ruby-dev

なかだです。

　suidrubyについて考えてみました。

　基本的には、スクリプトをオープンした直後にフックを用意して、
チェックを入れてはねる、もしくは不要な特権を捨てるという形です。

　はねるスクリプトの条件としては以下の通り。

(1) real_readable?でもreal_executable?でもない
(2) setuidなのにgroup/world writable
(3) setgidなのにworld writable
(4) setuid/setgidされていない

　あとgroup_member()ですが、glibだと同じものが用意されてるので(
というかそれを意識したんでしょうが)、システムにあるときにはそち
らを使うということで、グローバルにしても問題はないんじゃないか
と思います。


-- 
--- 僕の前にBugはない。
--- 僕の後ろにBugはできる。
    中田 伸悦

Attachments (2)

suidruby.patch (3.49 KB, text/x-diff)

Index: Makefile.in
===================================================================
RCS file: /cvs/ruby/src/ruby/Makefile.in,v
retrieving revision 1.25
diff -u -2 -p -r1.25 Makefile.in
--- Makefile.in	2001/05/07 09:26:23	1.25
+++ Makefile.in	2001/09/02 07:37:20
@@ -26,7 +26,9 @@ MAINLIBS = @MAINLIBS@
 
 RUBY_INSTALL_NAME=@RUBY_INSTALL_NAME@
+SRUBY_INSTALL_NAME=@SRUBY_INSTALL_NAME@
 RUBY_SO_NAME=@RUBY_SO_NAME@
 EXEEXT = @EXEEXT@
 PROGRAM=$(RUBY_INSTALL_NAME)$(EXEEXT)
+SPROGRAM=$(SRUBY_INSTALL_NAME)$(EXEEXT)
 
 #### End of system configuration section. ####
@@ -95,4 +97,8 @@ all:		miniruby$(EXEEXT) @PREP@ rbconfig.
 		$(PURIFY) $(CC) $(LDFLAGS) $(XLDFLAGS) $(MAINLIBS) $(MAINOBJ) $(EXTOBJS) $(LIBRUBYARG) $(LIBS) -o $@
 
+$(SPROGRAM):	$(LIBRUBY) $(MAINOBJ) $(EXTOBJS) suid.@OBJEXT@
+		@rm -f $@
+		$(PURIFY) $(CC) $(LDFLAGS) $(XLDFLAGS) $(MAINLIBS) $(MAINOBJ) $(EXTOBJS) suid.@OBJEXT@ $(LIBRUBYARG) $(LIBS) -o $@
+
 $(LIBRUBY_A):	$(OBJS) dmyext.@OBJEXT@
 		@AR@ rcu $@ $(OBJS) dmyext.@OBJEXT@
@@ -277,2 +283,3 @@ util.@OBJEXT@: util.c ruby.h config.h de
 variable.@OBJEXT@: variable.c ruby.h config.h defines.h intern.h env.h node.h st.h
 version.@OBJEXT@: version.c ruby.h config.h defines.h intern.h version.h
+suid.@OBJEXT@: suid.c ruby.h rubyio.h
Index: configure.in
===================================================================
RCS file: /cvs/ruby/src/ruby/configure.in,v
retrieving revision 1.93
diff -u -2 -p -u -r1.93 configure.in
--- configure.in	2001/08/06 03:05:12	1.93
+++ configure.in	2001/09/02 07:36:42
@@ -299,5 +299,6 @@ AC_REPLACE_FUNCS(dup2 memmove mkdir strc
 	      setrgid setegid setregid setresgid pause lchown lchmod\
 	      getpgrp setpgrp getpgid setpgid getgroups getpriority getrlimit\
-	      dlopen sigprocmask sigaction _setjmp setsid telldir seekdir fchmod)
+	      dlopen sigprocmask sigaction _setjmp setsid telldir seekdir fchmod\
+	      group_member)
 AC_STRUCT_TIMEZONE
 AC_CACHE_CHECK(for external int daylight, rb_cv_have_daylight,
@@ -1002,4 +1003,5 @@ AC_SUBST(LIBRUBY_LDSHARED)
 AC_SUBST(LIBRUBY_DLDFLAGS)
 AC_SUBST(RUBY_INSTALL_NAME)
+AC_SUBST(SRUBY_INSTALL_NAME)
 AC_SUBST(RUBY_SO_NAME)
 AC_SUBST(LIBRUBY_A)
@@ -1022,4 +1024,5 @@ test "$program_suffix" != NONE &&
 
