summaryrefslogtreecommitdiff
path: root/usr/src
diff options
context:
space:
mode:
authorvikram <none@none>2006-06-02 13:16:25 -0700
committervikram <none@none>2006-06-02 13:16:25 -0700
commit1a97e40eb1d972776a1a1cc4093fc399eb2a59d3 (patch)
treee96dafd3e85311d6bd6b90048f6c884e16e0f900 /usr/src
parente3e793b1c4791518f806cd8a8a4fafe1a675ba52 (diff)
downloadillumos-joyent-1a97e40eb1d972776a1a1cc4093fc399eb2a59d3.tar.gz
6351677 bootadm should allow certain sub-commands to be run by non-root users
6369346 bootadm emits error message when running init under pfexec 6429888 bootadm doesn't check arguments as well as it could
Diffstat (limited to 'usr/src')
-rw-r--r--usr/src/cmd/boot/bootadm/bootadm.c46
-rw-r--r--usr/src/cmd/boot/bootadm/message.h4
-rw-r--r--usr/src/lib/libsecdb/exec_attr.txt2
3 files changed, 34 insertions, 18 deletions
diff --git a/usr/src/cmd/boot/bootadm/bootadm.c b/usr/src/cmd/boot/bootadm/bootadm.c
index df68f1e116..a2193ed766 100644
--- a/usr/src/cmd/boot/bootadm/bootadm.c
+++ b/usr/src/cmd/boot/bootadm/bootadm.c
@@ -130,6 +130,7 @@ typedef struct {
char *subcmd;
option_t option;
error_t (*handler)();
+ int unpriv; /* is this an unprivileged command */
} subcmd_defn_t;
@@ -295,20 +296,20 @@ static void sparc_abort(void);
/* Menu related sub commands */
static subcmd_defn_t menu_subcmds[] = {
- "set_option", OPT_OPTIONAL, set_option, /* PUB */
- "list_entry", OPT_OPTIONAL, list_entry, /* PUB */
- "delete_all_entries", OPT_ABSENT, delete_all_entries, /* PVT */
- "update_entry", OPT_REQ, update_entry, /* menu */
- "update_temp", OPT_OPTIONAL, update_temp, /* reboot */
- NULL, 0, NULL /* must be last */
+ "set_option", OPT_OPTIONAL, set_option, 0, /* PUB */
+ "list_entry", OPT_OPTIONAL, list_entry, 1, /* PUB */
+ "delete_all_entries", OPT_ABSENT, delete_all_entries, 0, /* PVT */
+ "update_entry", OPT_REQ, update_entry, 0, /* menu */
+ "update_temp", OPT_OPTIONAL, update_temp, 0, /* reboot */
+ NULL, 0, NULL, 0 /* must be last */
};
/* Archive related sub commands */
static subcmd_defn_t arch_subcmds[] = {
- "update", OPT_ABSENT, update_archive, /* PUB */
- "update_all", OPT_ABSENT, update_all, /* PVT */
- "list", OPT_OPTIONAL, list_archive, /* PUB */
- NULL, 0, NULL /* must be last */
+ "update", OPT_ABSENT, update_archive, 0, /* PUB */
+ "update_all", OPT_ABSENT, update_all, 0, /* PVT */
+ "list", OPT_OPTIONAL, list_archive, 1, /* PUB */
+ NULL, 0, NULL, 0 /* must be last */
};
static struct {
@@ -348,12 +349,6 @@ main(int argc, char *argv[])
prog++;
}
- if (geteuid() != 0) {
- bam_error(MUST_BE_ROOT);
- bam_exit(1);
- }
-
- bam_lock();
/*
* Don't depend on caller's umask
@@ -610,6 +605,14 @@ check_subcmd_and_options(
return (BAM_ERROR);
}
+ if (bam_argc != 0 || bam_argv) {
+ if (strcmp(subcmd, "set_option") != 0 || bam_argc != 1) {
+ bam_error(TRAILING_ARGS);
+ usage();
+ return (BAM_ERROR);
+ }
+ }
+
if (bam_root == NULL) {
bam_root = rootbuf;
bam_rootlen = 1;
@@ -626,6 +629,17 @@ check_subcmd_and_options(
return (BAM_ERROR);
}
+ if (table[i].unpriv == 0 && geteuid() != 0) {
+ bam_error(MUST_BE_ROOT);
+ return (BAM_ERROR);
+ }
+
+ /*
+ * Currently only privileged commands need a lock
+ */
+ if (table[i].unpriv == 0)
+ bam_lock();
+
/* subcmd verifies that opt is appropriate */
if (table[i].option != OPT_OPTIONAL) {
if ((table[i].option == OPT_REQ) ^ (opt != NULL)) {
diff --git a/usr/src/cmd/boot/bootadm/message.h b/usr/src/cmd/boot/bootadm/message.h
index 7b4117e717..5620fbb04c 100644
--- a/usr/src/cmd/boot/bootadm/message.h
+++ b/usr/src/cmd/boot/bootadm/message.h
@@ -38,7 +38,7 @@ extern "C" {
#define DIR_MISS gettext("directory not found: %s\n")
-#define MUST_BE_ROOT gettext("you must be root to run this program\n")
+#define MUST_BE_ROOT gettext("you must be root to run this command\n")
#define NOT_GRUB_BOOT gettext("%s: not a GRUB boot OS instance\n")
@@ -301,6 +301,8 @@ the failsafe archive unbootable\n")
#define BAD_ROOT_FILE gettext("file is invalid: %s\n")
+#define TRAILING_ARGS gettext("invalid trailing arguments\n")
+
#define RESTORING_GRUB \
gettext("No GRUB installation found. Restoring GRUB from backup\n")
diff --git a/usr/src/lib/libsecdb/exec_attr.txt b/usr/src/lib/libsecdb/exec_attr.txt
index e7d8774173..6ded54c77d 100644
--- a/usr/src/lib/libsecdb/exec_attr.txt
+++ b/usr/src/lib/libsecdb/exec_attr.txt
@@ -129,7 +129,7 @@ Maintenance and Repair:suser:cmd:::/usr/bin/ldd:euid=0
Maintenance and Repair:suser:cmd:::/usr/bin/vmstat:euid=0
Maintenance and Repair:suser:cmd:::/usr/sbin/eeprom:euid=0
Maintenance and Repair:suser:cmd:::/usr/sbin/halt:euid=0
-Maintenance and Repair:suser:cmd:::/sbin/init:euid=0
+Maintenance and Repair:suser:cmd:::/sbin/init:uid=0
Maintenance and Repair:suser:cmd:::/usr/sbin/poweroff:uid=0
Maintenance and Repair:suser:cmd:::/usr/sbin/prtconf:euid=0
Maintenance and Repair:suser:cmd:::/usr/sbin/reboot:uid=0