summaryrefslogtreecommitdiff
path: root/src/listinfo-wrapper.c
blob: fd42fe131588e9058ad1ccdc09e536a18848a333 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

/*
** generic wrapper that will take info from a environment 
** variable, and pass it to two commands.
**
** 10-17-96 : Hal Schechner
** 12-14-96 : John Viega -- changed to work on 1 command, 
**                          take a list of valid commands,
**                          just pass on argv, and use execvp()
**                          Also threw in some useful feedback for when there's
**                          a failure, mainly for future debugging.
**
** Chmod this bitch 4755.
**
*/
#include <stdio.h>

const char *COMMAND = "/home/mailman/mailman/cgi/listinfo";


/* Might want to make this full path.  
   I can write whatever program named sendmail,
   so this isn't much for security.
*/
const char *LEGAL_PARENT_NAMES[] = {
  "httpd",
  NULL /* Sentinal, don't remove */
};

/* Should make these arrays too... */
const int  LEGAL_PARENT_UID = 60001;  /* nobody's UID */
const int  LEGAL_PARENT_GID = 60001; /* nobody's GID */


/*
** what is the name of the process with pid of 'pid'
*/
char *get_process_name(int pid) {
    FILE *proc;
    char fname[30];
    char tmp[255];
    static char procname[255];
    sprintf(fname, "/proc/%d/status", pid);
    proc = fopen(fname, "r");
    fgets(tmp, 256, proc);
    sscanf(tmp, "Name:   %s\n", procname);
    fclose(proc);
    return procname;
}


int valid_parent(char *parent){
  int i = 0;

  while(LEGAL_PARENT_NAMES[i] != NULL)
    {
      if(!strcmp(parent, LEGAL_PARENT_NAMES[i]))
	{
	  return 1;
	}
      i++;
    }
  return 0;
}

/* 
** is the parent process allowed to call us?
*/
int legal_caller() {
    /* compare to our parent's uid */
    if(LEGAL_PARENT_UID != getuid()) 
      {
	printf("GOT UID %d.\n", getuid());
        return 0;
      }
    if(LEGAL_PARENT_GID != getgid())
      {
	printf("GOT GID %d.\n", getgid());
        return 0;
      }
    return 1;
}

void main(int argc, char **argv, char **env) {
  char  *command;
  int   i;
  command = (char *)malloc(sizeof(char) * i);

  if(legal_caller()) {
    argv[0] = (char *)COMMAND;
    execve(COMMAND, argv, env);
  }
    else {
      printf("Illegal caller!\n");
    }
}
generated by cgit v1.2.3-70-g09d2 (git 2.52.0) at 2025-12-10 23:05:32 +0000