KTH announced a weakness in their implementation of KerberosIV.

FreeBSD was not vulnerable, but their fix had some useful features.
Incorporate the best of those - rcp(1) no longer needs to be SUID
to root.
This commit is contained in:
markm 1998-03-26 18:15:00 +00:00
parent 37c04b1be1
commit 60d2342347
3 changed files with 30 additions and 15 deletions

View File

@ -1,5 +1,5 @@
# @(#)Makefile 8.1 (Berkeley) 7/19/93
# $Id: Makefile,v 1.7 1997/02/22 14:05:18 peter Exp $
# $Id$
PROG= rcp
SRCS= rcp.c util.c
@ -18,8 +18,8 @@ DISTRIBUTION= krb
.PATH: ${.CURDIR}/../../crypto/kerberosIV/appl/bsd
.endif
BINOWN= root
BINMODE=4555
INSTALLFLAGS=-fschg
#BINOWN= root
#BINMODE=4555
#INSTALLFLAGS=-fschg
.include <bsd.prog.mk>

View File

@ -37,4 +37,6 @@
#include <paths.h>
#define _PATH_CP "/bin/cp"
#define _PATH_RCP "/bin/rcp"
#define _PATH_RLOGIN "/usr/bin/rlogin"
#define _PATH_RSH "/usr/bin/rsh"

View File

@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: rcp.c,v 1.16 1997/12/07 20:49:39 wosch Exp $
* $Id$
*/
#ifndef lint
@ -72,8 +72,6 @@ static char const sccsid[] = "@(#)rcp.c 8.2 (Berkeley) 4/2/94";
#include <des.h>
#include <krb.h>
/* #include "../../usr.bin/rlogin/krb.h" */
char dst_realm_buf[REALM_SZ];
char *dest_realm = NULL;
int use_kerberos = 1;
@ -96,6 +94,9 @@ uid_t userid;
int errs, rem;
int pflag, iamremote, iamrecursive, targetshouldbedirectory;
static int argc_copy;
static char **argv_copy;
#define CMDNEEDS 64
char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */
@ -119,6 +120,24 @@ main(argc, argv)
struct servent *sp;
int ch, fflag, tflag;
char *targ, *shell;
int i;
/*
* Prepare for execing ourselves.
*/
argc_copy = argc + 1;
argv_copy = malloc((argc_copy + 1) * sizeof(*argv_copy));
if (argv_copy == NULL)
err(1, "malloc");
argv_copy[0] = argv[0];
argv_copy[1] = "-K";
for(i = 1; i < argc; ++i) {
argv_copy[i + 1] = strdup(argv[i]);
if (argv_copy[i + 1] == NULL)
errx(1, "strdup: out of memory");
}
argv_copy[argc + 1] = NULL;
fflag = tflag = 0;
while ((ch = getopt(argc, argv, OPTIONS)) != -1)
@ -774,10 +793,8 @@ int
kerberos(host, bp, locuser, user)
char **host, *bp, *locuser, *user;
{
struct servent *sp;
again:
if (use_kerberos) {
setuid(getuid());
rem = KSUCCESS;
errno = 0;
if (dest_realm == NULL)
@ -791,15 +808,11 @@ again:
krcmd(host, port, user, bp, 0, dest_realm);
if (rem < 0) {
use_kerberos = 0;
if ((sp = getservbyname("shell", "tcp")) == NULL)
errx(1, "unknown service shell/tcp");
if (errno == ECONNREFUSED)
oldw("remote host doesn't support Kerberos");
else if (errno == ENOENT)
oldw("can't provide Kerberos authentication data");
port = sp->s_port;
goto again;
execv(_PATH_RCP, argv_copy);
}
} else {
#ifdef CRYPT