DEV)/vcs +VCSA = $(DEV)/vcsa + +H = \# +VCS_LEN = $(shell vcs="$(VCS)" ; echo "$${$(H)vcs}") +VCSA_LEN = $(shell vcsa="$(VCSA)" ; echo "$${$(H)vcsa}") +VCS_VCSA_LEN = $(shell (echo $(VCS_LEN) ; echo $(VCSA_LEN)) | sort -n | tail -n 1) + +STR_DEFS = TTY_GROUP DEFAULT_HOME DEFAULT_SHELL DEFAULT_TERM +INT_DEFS = VCS_LEN VCSA_LEN VCS_VCSA_LEN + OPTIMISE = -Os -CPPFLAGS = +CPPFLAGS = $(EXTRA_CPP_FLAGS) $(foreach D, $(INT_DEFS), -D'$(D)=$($(D))') $(foreach D, $(STR_DEFS), -D'$(D)="$($(D))"') LDFLAGS = CFLAGS = -std=gnu99 -Wall -Wextra diff --git a/src/cerberus.c b/src/cerberus.c index 987a497..8d2a052 100644 --- a/src/cerberus.c +++ b/src/cerberus.c @@ -132,7 +132,7 @@ int main(int argc, char** argv) /* Make sure nopony is spying */ #ifdef USE_TTY_GROUP - if ((group = getgrnam("tty"))) + if ((group = getgrnam(TTY_GROUP))) tty_group = group->gr_gid; #endif secure_tty(tty_group); @@ -193,18 +193,18 @@ int main(int argc, char** argv) if (chdir(entry->pw_dir)) { perror("chdir"); - if (chdir("/")) + if (chdir(DEFAULT_HOME)) { perror("chdir"); sleep(ERROR_SLEEP); return 1; } - entry->pw_dir = "/"; + entry->pw_dir = DEFAULT_HOME; } /* Make sure the shell to use is definied */ if ((entry->pw_shell && *(entry->pw_shell)) == 0) - entry->pw_shell = "/bin/sh"; + entry->pw_shell = DEFAULT_SHELL; /* Set environment variables */ { @@ -242,7 +242,7 @@ int main(int argc, char** argv) setenv("USER", entry->pw_name, 1); setenv("LOGUSER", entry->pw_name, 1); setenv("SHELL", entry->pw_shell, 1); - setenv("TERM", term ?: "dumb", 1); + setenv("TERM", term ?: DEFAULT_TERM, 1); if (term) free(term); diff --git a/src/security.c b/src/security.c index 1e1dd9e..a273cf0 100644 --- a/src/security.c +++ b/src/security.c @@ -99,13 +99,13 @@ void chown_tty(uid_t owner, gid_t group, int with_fail) if (ioctl(STDIN_FILENO, VT_GETSTATE, &vtstat) == 0) { int n = vtstat.v_active; - char _vcs[16]; - char _vcsa[16]; + char _vcs[VCS_VCSA_LEN]; + char _vcsa[VCS_VCSA_LEN]; char* vcs = _vcs; char* vcsa = _vcsa; - vcs += 16; - vcsa += 16; + vcs += VCS_VCSA_LEN; + vcsa += VCS_VCSA_LEN; if (n) { @@ -116,18 +116,18 @@ void chown_tty(uid_t owner, gid_t group, int with_fail) n /= 10; } - vcs -= 8; - vcsa -= 9; - strcpy(vcs, "/dev/vcs"); - strcpy(vcsa, "/dev/vcsa"); + vcs -= VCS_LEN; + vcsa -= VCSA_LEN; + strcpy(vcs, VCS); + strcpy(vcsa, VCSA); #ifdef OWN_VCS - if (chown(vcs, owner, group) && with_fail) fail("chown"); - if (chmod(vcs, TTY_PERM) && with_fail) fail("chmod"); + if (chown(vcs, owner, group) && with_fail) fail("chown"); + if (chmod(vcs, TTY_PERM) && with_fail) fail("chmod"); #endif #ifdef OWN_VCSA if (chown(vcsa, owner, group) && with_fail) fail("chown"); - if (chmod(vcsa, TTY_PERM) && with_fail) fail("chmod"); + if (chmod(vcsa, TTY_PERM) && with_fail) fail("chmod"); #endif } } -- cgit v1.2.3-70-g09d2