Issue #10710: `Misc/setuid-prog.c` is removed from the source tree.

20f0fb68 · Antoine Pitrou · c4924379 · 20f0fb68 · 20f0fb68 · c4924379
Commit 20f0fb68 authored Dec 16, 2010 by Antoine Pitrou
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 179 deletions

Misc/NEWS Misc/NEWS +2 -0

Misc/README Misc/README +0 -3

Misc/setuid-prog.c Misc/setuid-prog.c +0 -176

No files found.
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -62,6 +62,8 @@ Tests
 Tools/Demos
 -----------

+- Issue #10710: ``Misc/setuid-prog.c`` is removed from the source tree.
+
 - Issue #10706: Remove outdated script runtests.sh.  Either ``make test``
  or ``python -m test`` should be used instead.


--- a/Misc/README
+++ b/Misc/README
@@ -20,7 +20,6 @@ NEWS                    News for this release (for some meaning of "this")
 NEWS.help               How to edit NEWS
 Porting                 Mini-FAQ on porting to new platforms
 PURIFY.README           Information for Purify users
-pymemcompat.h           Memory interface compatibility file.
 python-config.in        Python script template for python-config
 python.man              UNIX man page for the python interpreter
 python-mode.el          Emacs mode for editing Python programs
@@ -31,9 +30,7 @@ README.coverity         Information about running Coverity's Prevent on Python
 README.klocwork         Information about running Klocwork's K7 on Python
 README.OpenBSD          Help for building problems on OpenBSD
 README.valgrind         Information for Valgrind users, see valgrind-python.supp
-RFD                     Request For Discussion about a Python newsgroup
 RPM                     (Old) tools to build RPMs
-setuid-prog.c           C helper program for set-uid Python scripts
 SpecialBuilds.txt       Describes extra symbols you can set for debug builds
 TextMate                A TextMate bundle for Python development
 valgrind-python.supp    Valgrind suppression file, see README.valgrind

