[LON-CAPA-cvs] cvs: doc /loncapafiles buildfiles.lpml wrap_setuid.piml loncom/build Makefile

albertel lon-capa-cvs@mail.lon-capa.org
Fri, 08 Jul 2005 01:31:11 -0000 

albertel		Thu Jul  7 21:31:11 2005 EDT

  Added files:                 
    /doc/loncapafiles	wrap_setuid.piml 

  Modified files:              
    /loncom/build	Makefile 
    /doc/loncapafiles	buildfiles.lpml 
  Log:
  - adding a piml to wrap the setuid scripts in a binary excutable shell, so SuSE can actaully run these things
  
  
Index: loncom/build/Makefile
diff -u loncom/build/Makefile:1.175 loncom/build/Makefile:1.176
--- loncom/build/Makefile:1.175	Fri Jul  1 17:20:23 2005
+++ loncom/build/Makefile	Thu Jul  7 21:31:08 2005
@@ -1,6 +1,6 @@
 # The LearningOnline Network with CAPA
 
-# $Id: Makefile,v 1.175 2005/07/01 21:20:23 albertel Exp $
+# $Id: Makefile,v 1.176 2005/07/08 01:31:08 albertel Exp $
 
 # TYPICAL USAGE of this Makefile is primarily for two targets:
 # "make build" and "make install".
@@ -130,6 +130,7 @@
 	@echo "cron_lpmlcheck: remove cron file /etc/cron.d/loncapa.lpml."
 	@echo "chkconfig: test runlevels of httpd and loncontrol."
 	@echo "rpmcheck: test to see if rpms known to confict are installed."
+	@echo "wrap_setuid: put a C wrapper around setuid scripts."
 	@echo "updatequery: solicit the user for machine configuration"
 	@echo "             information; to be incorporated during an update"
 	@echo "             procedure (via the UPDATE command)"
@@ -467,6 +468,11 @@
 	perl piml_parse.pl $(CATEGORY) $(DIST) "$(TARGET)" $(LAUNCH) | \
 	tee -a WARNINGS
 
+wrap_setuid:
+	cat $(SOURCE)/doc/loncapafiles/wrap_setuid.piml | \
+	perl piml_parse.pl $(CATEGORY) $(DIST) "$(TARGET)" $(LAUNCH) | \
+	tee -a WARNINGS
+
 postinstall:
 	make webserverconf
 	make reseval_fixup
@@ -482,6 +488,7 @@
 	make sanitycheck
 	make sendmail_fix
 	make ownership_fix
+	make wrap_setuid
 
 VERSION:
 	install -d $(TARGET)/etc
Index: doc/loncapafiles/buildfiles.lpml
diff -u doc/loncapafiles/buildfiles.lpml:1.15 doc/loncapafiles/buildfiles.lpml:1.16
--- doc/loncapafiles/buildfiles.lpml:1.15	Fri Mar 18 15:07:21 2005
+++ doc/loncapafiles/buildfiles.lpml	Thu Jul  7 21:31:08 2005
@@ -2,7 +2,7 @@
  "http://lpml.sourceforge.net/DTD/lpml.dtd">
 <!-- buildfiles.lpml -->
 
-<!-- $Id: buildfiles.lpml,v 1.15 2005/03/18 20:07:21 albertel Exp $ -->
+<!-- $Id: buildfiles.lpml,v 1.16 2005/07/08 01:31:08 albertel Exp $ -->
 
 <!--
 
@@ -262,6 +262,16 @@
 </note>
 </file>
 <file>
+  <source>doc/loncapafiles/wrap_setuid.piml</source>
+  <target dist='default'>wrap_setuid.piml</target>
+  <categoryname>system file</categoryname>
+  <description>
+Wraps the setuid perl scripts into a binary excutable wrapper.
+  </description>
+  <note>
+  </note>
+</file>
+<file>
 <source>doc/loncapafiles/valid_hosts.xfml</source>
 <target dist='default'>valid_hosts.xfml</target>
 <categoryname>system file</categoryname>

Index: doc/loncapafiles/wrap_setuid.piml
+++ doc/loncapafiles/wrap_setuid.piml
<!DOCTYPE piml PUBLIC "-//TUX/DTD piml 1.0 Final//EN" 
	"http://lpml.sourceforge.net/DTD/piml.dtd">
<!-- wrap_setuid.piml -->
<!-- Guy Albertelli -->

<!-- $Id: wrap_setuid.piml,v 1.1 2005/07/08 01:31:08 albertel Exp $ -->

<!--

This file is part of the LearningOnline Network with CAPA (LON-CAPA).

LON-CAPA is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

LON-CAPA is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with LON-CAPA; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

/home/httpd/html/adm/gpl.txt

http://www.lon-capa.org/

-->

<piml>
<targetroot>/</targetroot>
<files>
<file>
<target dist="default">/home/httpd/perl</target>
<perlscript mode="fg" dist="default">
print("Not wrapping setuid scripts\n");
</perlscript>
<perlscript mode="fg" dist="suse9.2">

$fslist='<TARGET />';
open(FIND,  "find <TARGET /> -xdev -type f \\( -perm -04000 -o -perm -02000 \\) -print|");
while (&lt;FIND&gt;) {
    chop;
    next unless -T;
    print("Fixing ", $_, "\n");
    ($dir,$file) = m|(.*)/(.*)|;
    chdir $dir || die "Can't chdir to $dir";
    ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,$blksize,$blocks)
     = stat($file);
    die("Can't stat $_") unless $ino;
    rename($file,".$file");
    chmod(($mode & 01777), ".$file");# wipe out set[ug]id bits
    open(C,"&gt;.tmp$$.c") || die("Can't write C program for $_");
    $real = "$dir/.$file";
    print C '
        main(argc,argv)
        int argc;
        char **argv;
        {
                execv("' . $real . '",argv);
        }
';
    close C;
    system('/usr/bin/cc', ".tmp$$.c", '-o', $file);
    die("Can't compile new $_") if $?;
    chown($uid, $gid, $file);
    chmod($mode, $file);

    unlink(".tmp$$.c");
    chdir('/');
}

</perlscript>
</file>
</files>
</piml>