diff options
author | brian <brian@FreeBSD.org> | 1997-08-26 23:20:16 +0000 |
---|---|---|
committer | brian <brian@FreeBSD.org> | 1997-08-26 23:20:16 +0000 |
commit | 7b68941df91c2812fac796dd334e7a9c3cf19629 (patch) | |
tree | 1ca36d30d3cdb88bd5463ac02ea89f909d1c2d92 /usr.sbin/ppp | |
parent | b7ac9705e19db6ddbfdc472ed2332922b5768644 (diff) | |
download | FreeBSD-src-7b68941df91c2812fac796dd334e7a9c3cf19629.zip FreeBSD-src-7b68941df91c2812fac796dd334e7a9c3cf19629.tar.gz |
Check the "prog.deny" login.conf capability and
refuse to run if "ppp" is in the list.
Suggested by: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
Diffstat (limited to 'usr.sbin/ppp')
-rw-r--r-- | usr.sbin/ppp/main.c | 45 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp.8 | 15 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp.8.m4 | 15 |
3 files changed, 70 insertions, 5 deletions
diff --git a/usr.sbin/ppp/main.c b/usr.sbin/ppp/main.c index 52af408..bdadc96 100644 --- a/usr.sbin/ppp/main.c +++ b/usr.sbin/ppp/main.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: main.c,v 1.71 1997/08/25 00:29:19 brian Exp $ + * $Id: main.c,v 1.72 1997/08/25 01:52:11 brian Exp $ * * TODO: * o Add commands for traffic summary, version display, etc. @@ -37,6 +37,9 @@ #include <arpa/inet.h> #include <netinet/in_systm.h> #include <netinet/ip.h> +#include <sysexits.h> +#include <pwd.h> +#include <login_cap.h> #include "modem.h" #include "os.h" #include "hdlc.h" @@ -317,6 +320,40 @@ Greetings() } } +static int +Runnable() +{ + login_cap_t *lc; + const struct passwd *pwd; + char **data; + int result; + + result = 1; /* return non-zero if I'm runnable */ + + pwd = getpwuid(getuid()); + if (!pwd) { + perror("getpwuid"); + return result; /* Run anyway - probably spawned from inetd or the like */ + } + lc = login_getpwclass(pwd); + if (!lc) { + perror("login_getpwclass"); + return result; /* Run anyway - We're missing login.conf ? */ + } + + data = login_getcaplist(lc, "prog.deny", NULL); + if (data) + for (; *data; data++) + if (!strcmp(*data, "ppp")) { + result = 0; + break; + } + + login_close(lc); + + return result; /* OK to run */ +} + int main(int argc, char **argv) { @@ -335,6 +372,12 @@ main(int argc, char **argv) ProcessArgs(argc, argv); if (!(mode & MODE_DIRECT)) VarTerm = stdout; + + if (!Runnable()) { + LogPrintf(LogERROR, "You do not have permission to execute ppp\n"); + return EX_NOPERM; + } + Greetings(); GetUid(); IpcpDefAddress(); diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8 index ad803e3..2394f27 100644 --- a/usr.sbin/ppp/ppp.8 +++ b/usr.sbin/ppp/ppp.8 @@ -1,4 +1,4 @@ -.\" $Id: ppp.8,v 1.56 1997/08/21 17:16:21 brian Exp $ +.\" $Id: ppp.8,v 1.57 1997/08/23 23:14:24 brian Exp $ .Dd 20 September 1995 .Os FreeBSD .Dt PPP 8 @@ -129,6 +129,16 @@ with clients using the Microsoft .Em PPP stack (ie. Win95, WinNT) +.It Supports execution restriction. +If +.Nm +is specified in the +.Dv prog.deny +list in +.Pa /etc/login.conf , +.Nm +will refuse to execute. + .Sh GETTING STARTED When you first run @@ -2070,7 +2080,8 @@ Get port number if port number is using service name. .Xr uucplock 3 , .Xr syslog 3 , .Xr syslog.conf 5 , -.Xr syslogd 8 +.Xr syslogd 8 , +.Xr login.conf 5 .Sh HISTORY diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4 index ad803e3..2394f27 100644 --- a/usr.sbin/ppp/ppp.8.m4 +++ b/usr.sbin/ppp/ppp.8.m4 @@ -1,4 +1,4 @@ -.\" $Id: ppp.8,v 1.56 1997/08/21 17:16:21 brian Exp $ +.\" $Id: ppp.8,v 1.57 1997/08/23 23:14:24 brian Exp $ .Dd 20 September 1995 .Os FreeBSD .Dt PPP 8 @@ -129,6 +129,16 @@ with clients using the Microsoft .Em PPP stack (ie. Win95, WinNT) +.It Supports execution restriction. +If +.Nm +is specified in the +.Dv prog.deny +list in +.Pa /etc/login.conf , +.Nm +will refuse to execute. + .Sh GETTING STARTED When you first run @@ -2070,7 +2080,8 @@ Get port number if port number is using service name. .Xr uucplock 3 , .Xr syslog 3 , .Xr syslog.conf 5 , -.Xr syslogd 8 +.Xr syslogd 8 , +.Xr login.conf 5 .Sh HISTORY |