From 4e752f44f06873db90eacf0b0cd89d74d6f857b3 Mon Sep 17 00:00:00 2001 From: Brian Somers Date: Tue, 26 Aug 1997 23:20:16 +0000 Subject: [PATCH] Check the "prog.deny" login.conf capability and refuse to run if "ppp" is in the list. Suggested by: "Daniel O'Callaghan" --- usr.sbin/ppp/main.c | 45 ++++++++++++++++++++++++++++++++++++++++++- usr.sbin/ppp/ppp.8 | 15 +++++++++++++-- usr.sbin/ppp/ppp.8.m4 | 15 +++++++++++++-- 3 files changed, 70 insertions(+), 5 deletions(-) diff --git a/usr.sbin/ppp/main.c b/usr.sbin/ppp/main.c index 52af408690f..bdadc96f61c 100644 --- a/usr.sbin/ppp/main.c +++ b/usr.sbin/ppp/main.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: main.c,v 1.71 1997/08/25 00:29:19 brian Exp $ + * $Id: main.c,v 1.72 1997/08/25 01:52:11 brian Exp $ * * TODO: * o Add commands for traffic summary, version display, etc. @@ -37,6 +37,9 @@ #include #include #include +#include +#include +#include #include "modem.h" #include "os.h" #include "hdlc.h" @@ -317,6 +320,40 @@ Greetings() } } +static int +Runnable() +{ + login_cap_t *lc; + const struct passwd *pwd; + char **data; + int result; + + result = 1; /* return non-zero if I'm runnable */ + + pwd = getpwuid(getuid()); + if (!pwd) { + perror("getpwuid"); + return result; /* Run anyway - probably spawned from inetd or the like */ + } + lc = login_getpwclass(pwd); + if (!lc) { + perror("login_getpwclass"); + return result; /* Run anyway - We're missing login.conf ? */ + } + + data = login_getcaplist(lc, "prog.deny", NULL); + if (data) + for (; *data; data++) + if (!strcmp(*data, "ppp")) { + result = 0; + break; + } + + login_close(lc); + + return result; /* OK to run */ +} + int main(int argc, char **argv) { @@ -335,6 +372,12 @@ main(int argc, char **argv) ProcessArgs(argc, argv); if (!(mode & MODE_DIRECT)) VarTerm = stdout; + + if (!Runnable()) { + LogPrintf(LogERROR, "You do not have permission to execute ppp\n"); + return EX_NOPERM; + } + Greetings(); GetUid(); IpcpDefAddress(); diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8 index ad803e3d070..2394f27c11d 100644 --- a/usr.sbin/ppp/ppp.8 +++ b/usr.sbin/ppp/ppp.8 @@ -1,4 +1,4 @@ -.\" $Id: ppp.8,v 1.56 1997/08/21 17:16:21 brian Exp $ +.\" $Id: ppp.8,v 1.57 1997/08/23 23:14:24 brian Exp $ .Dd 20 September 1995 .Os FreeBSD .Dt PPP 8 @@ -129,6 +129,16 @@ with clients using the Microsoft .Em PPP stack (ie. Win95, WinNT) +.It Supports execution restriction. +If +.Nm +is specified in the +.Dv prog.deny +list in +.Pa /etc/login.conf , +.Nm +will refuse to execute. + .Sh GETTING STARTED When you first run @@ -2070,7 +2080,8 @@ Get port number if port number is using service name. .Xr uucplock 3 , .Xr syslog 3 , .Xr syslog.conf 5 , -.Xr syslogd 8 +.Xr syslogd 8 , +.Xr login.conf 5 .Sh HISTORY diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4 index ad803e3d070..2394f27c11d 100644 --- a/usr.sbin/ppp/ppp.8.m4 +++ b/usr.sbin/ppp/ppp.8.m4 @@ -1,4 +1,4 @@ -.\" $Id: ppp.8,v 1.56 1997/08/21 17:16:21 brian Exp $ +.\" $Id: ppp.8,v 1.57 1997/08/23 23:14:24 brian Exp $ .Dd 20 September 1995 .Os FreeBSD .Dt PPP 8 @@ -129,6 +129,16 @@ with clients using the Microsoft .Em PPP stack (ie. Win95, WinNT) +.It Supports execution restriction. +If +.Nm +is specified in the +.Dv prog.deny +list in +.Pa /etc/login.conf , +.Nm +will refuse to execute. + .Sh GETTING STARTED When you first run @@ -2070,7 +2080,8 @@ Get port number if port number is using service name. .Xr uucplock 3 , .Xr syslog 3 , .Xr syslog.conf 5 , -.Xr syslogd 8 +.Xr syslogd 8 , +.Xr login.conf 5 .Sh HISTORY