 RUBY_INSTALL_NAME="${ri_prefix}ruby${ri_suffix}"
+SRUBY_INSTALL_NAME="${ri_prefix}suidruby${ri_suffix}"
 case "$target_os" in
   cygwin*|mingw*|*djgpp*|os2_emx*)
Index: file.c
===================================================================
RCS file: /cvs/ruby/src/ruby/file.c,v
retrieving revision 1.69
diff -u -2 -p -u -r1.69 file.c
--- file.c	2001/08/23 06:02:14	1.69
+++ file.c	2001/09/02 00:07:32
@@ -386,5 +386,6 @@ rb_file_lstat(obj)
 }
 
-static int
+#ifndef HAVE_GROUP_MEMBER
+int
 group_member(gid)
     GETGROUPS_T gid;
@@ -411,4 +412,5 @@ group_member(gid)
     return Qfalse;
 }
+#endif
 
 #ifndef S_IXUGO
@@ -2405,4 +2407,12 @@ rb_find_file(path)
     return 0;
 }
+
+#if (defined S_ISUID || defined S_ISGID) && !defined __CYGWIN__
+void
+ruby_check_loadable(f)
+    VALUE f;
+{
+}
+#endif
 
 static void
Index: ruby.c
===================================================================
RCS file: /cvs/ruby/src/ruby/ruby.c,v
retrieving revision 1.51
diff -u -2 -p -u -r1.51 ruby.c
--- ruby.c	2001/09/01 03:34:04	1.51
+++ ruby.c	2001/09/02 11:45:18
@@ -21,4 +21,5 @@
 #include <stdio.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <ctype.h>
 
@@ -767,4 +768,8 @@ load_file(fname, script)
 		rb_io_binmode(f);
 	}
+#elif defined S_ISUID || defined S_ISGID
+	if (script) {
+	    ruby_check_loadable(f);
+	}
 #endif
     }

suid.c (2.24 KB, text/x-c++src)

/**********************************************************************

  suid.c -

  $Author$
  $Date$
  created at: Wed Aug 29 13:45:03 JST 2001

  This file is covered under the Ruby's license (see the file
  COPYING).

**********************************************************************/

#include "ruby.h"
#include "rubyio.h"
#include <errno.h>
#include <sys/stat.h>

#if !defined S_ISUID && !defined S_ISGID
#error "setuid/setgid not supported"
#endif

void
ruby_check_loadable(f)
    VALUE f;
{
    OpenFile *fptr;
    struct stat st;
    int setid = 0;
    int uid = (int)getuid(), gid = (int)getgid();
    int euid = (int)geteuid(), egid = (int)getegid();

    rb_check_type(f, T_FILE);

    if (uid == euid && gid == egid) return;

    GetOpenFile(f, fptr);
    if (fstat(fileno(fptr->f), &st) == -1) {
	rb_sys_fail(fptr->path);
    }

    if (uid != 0) {
	if ((
#if defined S_IRUSR || defined S_IXUSR
	    (st.st_uid == uid) ?
	    !(st.st_mode & (0
#ifdef S_IRUSR
			    |S_IRUSR
#endif
#ifdef S_IXUSR
			    |S_IXUSR
#endif
		)) :
#endif
#if defined S_IRGRP || defined S_IXGRP
	    group_member(st.st_gid) ?
	    !(st.st_mode & (0
#ifdef S_IRGRP
			    |S_IRGRP
#endif
#ifdef S_IXGRP
			    |S_IXGRP
#endif
		)) :
#endif
#if defined S_IROTH || defined S_IXOTH
	    !(st.st_mode & (0
#ifdef S_IROTH
			    |S_IROTH
#endif
#ifdef S_IXOTH
			    |S_IXOTH
#endif
		))
#else
	    0
#endif
	    )
#if defined S_ISUID && defined S_IWGRP
	    || !(~st.st_mode & (S_ISUID|S_IWGRP))
#endif
#if defined S_ISUID && defined S_IWOTH
	    || !(~st.st_mode & (S_ISUID|S_IWOTH))
#endif
#if defined S_ISGID && defined S_IWOTH
	    || !(~st.st_mode & (S_ISGID|S_IWOTH))
#endif
	    ) {
	    errno = EACCES;
	    rb_load_fail(fptr->path);
	}
    }

