* Security: Citadel now drops privileges when called from telnetd, also

  checks to make sure you didn't set the setuid/setgid bits.  No more
  loginwrapper.sh!

diff --git a/citadel/ChangeLog b/citadel/ChangeLog
index 79741b0ab0fb4fb511220698ebeee92440906595..b787be26616506b468563e12cb8b0e77310adfc7 100644 (file)
--- a/citadel/ChangeLog
+++ b/citadel/ChangeLog
@@ -1,4 +1,9 @@
  $Log$
+ Revision 590.25  2001/12/30 05:50:46  error
+ * Security:  Citadel now drops privileges when called from telnetd, also
+   checks to make sure you didn't set the setuid/setgid bits.  No more
+   loginwrapper.sh!
+
  Revision 590.24  2001/12/29 05:19:32  ajc
  * Minor cosmetic hack
 
@@ -3028,4 +3033,3 @@ Sat Jul 11 00:20:48 EDT 1998 Nathan Bryant <bryant@cs.usm.maine.edu>
 
 Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
        * Initial CVS import 
-

diff --git a/citadel/citadel.c b/citadel/citadel.c
index 1ab7e9cdb6590467a8f948db3b9ead2fc815355b..1534b02b97da005472600faf88531de2b484d35a 100644 (file)
--- a/citadel/citadel.c
+++ b/citadel/citadel.c
@@ -882,6 +882,15 @@ int main(int argc, char **argv)
        int stored_password = 0;
        char password[SIZ];
 
+       /* Permissions sanity check - don't run citadel setuid/setgid */
+       if (getuid() != geteuid()) {
+               fprintf(stderr, "Please do not run citadel setuid!\n");
+               logoff(3);
+       } else if (getgid() != getegid()) {
+               fprintf(stderr, "Please do not run citadel setgid!\n");
+               logoff(3);
+       }
+
        sttybbs(SB_SAVE);       /* Store the old terminal parameters */
        load_command_set();     /* parse the citadel.rc file */
        sttybbs(SB_NO_INTR);    /* Install the new ones */
@@ -899,6 +908,36 @@ int main(int argc, char **argv)
                        argc = shift(argc, argv, a, 2);
                }
                if (!strcmp(argv[a], "-p")) {
+                       struct stat st;
+               
+                       if (chdir(BBSDIR) < 0) {
+                               perror("can't change to " BBSDIR);
+                               logoff(3);
+                       }
+
+                       /*
+                        * Drop privileges if necessary. We stat
+                        * citadel.config to get the uid/gid since it's
+                        * guaranteed to have the uid/gid we want.
+                        */
+                       if (!getuid() || !getgid()) {
+                               if (stat(BBSDIR "/citadel.config", &st) < 0) {
+                                       perror("couldn't stat citadel.config");
+                                       logoff(3);
+                               }
+                               if (!getgid() && (setgid(st.st_gid) < 0)) {
+                                       perror("couldn't change gid");
+                                       logoff(3);
+                               }
+                               if (!getuid() && (setuid(st.st_uid) < 0)) {
+                                       perror("couldn't change uid");
+                                       logoff(3);
+                               }
+                               /*
+                               printf("Privileges changed to uid %d gid %d\n",
+                                               getuid(), getgid());
+                               */
+                       }
                        argc = shift(argc, argv, a, 1);
                }
        }

diff --git a/citadel/docs/install.txt b/citadel/docs/install.txt
index 4cef01579f1d86de64176fe0d12d7226bd12b161..49b4281f2cb1afa46a1512587036ac7aa01ebaa0 100644 (file)
--- a/citadel/docs/install.txt
+++ b/citadel/docs/install.txt
@@ -105,10 +105,26 @@ computer.
  If you normally log in to your host system using some method other than
 telnet (such as ssh), you might want the telnet service to go straight to
 the Citadel BBS, instead of displaying the "login:" prompt first.  You can
-do this using the "loginwrapper.sh" wrapper program.
+do this by having telnetd start citadel directly instead of /bin/login.
+
+ An example for inetd:
  
- telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd -L /usr/local/citadel/loginwrapper.sh
-  
+ telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd -L /usr/local/citadel/citadel
+ 
+ An example for xinetd:
+
+ service telnet
+ {
+         flags           = REUSE
+        socket_type     = stream
+        wait            = no
+        user            = root
+        server          = /usr/sbin/in.telnetd
+        server_args     = -L /usr/local/citadel/citadel
+        log_on_failure  += USERID
+        disable         = no
+ }
+
  Please make sure you know what you're doing before you install this!
   
      

diff --git a/citadel/loginwrapper.sh b/citadel/loginwrapper.sh
index 41373e2b5326246ab677d7974492692bc7878082..b72298b6933ce416eefa131f0b495c5b2c889144 100755 (executable)
--- a/citadel/loginwrapper.sh
+++ b/citadel/loginwrapper.sh
@@ -1,3 +1,3 @@
 #!/bin/sh
-
-exec /bin/login $* bbs
+# This file is obsolete.  See docs/install.txt
+#exec /bin/login $* bbs