mirror of
https://github.com/RGBCube/serenity
synced 2025-07-26 06:37:35 +00:00
pls: Drastically simplify this program
Since this program is setuid-root, it should be as simple as possible. To that end, remove `/etc/plsusers` and use filesystem permissions to achieve the same thing. `/bin/pls` is now only executable by `root` or members of the `wheel` group. Also remove all the logic that went to great lengths to `unveil()` a minimal set of filesystem paths that may be used for the command. The complexity-to-benefit ratio did not seem justified, and I think we're better off keeping this simple. Finally, remove pledge promises the moment they are no longer needed.
This commit is contained in:
parent
dfd988707c
commit
33f2eeea4a
4 changed files with 43 additions and 184 deletions
|
@ -50,9 +50,6 @@ chmod 660 mnt/etc/WindowServer.ini
|
|||
chown $window_uid:$window_gid mnt/etc/WindowServer.ini
|
||||
echo "/bin/sh" > mnt/etc/shells
|
||||
|
||||
chmod 0400 mnt/etc/plsusers
|
||||
chown 0:0 mnt/etc/plsusers
|
||||
|
||||
chown 0:$wheel_gid mnt/bin/su
|
||||
chown 0:$wheel_gid mnt/bin/passwd
|
||||
chown 0:$wheel_gid mnt/bin/ping
|
||||
|
@ -66,8 +63,8 @@ chown 0:0 mnt/res/kernel.map
|
|||
chmod 0400 mnt/res/kernel.map
|
||||
chmod 0400 mnt/boot/Kernel
|
||||
chmod 4750 mnt/bin/su
|
||||
chmod 4750 mnt/bin/pls
|
||||
chmod 4755 mnt/bin/passwd
|
||||
chmod 4751 mnt/bin/pls
|
||||
chmod 4755 mnt/bin/ping
|
||||
chmod 4755 mnt/bin/traceroute
|
||||
chmod 4750 mnt/bin/reboot
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue