Menu
▾
▴
[Cerb-commits] cerb-ng/examples openssh.cb,1.45,1.46 ping.cb,1.25,1.26 syslogd.cb,1.9,1.10
|
From: <da...@us...> - 2003-08-11 13:12:16
|
Update of /cvsroot/cerber/cerb-ng/examples
In directory sc8-pr-cvs1:/tmp/cvs-serv23907
Modified Files:
openssh.cb ping.cb syslogd.cb
Log Message:
Fixed stupid typos.
Submitted by: Michal Belczyk <di...@bs...>
Index: openssh.cb
===================================================================
RCS file: /cvsroot/cerber/cerb-ng/examples/openssh.cb,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -d -r1.45 -r1.46
--- openssh.cb 8 Aug 2003 05:39:27 -0000 1.45
+++ openssh.cb 11 Aug 2003 13:12:12 -0000 1.46
@@ -22,6 +22,7 @@
#define SSHD_INODE GET_INODE("/usr/sbin/sshd")
#define SSHD_DEV GET_DEV("/usr/sbin/sshd")
#define SSHD_PORT 22u
+#define SSHD_PID_FILE "/var/run/sshd.pid"
beginrules
@@ -46,6 +47,9 @@
crsysctl("openssh.port", SSHD_PORT);
#undef SSHD_PORT
#define SSHD_PORT CB_SYSCTL("openssh.port")
+ crsysctl("openssh.pid_file", SSHD_PID_FILE);
+#undef SSHD_PID_FILE
+#define SSHD_PID_FILE CB_SYSCTL("openssh.pid_file")
crsysctl("openssh.permit_root_login", PERMIT_ROOT_LOGIN);
#undef PERMIT_ROOT_LOGIN
#define PERMIT_ROOT_LOGIN CB_SYSCTL("openssh.permit_root_login")
@@ -116,7 +120,7 @@
return EPERM;
}
if (syscall == SYS_open) {
- if (arg[0] == "/var/run/sshd.pid" &&
+ if (arg[0] == SSHD_PID_FILE &&
arg[1] == (O_WRONLY | O_CREAT | O_TRUNC)) {
/* setting effective uid to 0 */
reg[0] = sucall();
@@ -299,7 +303,7 @@
return reg[0];
}
if (syscall == SYS_unlink) {
- if (arg[0] == "/var/run/sshd.pid") {
+ if (arg[0] == SSHD_PID_FILE) {
reg[0] = sucall();
CB_LOG(LOG_INFO, "Removing %s [ret=%d].", arg[0],
reg[0]);
@@ -307,7 +311,11 @@
}
}
if (syscall == SYS_stat) {
+ reg[0] = euid;
+ setpeuid(0);
+ /* We need uid 0 to look into user's home directory. */
reg[1] = realpath(arg[0]);
+ setpeuid(reg[0]);
if (reg[1] @ "/usr/home/*/.ssh" ||
reg[1] @ "/usr/home/*/.ssh/authorized_keys" ||
reg[1] @ "/usr/home/*/.ssh/authorized_keys2") {
Index: ping.cb
===================================================================
RCS file: /cvsroot/cerber/cerb-ng/examples/ping.cb,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- ping.cb 23 Jul 2003 21:40:39 -0000 1.25
+++ ping.cb 11 Aug 2003 13:12:12 -0000 1.26
@@ -63,7 +63,7 @@
arg[1] == SOCK_RAW &&
arg[2] == IPPROTO_ICMP) {
/* let's change effective uid to 0 */
- reg[0] = call(); /* calling socket() */
+ reg[0] = sucall(); /* calling socket() */
CB_LOG(LOG_INFO, "Opening raw socket [ret=%d].",
reg[0]);
return reg[0];
Index: syslogd.cb
===================================================================
RCS file: /cvsroot/cerber/cerb-ng/examples/syslogd.cb,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- syslogd.cb 1 Jul 2003 10:09:29 -0000 1.9
+++ syslogd.cb 11 Aug 2003 13:12:12 -0000 1.10
@@ -130,7 +130,7 @@
}
if (syscall == SYS_unlink) {
if (arg[0] == _PATH_LOG ||
- arg[0] == getstr("%s%s", SYSLOGD_JAIL_PATH, _PATH_LOG)) {
+ arg[0] == genstr("%s%s", SYSLOGD_JAIL_PATH, _PATH_LOG)) {
reg[0] = sucall();
CB_LOG(LOG_INFO, "Removing %s [ret=%d].", arg[0], reg[0]);
return reg[0];
@@ -139,7 +139,7 @@
if (syscall == SYS_chmod) {
if (arg[1] == 0666 &&
(arg[0] == _PATH_LOG ||
- arg[0] == genstr("%s%s, SYSLOGD_JAIL_PATH, _PATH_LOG))) {
+ arg[0] == genstr("%s%s", SYSLOGD_JAIL_PATH, _PATH_LOG))) {
reg[0] = sucall();
CB_LOG(LOG_INFO, "Changing mode of %s to %o [ret=%d].",
arg[0], arg[1], reg[0]);
@@ -160,7 +160,7 @@
if (syscall == SYS_bind && getfamily(arg[1]) == AF_UNIX) {
reg[1] = getunpath(arg[1]);
if (reg[1] == _PATH_LOG ||
- reg[1] == genstr("%s%s, SYSLOGD_JAIL_PATH, _PATH_LOG))) {
+ reg[1] == genstr("%s%s", SYSLOGD_JAIL_PATH, _PATH_LOG))) {
reg[0] = sucall();
CB_LOG(LOG_INFO, "Binding to %s [ret=%d].", reg[1],
reg[0]);
|