[Pkg-privacy-commits] [Git][pkg-privacy-team/monkeysphere][master] 3 commits: use bash variable substitution to avoid more perl
Daniel Kahn Gillmor
dkg at debian.org
Fri May 17 08:01:35 BST 2019
Daniel Kahn Gillmor pushed to branch master at Privacy Maintainers / monkeysphere
Commits:
470abb02 by Daniel Kahn Gillmor at 2019-05-17T06:01:25Z
use bash variable substitution to avoid more perl
- - - - -
b670bc3a by Daniel Kahn Gillmor at 2019-05-17T06:59:21Z
avoid perl for base64-encoding
- - - - -
1d6dc18b by Daniel Kahn Gillmor at 2019-05-17T06:59:56Z
Drop checkperms perlscript for bash function
We implement checkperms using bash and POSIX-style find. This is the
last bit of perl dependency that remains.
- - - - -
8 changed files:
- Makefile
- README
- packaging/macports/Portfile
- src/monkeysphere-host
- − src/share/checkperms
- src/share/common
- src/share/ma/setup
- tests/basic
Changes:
=====================================
Makefile
=====================================
@@ -73,7 +73,6 @@ install: all installman
install src/monkeysphere-authentication-keys-for-user $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0644 replaced/src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere
- install -m 0755 src/share/checkperms $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0755 src/share/keytrans $(DESTDIR)$(PREFIX)/share/monkeysphere
ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/pem2openpgp
ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2ssh
=====================================
README
=====================================
@@ -20,7 +20,9 @@ Dependencies
Monkeysphere depends on:
* GnuPG >= 2.1.17
+ * find (POSIX or GNU should both work)
* Perl
* lockfile-progs or procmail's lockfile
* Bash
* OpenSSH's ssh-keygen utility (>= 6.0)
+ * base64 (coreutils or fourmilab)
=====================================
packaging/macports/Portfile
=====================================
@@ -56,8 +56,7 @@ post-build {
# fix perl shebang line to point to macports perl install
exec sed -i .tmp -e "s|^#!/usr/bin/perl -T$|#!/opt/local/bin/perl -T|" \
- ${worksrcpath}/src/share/keytrans \
- ${worksrcpath}/src/share/checkperms
+ ${worksrcpath}/src/share/keytrans
# remove leftover sed cruft
exec find ${worksrcpath} -name *.tmp -delete
=====================================
src/monkeysphere-host
=====================================
@@ -131,11 +131,15 @@ check_service_name() {
[ -n "$name" ] || \
failure "You must supply a service name to check"
- printf '%s' "$name" | perl -n -e '($str = $_) =~ s/\s//g ; exit !(lc($str) eq $_);' || \
+ [[ "$name" = "${name,,}" ]] || \
failure "Not a valid service name: '$name'
-Service names should be canonicalized to all lower-case,
-with no whitespace"
+Service names should be canonicalized to all lower-case."
+
+ [[ "$name" = "${name//$' \n\r\t'/}" ]] || \
+ failure "Not a valid service name: '$name'
+
+Service names should not contain whitespace."
[[ "$name" =~ ^[a-z0-9./:-]+$ ]] || \
failure "Not a valid service name: '$name'
=====================================
src/share/checkperms deleted
=====================================
@@ -1,111 +0,0 @@
-#!/usr/bin/perl -T
-
-# checkperms: ensure as best we can that a given file can only be
-# modified by the given user (or the superuser, naturally). This
-# means checking file ownership and permissions all the way back to
-# the root directory. Pass the file by its absolute path.
-
-# example invocation:
-
-# checkperms dkg /home/dkg/.monkeysphere/authorized_user_ids
-
-# return values: zero if we believe the file and path can only be
-# modified by the user. non-zero otherwise.
-
-# see StrictModes in sshd_config(5) (and its implementation in
-# OpenSSH's secure_filename() in auth.c) for the initial
-# inspiration/rationale for this code.