--- a/Misc/setuid-prog.c
+++ b/Misc/setuid-prog.c
-/*
-   Template for a setuid program that calls a script.
-
-   The script should be in an unwritable directory and should itself
-   be unwritable.  In fact all parent directories up to the root
-   should be unwritable.  The script must not be setuid, that's what
-   this program is for.
-
-   This is a template program.  You need to fill in the name of the
-   script that must be executed.  This is done by changing the
-   definition of FULL_PATH below.
-
-   There are also some rules that should be adhered to when writing
-   the script itself.
-
-   The first and most important rule is to never, ever trust that the
-   user of the program will behave properly.  Program defensively.
-   Check your arguments for reasonableness.  If the user is allowed to
-   create files, check the names of the files.  If the program depends
-   on argv[0] for the action it should perform, check it.
-
-   Assuming the script is a Bourne shell script, the first line of the
-   script should be
-    #!/bin/sh -
-   The - is important, don't omit it.  If you're using esh, the first
-   line should be
-    #!/usr/local/bin/esh -f
-   and for ksh, the first line should be
-    #!/usr/local/bin/ksh -p
-   The script should then set the variable IFS to the string
-   consisting of <space>, <tab>, and <newline>.  After this (*not*
-   before!), the PATH variable should be set to a reasonable value and
-   exported.  Do not expect the PATH to have a reasonable value, so do
-   not trust the old value of PATH.  You should then set the umask of
-   the program by calling
-    umask 077 # or 022 if you want the files to be readable
-   If you plan to change directories, you should either unset CDPATH
-   or set it to a good value.  Setting CDPATH to just ``.'' (dot) is a
-   good idea.
-   If, for some reason, you want to use csh, the first line should be
-    #!/bin/csh -fb
-   You should then set the path variable to something reasonable,
-   without trusting the inherited path.  Here too, you should set the
-   umask using the command
-    umask 077 # or 022 if you want the files to be readable
-*/
-
-#include <unistd.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <string.h>
-
-/* CONFIGURATION SECTION */
-
-#ifndef FULL_PATH       /* so that this can be specified from the Makefile */
-/* Uncomment the following line:
-#define FULL_PATH       "/full/path/of/script"
-* Then comment out the #error line. */
-#error "You must define FULL_PATH somewhere"
-#endif
-#ifndef UMASK
-#define UMASK           077
-#endif
-
-/* END OF CONFIGURATION SECTION */
-
-#if defined(__STDC__) && defined(__sgi)
-#define environ _environ
-#endif
-
-/* don't change def_IFS */
-char def_IFS[] = "IFS= \t\n";
-/* you may want to change def_PATH, but you should really change it in */
-/* your script */
-#ifdef __sgi
-char def_PATH[] = "PATH=/usr/bsd:/usr/bin:/bin:/usr/local/bin:/usr/sbin";
-#else
-char def_PATH[] = "PATH=/usr/ucb:/usr/bin:/bin:/usr/local/bin";
-#endif
-/* don't change def_CDPATH */
-char def_CDPATH[] = "CDPATH=.";
-/* don't change def_ENV */
-char def_ENV[] = "ENV=:";
-
-/*
-   This function changes all environment variables that start with LD_
-   into variables that start with XD_.  This is important since we
-   don't want the script that is executed to use any funny shared
-   libraries.
-
-   The other changes to the environment are, strictly speaking, not
-   needed here.  They can safely be done in the script.  They are done
-   here because we don't trust the script writer (just like the script
-   writer shouldn't trust the user of the script).
-   If IFS is set in the environment, set it to space,tab,newline.
-   If CDPATH is set in the environment, set it to ``.''.
-   Set PATH to a reasonable default.
-*/
-void
-clean_environ(void)
-{
-    char **p;
-    extern char **environ;
-
-    for (p = environ; *p; p++) {
-        if (strncmp(*p, "LD_", 3) == 0)
-            **p = 'X';
-        else if (strncmp(*p, "_RLD", 4) == 0)
-            **p = 'X';
-        else if (strncmp(*p, "PYTHON", 6) == 0)
-            **p = 'X';
-        else if (strncmp(*p, "IFS=", 4) == 0)
-            *p = def_IFS;
-        else if (strncmp(*p, "CDPATH=", 7) == 0)
-            *p = def_CDPATH;
-        else if (strncmp(*p, "ENV=", 4) == 0)
-            *p = def_ENV;
-    }
-    putenv(def_PATH);
-}
-
-int
-main(int argc, char **argv)
-{
-    struct stat statb;
-    gid_t egid = getegid();
-    uid_t euid = geteuid();
-
-    /*
-       Sanity check #1.
-       This check should be made compile-time, but that's not possible.
-       If you're sure that you specified a full path name for FULL_PATH,
-       you can omit this check.
-    */
-    if (FULL_PATH[0] != '/') {
-        fprintf(stderr, "%s: %s is not a full path name\n", argv[0],
-            FULL_PATH);
-        fprintf(stderr, "You can only use this wrapper if you\n");
-        fprintf(stderr, "compile it with an absolute path.\n");
-        exit(1);
-    }
-
-    /*
-       Sanity check #2.
-       Check that the owner of the script is equal to either the
-       effective uid or the super user.
-    */
-    if (stat(FULL_PATH, &statb) < 0) {
-        perror("stat");
-        exit(1);
-    }
-    if (statb.st_uid != 0 && statb.st_uid != euid) {
-        fprintf(stderr, "%s: %s has the wrong owner\n", argv[0],
-            FULL_PATH);
-        fprintf(stderr, "The script should be owned by root,\n");
-        fprintf(stderr, "and shouldn't be writable by anyone.\n");
-        exit(1);
-    }
-
-    if (setregid(egid, egid) < 0)
-        perror("setregid");
-    if (setreuid(euid, euid) < 0)
-        perror("setreuid");
-
-    clean_environ();
-
-    umask(UMASK);
-
-    while (**argv == '-')       /* don't let argv[0] start with '-' */
-        (*argv)++;
-    execv(FULL_PATH, argv);
-    fprintf(stderr, "%s: could not execute the script\n", argv[0]);
-    exit(1);
-}