22
22
Assuming the script is a Bourne shell script, the first line of the
25
25
The - is important, don't omit it. If you're using esh, the first
27
#!/usr/local/bin/esh -f
27
#!/usr/local/bin/esh -f
28
28
and for ksh, the first line should be
29
#!/usr/local/bin/ksh -p
29
#!/usr/local/bin/ksh -p
30
30
The script should then set the variable IFS to the string
31
31
consisting of <space>, <tab>, and <newline>. After this (*not*
32
32
before!), the PATH variable should be set to a reasonable value and
33
33
exported. Do not expect the PATH to have a reasonable value, so do
34
34
not trust the old value of PATH. You should then set the umask of
35
35
the program by calling
36
umask 077 # or 022 if you want the files to be readable
36
umask 077 # or 022 if you want the files to be readable
37
37
If you plan to change directories, you should either unset CDPATH
38
38
or set it to a good value. Setting CDPATH to just ``.'' (dot) is a
40
40
If, for some reason, you want to use csh, the first line should be
42
42
You should then set the path variable to something reasonable,
43
43
without trusting the inherited path. Here too, you should set the
44
44
umask using the command
45
umask 077 # or 022 if you want the files to be readable
45
umask 077 # or 022 if you want the files to be readable
48
48
#include <unistd.h>
102
102
clean_environ(void)
105
extern char **environ;
105
extern char **environ;
107
for (p = environ; *p; p++) {
108
if (strncmp(*p, "LD_", 3) == 0)
110
else if (strncmp(*p, "_RLD", 4) == 0)
112
else if (strncmp(*p, "PYTHON", 6) == 0)
114
else if (strncmp(*p, "IFS=", 4) == 0)
116
else if (strncmp(*p, "CDPATH=", 7) == 0)
118
else if (strncmp(*p, "ENV=", 4) == 0)
107
for (p = environ; *p; p++) {
108
if (strncmp(*p, "LD_", 3) == 0)
110
else if (strncmp(*p, "_RLD", 4) == 0)
112
else if (strncmp(*p, "PYTHON", 6) == 0)
114
else if (strncmp(*p, "IFS=", 4) == 0)
116
else if (strncmp(*p, "CDPATH=", 7) == 0)
118
else if (strncmp(*p, "ENV=", 4) == 0)
125
125
main(int argc, char **argv)
128
gid_t egid = getegid();
129
uid_t euid = geteuid();
133
This check should be made compile-time, but that's not possible.
134
If you're sure that you specified a full path name for FULL_PATH,
135
you can omit this check.
137
if (FULL_PATH[0] != '/') {
138
fprintf(stderr, "%s: %s is not a full path name\n", argv[0],
140
fprintf(stderr, "You can only use this wrapper if you\n");
141
fprintf(stderr, "compile it with an absolute path.\n");
147
Check that the owner of the script is equal to either the
148
effective uid or the super user.
150
if (stat(FULL_PATH, &statb) < 0) {
154
if (statb.st_uid != 0 && statb.st_uid != euid) {
155
fprintf(stderr, "%s: %s has the wrong owner\n", argv[0],
157
fprintf(stderr, "The script should be owned by root,\n");
158
fprintf(stderr, "and shouldn't be writable by anyone.\n");
162
if (setregid(egid, egid) < 0)
164
if (setreuid(euid, euid) < 0)
171
while (**argv == '-') /* don't let argv[0] start with '-' */
173
execv(FULL_PATH, argv);
174
fprintf(stderr, "%s: could not execute the script\n", argv[0]);
128
gid_t egid = getegid();
129
uid_t euid = geteuid();
133
This check should be made compile-time, but that's not possible.
134
If you're sure that you specified a full path name for FULL_PATH,
135
you can omit this check.
137
if (FULL_PATH[0] != '/') {
138
fprintf(stderr, "%s: %s is not a full path name\n", argv[0],
140
fprintf(stderr, "You can only use this wrapper if you\n");
141
fprintf(stderr, "compile it with an absolute path.\n");
147
Check that the owner of the script is equal to either the
148
effective uid or the super user.
150
if (stat(FULL_PATH, &statb) < 0) {
154
if (statb.st_uid != 0 && statb.st_uid != euid) {
155
fprintf(stderr, "%s: %s has the wrong owner\n", argv[0],
157
fprintf(stderr, "The script should be owned by root,\n");
158
fprintf(stderr, "and shouldn't be writable by anyone.\n");
162
if (setregid(egid, egid) < 0)
164
if (setreuid(euid, euid) < 0)
171
while (**argv == '-') /* don't let argv[0] start with '-' */
173
execv(FULL_PATH, argv);
174
fprintf(stderr, "%s: could not execute the script\n", argv[0]);