diff --git a/sysdeps/solaris/.cvsignore b/sysdeps/solaris/.cvsignore index 635816db..facaec43 100644 --- a/sysdeps/solaris/.cvsignore +++ b/sysdeps/solaris/.cvsignore @@ -4,3 +4,4 @@ Makefile Makefile.in libgtop_sysdeps.la *.lo +libgtop_sysdeps_suid.la diff --git a/sysdeps/solaris/ChangeLog b/sysdeps/solaris/ChangeLog index 5b8ff126..d3c56b97 100644 --- a/sysdeps/solaris/ChangeLog +++ b/sysdeps/solaris/ChangeLog @@ -1,3 +1,17 @@ +1999-05-08 Martin Baulig + + Use the setgid server for IPC Limits. + + * shm_limits.c, msg_limits.c, sem_limits.c: Moved them into the + setgid server since they need to access kvm data. + + * open_suid.c, close_suid.c: New file. We do the initialization and cleanup + for the setgid server here. + + * glibtop_suid.h: New file. We include this in the setgid files. + + * open.c: Moved kvm opening code into open_suid.c. + 1999-05-07 Drazen Kacar * glibtop_machine.h, open.c, mem.c, procmem.c: machine.pagesize diff --git a/sysdeps/solaris/Makefile.am b/sysdeps/solaris/Makefile.am index ef7846b0..12cf48d3 100644 --- a/sysdeps/solaris/Makefile.am +++ b/sysdeps/solaris/Makefile.am @@ -2,17 +2,22 @@ LINK = $(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@ INCLUDES = @INCLUDES@ -lib_LTLIBRARIES = libgtop_sysdeps.la +lib_LTLIBRARIES = libgtop_sysdeps.la libgtop_sysdeps_suid.la libgtop_sysdeps_la_SOURCES = open.c close.c siglist.c cpu.c mem.c swap.c \ - uptime.c loadavg.c shm_limits.c msg_limits.c \ - sem_limits.c proclist.c procstate.c procuid.c \ + uptime.c loadavg.c proclist.c procstate.c procuid.c \ proctime.c procmem.c procsignal.c prockernel.c \ procsegment.c procargs.c procmap.c netload.c \ ppp.c procdata.c libgtop_sysdeps_la_LDFLAGS = $(LT_VERSION_INFO) +libgtop_sysdeps_suid_la_SOURCES = open_suid.c close_suid.c \ + shm_limits.c msg_limits.c sem_limits.c + +libgtop_sysdeps_suid_la_LDFLAGS = $(LT_VERSION_INFO) + + include_HEADERS = glibtop_server.h glibtop_machine.h noinst_HEADERS = glibtop_private.h diff --git a/sysdeps/solaris/close_suid.c b/sysdeps/solaris/close_suid.c new file mode 100644 index 00000000..a8733f0f --- /dev/null +++ b/sysdeps/solaris/close_suid.c @@ -0,0 +1,30 @@ +/* $Id$ */ + +/* Copyright (C) 1998-99 Martin Baulig + This file is part of LibGTop 1.0. + + Contributed by Martin Baulig , April 1998. + + LibGTop is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, + or (at your option) any later version. + + LibGTop is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + for more details. + + You should have received a copy of the GNU General Public License + along with LibGTop; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ + +#include + +/* Closes pipe to gtop server. */ + +void +glibtop_close_p (glibtop *server) +{ } diff --git a/sysdeps/solaris/glibtop_server.h b/sysdeps/solaris/glibtop_server.h index b3822d47..0a13e6d4 100644 --- a/sysdeps/solaris/glibtop_server.h +++ b/sysdeps/solaris/glibtop_server.h @@ -31,9 +31,9 @@ BEGIN_LIBGTOP_DECLS #define GLIBTOP_SUID_SWAP 0 #define GLIBTOP_SUID_UPTIME 0 #define GLIBTOP_SUID_LOADAVG 0 -#define GLIBTOP_SUID_SHM_LIMITS 0 -#define GLIBTOP_SUID_MSG_LIMITS 0 -#define GLIBTOP_SUID_SEM_LIMITS 0 +#define GLIBTOP_SUID_SHM_LIMITS (1L << GLIBTOP_SYSDEPS_SHM_LIMITS) +#define