#ifdef S_ISGID
    if (st.st_mode & S_ISGID) {
# if defined HAVE_SETREGID
	setregid(-1, st.st_gid);
# elif defined HAVE_SETEGID
	setegid(st.st_gid);
# else
	setgid(st.st_gid);
# endif
	setid = 1;
    }
    else
#endif
	setgid(gid);

#ifdef S_ISUID
    if (st.st_mode & S_ISUID) {
# if defined HAVE_SETREUID
	setreuid(-1, st.st_uid);
# elif defined HAVE_SETEUID
	seteuid(st.st_uid);
# else
	setuid(st.st_uid);
# endif
	setid = 1;
    }
    else
#endif
	setuid(uid);

    if (!setid) {
	rb_loaderror("not setuid/setgid -- %s", fptr->path);
    }
}

Thread

Prev Next

In This Thread

Prev Next

[#14614] 大小文字を無視した比較で ' 帰 ' == ' 蟻 ' ? — "K.Umakoshi" <pegacorn@...>

[#14621] suidruby — nobu.nakada@...

[#14626] ARGV — WATANABE Hirofumi <eban@...>

[#14636] Re: [REQ] String#slice(re, n) — Minero Aoki <aamine@...>

[#14642] getnameinfo? — Masatoshi SEKI <m_seki@...>

[#14658] Socekt::SOL_TCP -> Socket::IPPROTO_TCP — m_seki@...

[#14662] How to abondon saved uid privilege — nobu.nakada@...

[#14668] = in conditional — "Akinori MUSHA" <knu@...>

[#14683] ruby 1.7 の eval.c で warning — Kazuhiro NISHIYAMA <zn@...>

[#14697] Forward: [ruby-talk:20735] bug in tk.rb? — matz@... (Yukihiro Matsumoto)

[#14698] Forward: [ruby-talk:20820] Ruby/Tk core dump — matz@... (Yukihiro Matsumoto)

[#14710] SEGV at digest.c — Tietew <tietew@...>

[#14712] extra puts() at digest.c — Tietew <tietew@...>

[#14716] CGI#header bug — Shugo Maeda <shugo@...>

[#14730] ruby-lex.rb: get value from TkSTRING and TkCOMMENT — TAKAHASHI Masayoshi <maki@...>

[#14741] Forward: [ruby-talk:20957] Re: Is Ruby/Tk being maintained? — matz@... (Yukihiro Matsumoto)

[#14742] Forward: [ruby-talk:20964] Re: Is Ruby/Tk being maintained? — matz@... (Yukihiro Matsumoto)

[#14743] [BUG] $_ on thread switching — nobu.nakada@...

[#14749] forwardable.rb : call Kernel.raise — Kenichi Komiya <kom@...1.accsnet.ne.jp>

[#14754] regex.c について — Osamu Shigematsu <shige@...>

[#14765] DISTCLEANFILES in mkmf.rb — nobu.nakada@...

[#14766] Enumerable#inject — OZAWA -Crouton- Sakuro <crouton@...>

[#14768] rational precision 対応 — keiju@... (Keiju ISHITSUKA)

[#14782] coredump in mod_ruby's configure.rb — "Akinori MUSHA" <knu@...>

[#14786] [PATCH] File.utime fails occasionally — nobu.nakada@...

[#14793] Array is not Comparable — "Akinori MUSHA" <knu@...>

[#14798] freeing thread stack etc. (Re: ruby 1.6.5 preview) — matz@... (Yukihiro Matsumoto)

[#14809] WAIT_SELECT value with multithread — nobu.nakada@...

[#14810] ruby1.6.5/marshal.c — "Shin'ya Adzumi" <adzumi@...>

[#14813] option -d differ with --debug — Koji Arai <JCA02266@...>

[#14816] Generator — "Akinori MUSHA" <knu@...>

[#14823] ruby-1.6.5 MacOS X 10.1 patch — SHIROYAMA Takayuki - <psi@...>

[#14824] mailread.rb — Tietew <tietew@...>

[ruby-dev:14621] suidruby

Attachments (2)

Thread

In This Thread

[#14823] ruby-1.6.5 MacOS X 10.1 patch — SHIROYAMA Takayuki　- <psi@...>