From 499a930cd3c68843d7abd9422cc8a5aef62653c2 Mon Sep 17 00:00:00 2001 From: Renzo Davoli Date: Tue, 29 Nov 2016 09:35:26 +0100 Subject: [PATCH] $SHELL if no arg in cado (tnx Davide) --- cado.1 | 5 ++++- cado.c | 23 ++++++++++++++++++----- cadrop.c | 8 +++++++- 3 files changed, 29 insertions(+), 7 deletions(-) diff --git a/cado.1 b/cado.1 index 360c843..a14d8c8 100644 --- a/cado.1 +++ b/cado.1 @@ -6,8 +6,8 @@ cado \- Capability Ambient DO [ .I OPTIONS ] -[ .I capability_list +[ .I command [ .I args @@ -29,6 +29,9 @@ If it is allowed for the current user to run processes with the requested capabi type their password (or to authenticate themselves as required by pam unless \fB-S\fR or \fB--scado\fR). Once the authentication succeeds, \fBcado\fR executes the command granting the required ambient capabilities. +If \fIcommand\fR is omitted cado launch the command specified in the environment +variable $SHELL. + The file /etc/cado.conf (see \fBcado.conf\fR(5)) defines which capabilities can be provided by \fBcado\fR to each user. Cado itself is not a setuid executable, it uses the capability mechanism and it has an option to set its own capabilities. So after each change in the /etc/cado.conf, the capability set should be diff --git a/cado.c b/cado.c index 9687cb2..c7f1a01 100644 --- a/cado.c +++ b/cado.c @@ -64,7 +64,7 @@ struct option long_options[]={ void usage(char *progname) { fprintf(stderr,"%s - execute a command in a different capability ambient\n\n",progname); - fprintf(stderr,"usage: %s OPTIONS capability_list command [args]\n\n",progname); + fprintf(stderr,"usage: %s OPTIONS capability_list [command [args]]\n\n",progname); fprintf(stderr,"Options:\n"); fprintf(stderr," -h, --help display help message and exit\n"); fprintf(stderr," -f, --force do not display warnings, do what is allowed\n"); @@ -87,6 +87,8 @@ int main(int argc, char*argv[]) int scado=0; int pam_check_required = 1; char copy_path[PATH_MAX] = ""; + char *argvsh[]={getenv("SHELL"),NULL}; + char **cmdargv; while (1) { int c=getopt_long(argc, argv, OPTSTRING, long_options, NULL); @@ -139,7 +141,7 @@ int main(int argc, char*argv[]) exit(0); } - if (argc - optind < 2) + if (argc - optind < 1) usage(progname); /* parse the set of requested capabilities */ @@ -158,11 +160,22 @@ int main(int argc, char*argv[]) optind++; + if (optind < argc) + cmdargv = argv + optind; + else { + cmdargv = argvsh; + if (cmdargv[0] == NULL) { + fprintf(stderr, "Error: $SHELL env variable not set.\n"); + exit(1); + } + } + + /* scado mode, check if there is a pre-authorization for the command */ if (scado) { - uint64_t scado_caps = cado_scado_check(user_groups[0], argv[optind], copy_path); + uint64_t scado_caps = cado_scado_check(user_groups[0], cmdargv[0], copy_path); if (verbose) { - printf("Scado permitted capabilities for %s:\n", argv[optind]); + printf("Scado permitted capabilities for %s:\n", cmdargv[0]); printcapset(scado_caps, " "); } okcaps &= scado_caps; @@ -203,6 +216,6 @@ int main(int argc, char*argv[]) } /* exec the command in the new ambient capability environment */ - execvp(copy_path[0] == 0 ? argv[optind] : copy_path, argv+optind); + execvp(copy_path[0] == 0 ? cmdargv[0] : copy_path, cmdargv); exit(2); } diff --git a/cadrop.c b/cadrop.c index e371794..29ec53b 100644 --- a/cadrop.c +++ b/cadrop.c @@ -57,7 +57,13 @@ int main(int argc, char *argv[]) { argv+=2; break; } - if (*argv == NULL) argv = argvsh; + if (*argv == NULL) { + if (*argvsh == NULL) { + fprintf(stderr, "Error: $SHELL env variable not set.\n"); + exit(1); + } + argv = argvsh; + } drop_ambient_cap(capset); execvp(argv[0],argv); perror("exec");