diff options
-rwxr-xr-x | sponge | 12 | ||||
-rwxr-xr-x | sux | 312 |
2 files changed, 0 insertions, 324 deletions
@@ -1,12 +0,0 @@ -#! /usr/bin/perl -w - -# Origin: http://riva.ucam.org/svn/cjwatson/bin/sponge - -use strict; - -binmode STDIN; -undef $/; -my $input = <STDIN>; -open OUT, "> $ARGV[0]" or die "couldn't open $ARGV[0]: $!"; -print OUT $input or die "couldn't write to $ARGV[0]: $!"; -close OUT or die "couldn't close $ARGV[0]: $!"; @@ -1,312 +0,0 @@ -#!/bin/sh - -# Written by Francois Gouget, fgouget@free.fr -# With many thanks to Daniel Martin and Falk Hueffner for their help - -# How to transfer cookies for root. See the sux_cookie_transfer variable -# for options. Note that use-xauthority may not work if home directories -# are on NFS. In such a case, change the default to copy-cookies. -sux_root_cookie_transfer="c" - - -usage() -{ - echo "usage: `basename $0` [-m|-p|--preserve-environment]" >&2 - echo " [--display display]" >&2 - echo " [--no-cookies|--copy-cookies|--use-xauthority]" >&2 - echo " [--untrusted] [--timeout x]" >&2 - echo " [-] [username [command]]" >&2 - exit 2 -} - - -## -# Process the sux options -sux_su_opts="" -sux_preserve="" -sux_got_minus=0 -# "" -> default, n -> no-cookies, c -> copy-cookies, x -> use-xauthority -sux_cookie_transfer="" -sux_username="" -sux_untrusted="" -sux_timeout="" -while [ $# -gt 0 ] -do - if [ "$sux_got_minus" = "1" ] - then - # Username follows "-" - sux_username="$1" - sux_su_opts="$sux_su_opts $1" - shift - # The remainder is the command to be executed - break - elif [ "$1" = "-" ] - then - # Last option before the username - sux_su_opts="$sux_su_opts $1" - sux_got_minus=1 - shift - elif [ "$1" = "-m" -o "$1" = "-p" -o "$1" = "--preserve-environment" ] - then - sux_preserve="1" - sux_su_opts="$sux_su_opts $1" - shift - elif [ "$1" = "--display" ] - then - if [ $# -lt 2 ] - then - echo "--display takes a display name as an argument" >&2 - usage # exits - fi - export DISPLAY="$2" - shift 2 - elif [ "$1" = "--no-cookies" ] - then - if [ -n "$sux_cookie_transfer" -a "$sux_cookie_transfer" != "n" ] - then - echo "--no-cookies is incompatible with --copy-cookies and --use-xauthority" >&2 - usage # exits - fi - sux_cookie_transfer="n" - shift - elif [ "$1" = "--copy-cookies" ] - then - if [ -n "$sux_cookie_transfer" -a "$sux_cookie_transfer" != "c" ] - then - echo "--copy-cookies is incompatible with --no-cookies and --use-xauthority" >&2 - usage # exits - fi - sux_cookie_transfer="c" - shift - elif [ "$1" = "--use-xauthority" ] - then - if [ -n "$sux_cookie_transfer" -a "$sux_cookie_transfer" != "x" ] - then - echo "--use-xauthority is incompatible with --no-cookies and --copy-cookies" >&2 - usage # exits - fi - sux_cookie_transfer="x" - shift - elif [ "$1" = "--untrusted" ] - then - sux_untrusted="untrusted" - shift - elif [ "$1" = "--timeout" ] - then - if [ $# -lt 2 ] - then - echo "--timeout takes a timeout in seconds" >&2 - usage # exits - fi - sux_timeout="timeout $2" - shift 2 - elif [ "$1" = "-?" ] - then - usage # exits - else - # First non-option is the username - sux_username="$1" - sux_su_opts="$sux_su_opts $1" - shift - # The remainder is the command to be executed - break - fi -done - - -## -# Get rid of the simple case -if [ -z "$DISPLAY" ] -then - # If DISPLAY is not set we can take a shortcut... - if [ -n "$sux_untrusted" -o -n "$sux_timeout" ] - then - echo "--untrusted and --timeout are only supported if DISPLAY is set" >&2 - usage #exits - fi - exec su $sux_su_opts "$@" -fi - - -## -# Do some option checking -if [ -z "$sux_username" ] -then - sux_username="root" -fi -if [ -z "$sux_cookie_transfer" ] -then - if [ "$sux_username" = "root" ] - then - sux_cookie_transfer="$sux_root_cookie_transfer" - else - sux_cookie_transfer="c" - fi -fi -if [ "$sux_cookie_transfer" = "x" -a "$sux_username" != "root" ] -then - echo "Only root can use --use-xauthority" >&2 - usage # exits -fi - - -## -# Create new cookies / retrieve the existing ones if necessary -if [ -n "$sux_untrusted" -o -n "$sux_timeout" ] -then - if [ "$sux_cookie_transfer" != "c" ] - then - echo "--no-cookies/--use-xauthority are incompatible with --untrusted/--timeout" >&2 - usage #exits - fi - - # Yeah, tempfile is