-
-# Author:
-# Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-
-# Started on: 2009-07-31 11:10:16-0400
-
-# License: GPL v3 or later
-
-use strict;
-
-use Cwd qw(realpath); # found in debian in perl-base
-use File::stat; # found in debian in perl-modules
-use User::pwent; # found in debian in perl-modules
-use Fcntl qw(:mode); # for S_IS* functions (in perl-base)
-use File::Basename; # for dirname (in perl-modules)
-
-my $username = shift;
-my $path = shift;
-
-defined($username) or die "You must pass a username and an absolute path.\n";
-defined($path) or die "You must pass a username and an absolute path.\n";
-
-my $pw = getpwnam($username) or die "no such user $username\n";
-$path =~ m#^/# or die "path was not absolute (did not start with /)\n";
-
-sub mslog {
- my $level = shift;
-
- # FIXME: check and compare the log level
- if ($ENV{LOG_LEVEL} eq 'DEBUG') {
- my $format = shift;
- my $out = sprintf($format, @_);
-
- $out =~ s/^/$ENV{LOG_PREFIX}/ ;
-
- printf STDERR "%s", $out;
- }
-}
-
-## return undef if permissions are OK. otherwise return an error string
-sub permissions_ok {
- my $user = shift;
- my $path = shift;
-
- # if we can't even stat the path, the permissions are not ok:
- my $stat = lstat($path) or return "cannot stat '$path'";
-
- while (S_ISLNK($stat->mode)) {
- my $newpath = realpath($path) or return "cannot trace symlink '$path'";
- mslog('DEBUG', "tracing link %s to %s\n", $path, $newpath);
- $path = $newpath;
- $stat = lstat($path) or return "cannot stat '$path'";
- }
- mslog('DEBUG', "checking '%s'\n", $path);
-
- if (($stat->uid != $user->uid) &&
- ($stat->uid != 0)) {
- return sprintf("improper ownership on '%s': owner ID %d is neither %s (ID %d) nor the superuser",
- $path, $stat->uid, $user->name, $user->uid);
- }
-
- if ($stat->mode & S_IWGRP) {
- return sprintf("improper group writability on '%s'", $path);
- }
-
- if ($stat->mode & S_IWOTH) {
- return sprintf("improper other writability on '%s'", $path);
- }
-
- # see the rationalization in secure_filename() in auth.c in the
- # OpenSSH sources for an explanation of this bailout (see also
- # monkeysphere #675):
- if ($path eq $user->dir) {
- mslog('DEBUG', "stopping at %s's home directory '%s'\n", $user->name, $path);
- return undef;
- }
-
- my $nextlevel = dirname($path);
- if ($path eq $nextlevel) { # we bottom out at the root (/ in UNIX)
- return undef;
- }
- return permissions_ok($user, $nextlevel);
-}
-
-my $err = permissions_ok($pw, $path);
-
-if (defined($err)) {
- printf(STDERR "%s%s\n", $ENV{LOG_PREFIX}, $err);
-
- exit(1);
-} else {
- exit(0);
-}
-
=====================================
src/share/common
=====================================
@@ -417,6 +417,43 @@ touch_key_file_or_fail() {
fi
}
+check_perms() {
+ local username="$1"
+ local pathname="$2"
+
+ if [ -z "$username" ]; then
+ log error 'missing username'
+ return 1
+ fi
+ if [ -z "$pathname" ]; then
+ log error 'missing pathname'
+ return 1
+ fi
+ if ! [[ "$pathname" =~ ^/ ]]; then
+ log error 'pathname must be absolute (did not start with a /)'
+ return 1
+ fi
+
+ local homedir=$(realpath "$(get_homedir "$username")")
+ local cur=$(realpath "$pathname")
+ local -a paths=("$cur")
+ while [ "$cur" != "/" ] && [ "$cur" != "$homedir" ]; do
+ cur="${cur%/*}"
+ if [ -z "$cur" ]; then
+ cur=/
+ fi
+ paths+=("$cur")
+ done
+
+ log debug "$(printf 'checking permissions on %s\n' "${paths[@]}")"
+ local trouble=$(find "${paths[@]}" -maxdepth 0 \( \! \( -uid 0 -o -user "$username" \) \) -o -perm /go+w)
+ if [ -n "$trouble" ]; then
+ log error "$(printf 'bad ownership or permissions on file(s): %s' "${trouble//$'\n'/, }")"
+ return 1
+ fi
+}
+
+
# check that a file is properly owned, and that all it's parent
# directories are not group/other writable
check_key_file_permissions() {
@@ -431,7 +468,7 @@ check_key_file_permissions() {
return 0
fi
log debug "checking path permission '$path'..."
- "${SYSSHAREDIR}/checkperms" "$uname" "$path"
+ check_perms "$uname" "$path"
}
# return a list of all users on the system
=====================================
src/share/ma/setup
=====================================
@@ -67,7 +67,7 @@ EOF
if [ -z "$CORE_FPR" ] ; then
log info "setting up Monkeysphere authentication trust core..."
- local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(dd if=/dev/urandom bs=21 count=1 2>/dev/null | perl -MMIME::Base64 -ne 'print encode_base64($_)'))
+ local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(dd if=/dev/urandom bs=21 count=1 2>/dev/null | base64))
printf "generating monkeysphere authentication trust core RSA key:\nsize: %d bits\nuid: '%s'\n" "$CORE_KEYLENGTH" "$CORE_UID" | log debug
gpg_core --pinentry-mode=loopback --passphrase '' --quick-generate-key "$CORE_UID" "rsa$CORE_KEYLENGTH" cert \
=====================================
tests/basic
=====================================
@@ -165,7 +165,7 @@ export DISPLAY=monkeys
## we cannot do proper directory permissions checking if the current
## working directory has unsatisfactory permissions:
-if "$MONKEYSPHERE_SYSSHAREDIR"/checkperms $(whoami) "$TEMPDIR"; then
+if bash -c "$(printf 'source %q/common && check_perms %q %q' "$MONKEYSPHERE_SYSSHAREDIR" "$(whoami)" "$TEMPDIR")"; then
echo "Permissions on temporary directory '$TEMPDIR' are OK for permissions checks."
TEMPDIR_PERMISSIONS_SAFE=yes
else
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/monkeysphere/compare/130cdadc78ca38b3b7aecb86a631a077e8c7bb5e...1d6dc18b29414404613f037d9c26c6ab0bf01008
--
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/monkeysphere/compare/130cdadc78ca38b3b7aecb86a631a077e8c7bb5e...1d6dc18b29414404613f037d9c26c6ab0bf01008
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-commits/attachments/20190517/16b48cc6/attachment-0001.html>
More information about the Pkg-privacy-commits
mailing list