From: <da...@us...> - 2003-08-11 13:12:16
|
Update of /cvsroot/cerber/cerb-ng/examples In directory sc8-pr-cvs1:/tmp/cvs-serv23907 Modified Files: openssh.cb ping.cb syslogd.cb Log Message: Fixed stupid typos. Submitted by: Michal Belczyk <di...@bs...> Index: openssh.cb =================================================================== RCS file: /cvsroot/cerber/cerb-ng/examples/openssh.cb,v retrieving revision 1.45 retrieving revision 1.46 diff -u -d -r1.45 -r1.46 --- openssh.cb 8 Aug 2003 05:39:27 -0000 1.45 +++ openssh.cb 11 Aug 2003 13:12:12 -0000 1.46 @@ -22,6 +22,7 @@ #define SSHD_INODE GET_INODE("/usr/sbin/sshd") #define SSHD_DEV GET_DEV("/usr/sbin/sshd") #define SSHD_PORT 22u +#define SSHD_PID_FILE "/var/run/sshd.pid" beginrules @@ -46,6 +47,9 @@ crsysctl("openssh.port", SSHD_PORT); #undef SSHD_PORT #define SSHD_PORT CB_SYSCTL("openssh.port") + crsysctl("openssh.pid_file", SSHD_PID_FILE); +#undef SSHD_PID_FILE +#define SSHD_PID_FILE CB_SYSCTL("openssh.pid_file") crsysctl("openssh.permit_root_login", PERMIT_ROOT_LOGIN); #undef PERMIT_ROOT_LOGIN #define PERMIT_ROOT_LOGIN CB_SYSCTL("openssh.permit_root_login") @@ -116,7 +120,7 @@ return EPERM; } if (syscall == SYS_open) { - if (arg[0] == "/var/run/sshd.pid" && + if (arg[0] == SSHD_PID_FILE && arg[1] == (O_WRONLY | O_CREAT | O_TRUNC)) { /* setting effective uid to 0 */ reg[0] = sucall(); @@ -299,7 +303,7 @@ return reg[0]; } if (syscall == SYS_unlink) { - if (arg[0] == "/var/run/sshd.pid") { + if (arg[0] == SSHD_PID_FILE) { reg[0] = sucall(); CB_LOG(LOG_INFO, "Removing %s [ret=%d].", arg[0], reg[0]); @@ -307,7 +311,11 @@ } } if (syscall == SYS_stat) { + reg[0] = euid; + setpeuid(0); + /* We need uid 0 to look into user's home directory. */ reg[1] = realpath(arg[0]); + setpeuid(reg[0]); if (reg[1] @ "/usr/home/*/.ssh" || reg[1] @ "/usr/home/*/.ssh/authorized_keys" || reg[1] @ "/usr/home/*/.ssh/authorized_keys2") { Index: ping.cb =================================================================== RCS file: /cvsroot/cerber/cerb-ng/examples/ping.cb,v retrieving revision 1.25 retrieving revision 1.26 diff -u -d -r1.25 -r1.26 --- ping.cb 23 Jul 2003 21:40:39 -0000 1.25 +++ ping.cb 11 Aug 2003 13:12:12 -0000 1.26 @@ -63,7 +63,7 @@ arg[1] == SOCK_RAW && arg[2] == IPPROTO_ICMP) { /* let's change effective uid to 0 */ - reg[0] = call(); /* calling socket() */ + reg[0] = sucall(); /* calling socket() */ CB_LOG(LOG_INFO, "Opening raw socket [ret=%d].", reg[0]); return reg[0]; Index: syslogd.cb =================================================================== RCS file: /cvsroot/cerber/cerb-ng/examples/syslogd.cb,v retrieving revision 1.9 retrieving revision 1.10 diff -u -d -r1.9 -r1.10 --- syslogd.cb 1 Jul 2003 10:09:29 -0000 1.9 +++ syslogd.cb 11 Aug 2003 13:12:12 -0000 1.10 @@ -130,7 +130,7 @@ } if (syscall == SYS_unlink) { if (arg[0] == _PATH_LOG || - arg[0] == getstr("%s%s", SYSLOGD_JAIL_PATH, _PATH_LOG)) { + arg[0] == genstr("%s%s", SYSLOGD_JAIL_PATH, _PATH_LOG)) { reg[0] = sucall(); CB_LOG(LOG_INFO, "Removing %s [ret=%d].", arg[0], reg[0]); return reg[0]; @@ -139,7 +139,7 @@ if (syscall == SYS_chmod) { if (arg[1] == 0666 && (arg[0] == _PATH_LOG || - arg[0] == genstr("%s%s, SYSLOGD_JAIL_PATH, _PATH_LOG))) { + arg[0] == genstr("%s%s", SYSLOGD_JAIL_PATH, _PATH_LOG))) { reg[0] = sucall(); CB_LOG(LOG_INFO, "Changing mode of %s to %o [ret=%d].", arg[0], arg[1], reg[0]); @@ -160,7 +160,7 @@ if (syscall == SYS_bind && getfamily(arg[1]) == AF_UNIX) { reg[1] = getunpath(arg[1]); if (reg[1] == _PATH_LOG || - reg[1] == genstr("%s%s, SYSLOGD_JAIL_PATH, _PATH_LOG))) { + reg[1] == genstr("%s%s", SYSLOGD_JAIL_PATH, _PATH_LOG))) { reg[0] = sucall(); CB_LOG(LOG_INFO, "Binding to %s [ret=%d].", reg[1], reg[0]); |