a debian-specific command. Workarounds exist for - # other machines. If you do use a workaround, be certain that said - # workaround actually creates the new file, (via touch or similar) or - # xauth (below) will produce a pointless warning message. - sux_tmpfile=`tempfile -p sux` - xauth -q -f $sux_tmpfile generate $DISPLAY . $sux_untrusted $sux_timeout - sux_xauth_data=`xauth -f $sux_tmpfile nlist $DISPLAY` - rm -f $sux_tmpfile -fi - - -## -# Build the command to restore the cookies in the su -if [ "$sux_cookie_transfer" = "c" ] -then - # --copy-cookies case. We copy the cookie(s) using the xauth command. - - # If display is of the form "host:x.y" we may also need to get the - # cookies for "host/unix:x.y". - sux_unix_display=`echo $DISPLAY | sed -e 's#^\([a-zA-Z_.][a-zA-Z_.]*\):#\1/unix:#'` - if [ "$DISPLAY" = "$sux_unix_display" ] - then - sux_unix_display="" - fi - - # Get the cookies if we don't have them already - if [ -z "$sux_xauth_data" ] - then - # Get the cookies. Note that we may need to - sux_xauth_data=`xauth -q nlist $DISPLAY` - if [ -n "$sux_unix_display" ] - then - sux_xauth_data="$sux_xauth_data `xauth -q nlist $sux_unix_display`" - fi - fi - - # We highjack the TERM environment variable to transfer the cookies to the - # other user. We do this so that they never appear on any command line, and - # because TERM appears to be the only environment variable that is not - # reset by su. Then, as long as 'echo' is a shell builtin, these cookies - # will never appear as command line arguments which means noone will be - # able to intercept them (assuming they were safe in the first place). - sux_term="TERM='$TERM'" - # now we can store the script that will restore the cookies on the other - # side of the su, in TERM! - - # Remove the old cookies. They may cause trouble if we transfer only one - # cookie, e.g. an MIT cookie, and there's still a stale XDM cookie hanging - # around. - export TERM="xauth -q remove $DISPLAY 2>/dev/null;" - if [ -n "$sux_unix_display" ] - then - TERM="$TERM xauth -q remove $sux_unix_display;" - fi - - # Note that there may be more than one cookie to transfer, hence - # this loop - sux_i=0 - for sux_str in $sux_xauth_data - do - if [ $sux_i -eq 0 ] - then - TERM="$TERM echo $sux_str" - else - TERM="$TERM $sux_str" - fi - sux_i=`expr $sux_i + 1` - if [ $sux_i -eq 9 ] - then - TERM="$TERM | xauth nmerge - ;" - sux_i=0 - fi - done - sux_xauth_cmd="eval \$TERM;" - sux_xauthority="" -elif [ "$sux_cookie_transfer" = "x" ] -then - # --use-xauthority case. For root we can simplify things and simply - # access the original user's .Xauthority file. - sux_term="" - sux_xauth_cmd="" - if [ -n "$XAUTHORITY" ] - then - sux_xauthority="XAUTHORITY='$XAUTHORITY'" - else - sux_xauthority="XAUTHORITY='$HOME/.Xauthority'" - fi -else - # --no-cookies case. We just transfer $DISPLAY and assume the - # target user already has the necessary cookies - sux_term="" - sux_xauth_cmd="" - sux_xauthority="" -fi - - -## -# Marshall the specified command in an effort to support parameters that -# contain spaces. This should be enough to get commands like -# 'xterm -title "My XTerm"' to work. -sux_cmd="" -if [ $# -gt 0 ] -then - while [ $# -gt 0 ] - do - sux_cmd="$sux_cmd \"$1\"" - shift - done -elif [ "`basename $0`" = "suxterm" ] -then - # Start an xterm, useful for temporary cookies - sux_cmd="xterm" -else - # If no command is specified, start a shell - if [ $# -eq 0 ] - then - if [ "$sux_got_minus" = "1" ] - then - sux_cmd="sh -c \"exec -l \$SHELL\"" - else - sux_cmd="\$SHELL" - fi - fi -fi - - -## -# We would not want the other user to try and use our XAUTHORITY file. He -# wouldn't have the proper access rights anyway... -unset XAUTHORITY - - -## -# --preserve-environment special case -if [ -n "$sux_preserve" -a -n "$sux_xauth_cmd" ] -then - sux_home=`egrep "^$sux_username:" /etc/passwd | cut -d: -f6` - if [ -z "$sux_home" ] - then - echo "WARNING: --preserve-environment has been set, but no good value was found for XAUTHORITY, expect trouble" >&2 - else - export XAUTHORITY="$sux_home/.Xauthority" - fi -fi - - -## -# Execute su -exec su $sux_su_opts -c "$sux_xauth_cmd \ - exec env $sux_xauthority $sux_term DISPLAY='$DISPLAY' $sux_cmd;" |