diff options
author | vikram <none@none> | 2006-06-02 13:16:25 -0700 |
---|---|---|
committer | vikram <none@none> | 2006-06-02 13:16:25 -0700 |
commit | 1a97e40eb1d972776a1a1cc4093fc399eb2a59d3 (patch) | |
tree | e96dafd3e85311d6bd6b90048f6c884e16e0f900 /usr/src | |
parent | e3e793b1c4791518f806cd8a8a4fafe1a675ba52 (diff) | |
download | illumos-joyent-1a97e40eb1d972776a1a1cc4093fc399eb2a59d3.tar.gz |
6351677 bootadm should allow certain sub-commands to be run by non-root users
6369346 bootadm emits error message when running init under pfexec
6429888 bootadm doesn't check arguments as well as it could
Diffstat (limited to 'usr/src')
-rw-r--r-- | usr/src/cmd/boot/bootadm/bootadm.c | 46 | ||||
-rw-r--r-- | usr/src/cmd/boot/bootadm/message.h | 4 | ||||
-rw-r--r-- | usr/src/lib/libsecdb/exec_attr.txt | 2 |
3 files changed, 34 insertions, 18 deletions
diff --git a/usr/src/cmd/boot/bootadm/bootadm.c b/usr/src/cmd/boot/bootadm/bootadm.c index df68f1e116..a2193ed766 100644 --- a/usr/src/cmd/boot/bootadm/bootadm.c +++ b/usr/src/cmd/boot/bootadm/bootadm.c @@ -130,6 +130,7 @@ typedef struct { char *subcmd; option_t option; error_t (*handler)(); + int unpriv; /* is this an unprivileged command */ } subcmd_defn_t; @@ -295,20 +296,20 @@ static void sparc_abort(void); /* Menu related sub commands */ static subcmd_defn_t menu_subcmds[] = { - "set_option", OPT_OPTIONAL, set_option, /* PUB */ - "list_entry", OPT_OPTIONAL, list_entry, /* PUB */ - "delete_all_entries", OPT_ABSENT, delete_all_entries, /* PVT */ - "update_entry", OPT_REQ, update_entry, /* menu */ - "update_temp", OPT_OPTIONAL, update_temp, /* reboot */ - NULL, 0, NULL /* must be last */ + "set_option", OPT_OPTIONAL, set_option, 0, /* PUB */ + "list_entry", OPT_OPTIONAL, list_entry, 1, /* PUB */ + "delete_all_entries", OPT_ABSENT, delete_all_entries, 0, /* PVT */ + "update_entry", OPT_REQ, update_entry, 0, /* menu */ + "update_temp", OPT_OPTIONAL, update_temp, 0, /* reboot */ + NULL, 0, NULL, 0 /* must be last */ }; /* Archive related sub commands */ static subcmd_defn_t arch_subcmds[] = { - "update", OPT_ABSENT, update_archive, /* PUB */ - "update_all", OPT_ABSENT, update_all, /* PVT */ - "list", OPT_OPTIONAL, list_archive, /* PUB */ - NULL, 0, NULL /* must be last */ + "update", OPT_ABSENT, update_archive, 0, /* PUB */ + "update_all", OPT_ABSENT, update_all, 0, /* PVT */ + "list", OPT_OPTIONAL, list_archive, 1, /* PUB */ + NULL, 0, NULL, 0 /* must be last */ }; static struct { @@ -348,12 +349,6 @@ main(int argc, char *argv[]) prog++; } - if (geteuid() != 0) { - bam_error(MUST_BE_ROOT); - bam_exit(1); - } - - bam_lock(); /* * Don't depend on caller's umask @@ -610,6 +605,14 @@ check_subcmd_and_options( return (BAM_ERROR); } + if (bam_argc != 0 || bam_argv) { + if (strcmp(subcmd, "set_option") != 0 || bam_argc != 1) { + bam_error(TRAILING_ARGS); + usage(); + return (BAM_ERROR); + } + } + if (bam_root == NULL) { bam_root = rootbuf; bam_rootlen = 1; @@ -626,6 +629,17 @@ check_subcmd_and_options( return (BAM_ERROR); } + if (table[i].unpriv == 0 && geteuid() != 0) { + bam_error(MUST_BE_ROOT); + return (BAM_ERROR); + } + + /* + * Currently only privileged commands need a lock + */ + if (table[i].unpriv == 0) + bam_lock(); + /* subcmd verifies that opt is appropriate */ if (table[i].option != OPT_OPTIONAL) { if ((table[i].option == OPT_REQ) ^ (opt != NULL)) { diff --git a/usr/src/cmd/boot/bootadm/message.h b/usr/src/cmd/boot/bootadm/message.h index 7b4117e717..5620fbb04c 100644 --- a/usr/src/cmd/boot/bootadm/message.h +++ b/usr/src/cmd/boot/bootadm/message.h @@ -38,7 +38,7 @@ extern "C" { #define DIR_MISS gettext("directory not found: %s\n") -#define MUST_BE_ROOT gettext("you must be root to run this program\n") +#define MUST_BE_ROOT gettext("you must be root to run this command\n") #define NOT_GRUB_BOOT gettext("%s: not a GRUB boot OS instance\n") @@ -301,6 +301,8 @@ the failsafe archive unbootable\n") #define BAD_ROOT_FILE gettext("file is invalid: %s\n") +#define TRAILING_ARGS gettext("invalid trailing arguments\n") + #define RESTORING_GRUB \ gettext("No GRUB installation found. Restoring GRUB from backup\n") diff --git a/usr/src/lib/libsecdb/exec_attr.txt b/usr/src/lib/libsecdb/exec_attr.txt index e7d8774173..6ded54c77d 100644 --- a/usr/src/lib/libsecdb/exec_attr.txt +++ b/usr/src/lib/libsecdb/exec_attr.txt @@ -129,7 +129,7 @@ Maintenance and Repair:suser:cmd:::/usr/bin/ldd:euid=0 Maintenance and Repair:suser:cmd:::/usr/bin/vmstat:euid=0 Maintenance and Repair:suser:cmd:::/usr/sbin/eeprom:euid=0 Maintenance and Repair:suser:cmd:::/usr/sbin/halt:euid=0 -Maintenance and Repair:suser:cmd:::/sbin/init:euid=0 +Maintenance and Repair:suser:cmd:::/sbin/init:uid=0 Maintenance and Repair:suser:cmd:::/usr/sbin/poweroff:uid=0 Maintenance and Repair:suser:cmd:::/usr/sbin/prtconf:euid=0 Maintenance and Repair:suser:cmd:::/usr/sbin/reboot:uid=0 |