You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tdebase/kdmlib/kdmtsak.h

144 lines
3.8 KiB

/*
This file is part of the TDE project
Copyright (C) 2011 Timothy Pearson <kb9vqf@pearsoncomputing.net>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public License
along with this library; see the file COPYING.LIB. If not, write to
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#include <dirent.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/select.h>
#include <sys/time.h>
#include <termios.h>
#include <signal.h>
#include <tqstring.h>
#include "config.h"
// #define DEBUG
inline int tde_sak_verify_calling_process()
{
bool authorized = false;
// Root always has access to everything...
if (getuid() == 0) {
return 0;
}
pid_t parentproc = getppid();
#ifdef DEBUG
printf("Parent pid is: %d\n\r", parentproc);
#endif
char parentexecutable[8192];
TQString procparent = TQString("/proc/%1/exe").arg(parentproc);
int chars = readlink(procparent.ascii(), parentexecutable, sizeof(parentexecutable));
parentexecutable[chars] = 0;
parentexecutable[8191] = 0;
procparent = parentexecutable;
#ifdef DEBUG
printf("Parent executable name and full path is: %s\n\r", procparent.ascii());
#endif
TQString tdeBinaryPath = TQString(KDE_BINDIR "/");
#ifdef DEBUG
printf("The TDE binary path is: %s\n\r", tdeBinaryPath.ascii());
#endif
if (!procparent.startsWith(tdeBinaryPath)) {
printf("Unauthorized path detected in calling process\n\r");
return 2;
}
else {
procparent = procparent.mid(tdeBinaryPath.length());
#ifdef DEBUG
printf("Parent executable name is: %s\n\r", procparent.ascii());
#endif
if ((procparent == "kdesktop") || (procparent == "kdesktop_lock") || (procparent == "kdm")) {
authorized = true;
}
else if (procparent == "tdeinit") {
printf("tdeinit detected\n\r");
// A bit more digging is needed to see if this is an authorized process or not
// Get the tdeinit command
char tdeinitcmdline[8192];
FILE *fp = fopen(TQString("/proc/%1/cmdline").arg(parentproc).ascii(),"r");
if (fp != NULL) {
if (fgets (tdeinitcmdline, 8192, fp) != NULL)
fclose (fp);
}
tdeinitcmdline[8191] = 0;
TQString tdeinitCommand = tdeinitcmdline;
// Also get the environment, specifically the path
TQString tdeinitEnvironment;
char tdeinitenviron[8192];
fp = fopen(TQString("/proc/%1/environ").arg(parentproc).ascii(),"r");
if (fp != NULL) {
int c;
int pos = 0;
do {
c = fgetc(fp);
tdeinitenviron[pos] = c;
pos++;
if (c == 0) {
TQString curEnvLine = tdeinitenviron;
if (curEnvLine.startsWith("PATH=")) {
tdeinitEnvironment = curEnvLine.mid(5);
}
pos = 0;
}
} while ((c != EOF) && (pos < 8192));
fclose (fp);
}
tdeinitenviron[8191] = 0;
#ifdef DEBUG
printf("Called executable name is: %s\n\r", tdeinitCommand.ascii());
printf("Environment is: %s\n\r", tdeinitEnvironment.ascii());
#endif
if ((tdeinitCommand == "kdesktop [tdeinit]") && (tdeinitEnvironment.startsWith(KDE_BINDIR))) {
authorized = true;
}
else {
return 4;
}
}
else {
printf("Unauthorized calling process detected\n\r");
return 3;
}
if (authorized == true) {
return 0;
}
}
return 5;
}
#undef DEBUG