From ad8eed222b24d131ce0da40d94f20ca464b31477 Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Fri, 22 Nov 2013 09:51:37 +0100 Subject: remove files not wanted from cerberus MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mattias Andrée --- src/security.c | 150 --------------------------------------------------------- 1 file changed, 150 deletions(-) delete mode 100644 src/security.c (limited to 'src/security.c') diff --git a/src/security.c b/src/security.c deleted file mode 100644 index eb4bd3c..0000000 --- a/src/security.c +++ /dev/null @@ -1,150 +0,0 @@ -/** - * cerberus – Minimal login program - * - * Copyright © 2013 Mattias Andrée (maandree@member.fsf.org) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ -#include -#include -#include -#include -#include -#include -#include -#if defined(OWN_VCSA) || defined(OWN_VCS) -#include -#include -#endif - -#include "config.h" - -#include "security.h" - - -static inline void fail(char* str) -{ - perror(str); - sleep(FAILURE_SLEEP); - _exit(1); -} - - -/** - * Secure the TTY from spying - * - * @param group The group, -1 for unchanged - */ -void secure_tty(gid_t group) -{ - struct termios tty; - struct termios saved_tty; - char* tty_device; - int fd, i; - - /* Set ownership of this TTY to root:root */ - chown_tty(0, group, 1); - - /* Get TTY name for last part of this functions */ - tty_device = ttyname(STDIN_FILENO); - - /* Kill other processes on this TTY */ - tcgetattr(STDIN_FILENO, &tty); - saved_tty = tty; - tty.c_cflag &= ~HUPCL; - tcsetattr(0, TCSANOW, &tty); - close(STDIN_FILENO); - close(STDOUT_FILENO); - close(STDERR_FILENO); - signal(SIGHUP, SIG_IGN); - vhangup(); - signal(SIGHUP, SIG_DFL); - - /* Restore terminal and TTY modes */ - fd = open(tty_device, O_RDWR | O_NONBLOCK); - if (fd == -1) - fail("open"); - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_NONBLOCK); - for (i = 0; i < fd; i++) - close(i); - for (i = 0; i < 3; i++) - if (i != fd) - dup2(fd, i); - if (fd > 2) - close(fd); - tcgetattr(STDIN_FILENO, &saved_tty); -} - - -/** - * Set ownership and mode of the TTY - * - * @param owner The owner, -1 for unchanged - * @param group The group, -1 for unchanged - * @param with_fail Abort on failure - */ -void chown_tty(uid_t owner, gid_t group, char with_fail) -{ - #if defined(OWN_VCSA) || defined(OWN_VCS) - struct vt_stat vtstat; - #endif - - /* Set ownership of this TTY */ - if (fchown(STDIN_FILENO, owner, group) && with_fail) - fail("fchown"); - - /* Restrict others from using this TTY */ - if (fchmod(STDIN_FILENO, TTY_PERM) && with_fail) - fail("fchmod"); - - /* Also do the above for /dev/vcs[a][0-9]+ */ - #if defined(OWN_VCSA) || defined(OWN_VCS) - if (ioctl(STDIN_FILENO, VT_GETSTATE, &vtstat) == 0) - { - int n = vtstat.v_active; - char _vcs[VCS_LEN + 6]; - char _vcsa[VCSA_LEN + 6]; - - char* vcs = _vcs; - char* vcsa = _vcsa; - vcs += VCS_LEN + 6; - vcsa += VCSA_LEN + 6; - - if (n) - { - *--vcs = *--vcsa = 0; - while (n) - { - *--vcs = *--vcsa = (n % 10) + '0'; - n /= 10; - } - - vcs -= VCS_LEN; - vcsa -= VCSA_LEN; - strncpy(vcs, VCS, VCS_LEN); - strncpy(vcsa, VCSA, VCSA_LEN); - - #ifdef OWN_VCS - if (chown(vcs, owner, group) && with_fail) fail("chown"); - if (chmod(vcs, TTY_PERM) && with_fail) fail("chmod"); - #endif - #ifdef OWN_VCSA - if (chown(vcsa, owner, group) && with_fail) fail("chown"); - if (chmod(vcsa, TTY_PERM) && with_fail) fail("chmod"); - #endif - } - } - #endif -} - -- cgit v1.2.3-70-g09d2