GLIBTOP_SUID_MSG_LIMITS (1L << GLIBTOP_SYSDEPS_MSG_LIMITS) +#define GLIBTOP_SUID_SEM_LIMITS (1L << GLIBTOP_SYSDEPS_SEM_LIMITS) #define GLIBTOP_SUID_PROCLIST 0 #define GLIBTOP_SUID_PROC_STATE 0 #define GLIBTOP_SUID_PROC_UID 0 diff --git a/sysdeps/solaris/glibtop_suid.h b/sysdeps/solaris/glibtop_suid.h new file mode 100644 index 00000000..b88421ff --- /dev/null +++ b/sysdeps/solaris/glibtop_suid.h @@ -0,0 +1,48 @@ +/* $Id$ */ + +/* Copyright (C) 1998-99 Martin Baulig + This file is part of LibGTop 1.0. + + Contributed by Martin Baulig , April 1998. + + LibGTop is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, + or (at your option) any later version. + + LibGTop is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + for more details. + + You should have received a copy of the GNU General Public License + along with LibGTop; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ + +#ifndef __GLIBTOP_SUID_H__ +#define __GLIBTOP_SUID_H__ + +BEGIN_LIBGTOP_DECLS + +static inline void glibtop_suid_enter (glibtop *server) { + setreuid (server->machine.uid, server->machine.euid); +}; + +static inline void glibtop_suid_leave (glibtop *server) { + if (setreuid (server->machine.euid, server->machine.uid)) + _exit (1); +}; + +void +glibtop_init_p (glibtop *server, const unsigned long features, + const unsigned flags); +void +glibtop_open_p (glibtop *server, const char *program_name, + const unsigned long features, + const unsigned flags); + +END_LIBGTOP_DECLS + +#endif diff --git a/sysdeps/solaris/msg_limits.c b/sysdeps/solaris/msg_limits.c index 2e4db207..2614e7d8 100644 --- a/sysdeps/solaris/msg_limits.c +++ b/sysdeps/solaris/msg_limits.c @@ -37,7 +37,7 @@ static const unsigned long _glibtop_sysdeps_msg_limits = /* Init function. */ void -glibtop_init_msg_limits_s (glibtop *server) +glibtop_init_msg_limits_p (glibtop *server) { kvm_t *kd = server->machine.kd; @@ -50,7 +50,7 @@ glibtop_init_msg_limits_s (glibtop *server) /* Provides information about sysv ipc limits. */ void -glibtop_get_msg_limits_s (glibtop *server, glibtop_msg_limits *buf) +glibtop_get_msg_limits_p (glibtop *server, glibtop_msg_limits *buf) { kvm_t *kd = server->machine.kd; struct msginfo minfo; diff --git a/sysdeps/solaris/open.c b/sysdeps/solaris/open.c index ac8b6822..26c6bde0 100644 --- a/sysdeps/solaris/open.c +++ b/sysdeps/solaris/open.c @@ -189,11 +189,4 @@ glibtop_open_s (glibtop *server, const char *program_name, break; } } - - server->machine.kd = kvm_open(NULL, NULL, NULL, O_RDONLY, NULL); - if(!server->machine.kd) - glibtop_warn_io_r(server, "kvm_open()"); - - fprintf (stderr, "Sleeping 2 seconds, please wait ...\n"); - sleep (2); } diff --git a/sysdeps/solaris/open_suid.c b/sysdeps/solaris/open_suid.c new file mode 100644 index 00000000..502e7215 --- /dev/null +++ b/sysdeps/solaris/open_suid.c @@ -0,0 +1,92 @@ +/* $Id$ */ + +/* Copyright (C) 1998-99 Martin Baulig + This file is part of LibGTop 1.0. + + Contributed by Martin Baulig , April 1998. + + LibGTop is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, + or (at your option) any later version. + + LibGTop is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + for more details. + + You should have received a copy of the GNU General Public License + along with LibGTop; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ + +#include +#include + +#include + +#include +#include + +/* !!! THIS FUNCTION RUNS SUID ROOT - CHANGE WITH CAUTION !!! */ + +void +glibtop_init_p (glibtop *server, const unsigned long features, + const unsigned flags) +{ + glibtop_init_func_t *init_fkt; + + if (server == NULL) + glibtop_error_r (NULL, "glibtop_init_p (server == NULL)"); + + /* Do the initialization, but only if not already initialized. */ + + if ((server->flags & _GLIBTOP_INIT_STATE_INIT) == 0) { + glibtop_open_p (server, "glibtop", features, flags); + + for (init_fkt = _glibtop_init_hook_p; *init_fkt; init_fkt++) + (*init_fkt) (server); + + server->flags |= _GLIBTOP_INIT_STATE_INIT; + } +} + +/* !!! THIS FUNCTION RUNS SUID ROOT - CHANGE WITH CAUTION !!! */ + +void +glibtop_open_p (glibtop *server, const char *program_name, + const unsigned long features, const unsigned flags) +{ + /* !!! WE ARE ROOT HERE - CHANGE WITH CAUTION !!! */ + + server->name = program_name; + + server->machine.uid = getuid (); + server->machine.euid = geteuid (); + server->machine.gid = getgid (); + server->machine.egid = getegid (); + + server->machine.kd = kvm_open(NULL, NULL, NULL, O_RDONLY, NULL); + if(!server->machine.kd) + glibtop_warn_io_r(server, "kvm_open()"); + + /* Drop priviledges; we only become root when necessary. + + setreuid (ruid, euid) - set real and effective user id; + setregid (rgid, egid) - set real and effective group id; + + */ + + if (setreuid (server->machine.euid, server->machine.uid)) + _exit (1); + + if (setregid (server->machine.egid, server->machine.gid)) + _exit (1); + + /* !!! END OF SUID ROOT PART !!! */ + + /* Our effective uid is now those of the user invoking the server, + so we do no longer have any priviledges. + */ +} diff --git a/sysdeps/solaris/sem_limits.c b/sysdeps/solaris/sem_limits.c index 1a2af445..c7927638 100644 --- a/sysdeps/solaris/sem_limits.c +++ b/sysdeps/solaris/sem_limits.c @@ -38,7 +38,7 @@ static const unsigned long _glibtop_sysdeps_sem_limits = /* Init function. */ void -glibtop_init_sem_limits_s (glibtop *server) +glibtop_init_sem_limits_p (glibtop *server) { kvm_t *kd = server->machine.kd; @@ -51,7 +51,7 @@ glibtop_init_sem_limits_s (glibtop *server) /* Provides information about sysv sem limits. */ void -glibtop_get_sem_limits_s (glibtop *server, glibtop_sem_limits *buf) +glibtop_get_sem_limits_p (glibtop *server, glibtop_sem_limits *buf) { kvm_t *kd = server->machine.kd; struct seminfo sinfo; diff --git a/sysdeps/solaris/shm_limits.c b/sysdeps/solaris/shm_limits.c index df11d948..24854b33 100644 --- a/sysdeps/solaris/shm_limits.c +++ b/sysdeps/solaris/shm_limits.c @@ -35,7 +35,7 @@ static const unsigned long _glibtop_sysdeps_shm_limits = /* Init function. */ void -glibtop_init_shm_limits_s (glibtop *server) +glibtop_init_shm_limits_p (glibtop *server) { kvm_t *kd = server->machine.kd; @@ -48,7 +48,7 @@ glibtop_init_shm_limits_s (glibtop *server) /* Provides information about sysv ipc limits. */ void -glibtop_get_shm_limits_s (glibtop *server, glibtop_shm_limits *buf) +glibtop_get_shm_limits_p (glibtop *server, glibtop_shm_limits *buf) { kvm_t *kd = server->machine.kd; struct shminfo sinfo;