From b62415943878891ce000b9e0b414354b60047876 Mon Sep 17 00:00:00 2001 From: babak sarashki Date: Tue, 2 Jul 2019 14:09:28 -0700 Subject: [PATCH 1/2] cgcs-users with patch ibsh patches Applied ibsh-0.3e-cgcs.patch and copyright patch. --- base/cgcs-users/cgcs-users-1.0/BUGS | 19 + base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS | 7 + base/cgcs-users/cgcs-users-1.0/COPYING | 340 ++++++++++++++++++ base/cgcs-users/cgcs-users-1.0/COPYRIGHT | 17 + base/cgcs-users/cgcs-users-1.0/INSTALL | 23 ++ base/cgcs-users/cgcs-users-1.0/Makefile | 56 +++ base/cgcs-users/cgcs-users-1.0/README | 29 ++ base/cgcs-users/cgcs-users-1.0/Release | 17 + base/cgcs-users/cgcs-users-1.0/TODO | 10 + base/cgcs-users/cgcs-users-1.0/VERSION | 1 + base/cgcs-users/cgcs-users-1.0/antixploit.c | 131 +++++++ base/cgcs-users/cgcs-users-1.0/command.c | 209 +++++++++++ base/cgcs-users/cgcs-users-1.0/config.c | 179 +++++++++ base/cgcs-users/cgcs-users-1.0/delbadfiles.c | 239 ++++++++++++ .../cgcs-users-1.0/example.allowall.xtns | 28 ++ .../cgcs-users-1.0/example.denyall.xtns | 2 + base/cgcs-users/cgcs-users-1.0/execute.c | 159 ++++++++ base/cgcs-users/cgcs-users-1.0/globals.cmds | 8 + base/cgcs-users/cgcs-users-1.0/globals.xtns | 3 + base/cgcs-users/cgcs-users-1.0/ibsh.h | 126 +++++++ base/cgcs-users/cgcs-users-1.0/jail.c | 101 ++++++ base/cgcs-users/cgcs-users-1.0/main.c | 239 ++++++++++++ base/cgcs-users/cgcs-users-1.0/misc.c | 52 +++ 23 files changed, 1995 insertions(+) create mode 100644 base/cgcs-users/cgcs-users-1.0/BUGS create mode 100644 base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS create mode 100644 base/cgcs-users/cgcs-users-1.0/COPYING create mode 100644 base/cgcs-users/cgcs-users-1.0/COPYRIGHT create mode 100644 base/cgcs-users/cgcs-users-1.0/INSTALL create mode 100644 base/cgcs-users/cgcs-users-1.0/Makefile create mode 100644 base/cgcs-users/cgcs-users-1.0/README create mode 100644 base/cgcs-users/cgcs-users-1.0/Release create mode 100644 base/cgcs-users/cgcs-users-1.0/TODO create mode 100644 base/cgcs-users/cgcs-users-1.0/VERSION create mode 100644 base/cgcs-users/cgcs-users-1.0/antixploit.c create mode 100644 base/cgcs-users/cgcs-users-1.0/command.c create mode 100644 base/cgcs-users/cgcs-users-1.0/config.c create mode 100644 base/cgcs-users/cgcs-users-1.0/delbadfiles.c create mode 100644 base/cgcs-users/cgcs-users-1.0/example.allowall.xtns create mode 100644 base/cgcs-users/cgcs-users-1.0/example.denyall.xtns create mode 100644 base/cgcs-users/cgcs-users-1.0/execute.c create mode 100644 base/cgcs-users/cgcs-users-1.0/globals.cmds create mode 100644 base/cgcs-users/cgcs-users-1.0/globals.xtns create mode 100644 base/cgcs-users/cgcs-users-1.0/ibsh.h create mode 100644 base/cgcs-users/cgcs-users-1.0/jail.c create mode 100644 base/cgcs-users/cgcs-users-1.0/main.c create mode 100644 base/cgcs-users/cgcs-users-1.0/misc.c diff --git a/base/cgcs-users/cgcs-users-1.0/BUGS b/base/cgcs-users/cgcs-users-1.0/BUGS new file mode 100644 index 0000000..7dacaab --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/BUGS @@ -0,0 +1,19 @@ +** Open BUGS ** +None, so far. + +** Fixed BUGS ** +- Input length checking on all inputs, string copies, etc. is fixed. +- The myscanf function will no longer accept more then 80 chars at once, +so ibsh hopefully wont crash on a too long input. +- Added signal.h in the header file, the lack of it caused compilation +problems on some systems. +- Fixed the infinite loop in DelBadFiles. This function is temporarily +taken out of the project +- Removed the involvment of /bin/sh from system. Added path checking. +- In jail root, not only ../ is not allowed, but .. too. +- Fixed a bug, that happened on bsd, when the user pressed ^D. +- Fixed a bug with opendir +- Fixed a format string vulnerability in logprintbadfile(). Thanks to +Kim Streich for the report. + +2005.05.23 diff --git a/base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS b/base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS new file mode 100644 index 0000000..35ca436 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS @@ -0,0 +1,7 @@ +CONTRIBUTORS TO PROJECT IBSH + +Kim Streich + * bug finder, debugger, tester. + +RazoR (Nikolay Alexandrov) + * bug finder, debugger, tester. diff --git a/base/cgcs-users/cgcs-users-1.0/COPYING b/base/cgcs-users/cgcs-users-1.0/COPYING new file mode 100644 index 0000000..d60c31a --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/base/cgcs-users/cgcs-users-1.0/COPYRIGHT b/base/cgcs-users/cgcs-users-1.0/COPYRIGHT new file mode 100644 index 0000000..7507d05 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/COPYRIGHT @@ -0,0 +1,17 @@ +This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell +Copyright (C) 2005 Attila Nagyidai + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + diff --git a/base/cgcs-users/cgcs-users-1.0/INSTALL b/base/cgcs-users/cgcs-users-1.0/INSTALL new file mode 100644 index 0000000..42b1866 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/INSTALL @@ -0,0 +1,23 @@ +Installing ibsh is really easy, so no need for the usual sections +in this document. There is no configure script either, so if +something wrong, make will fail. + +# make ibsh +# make ibsh_install + +Optionally: + +# make clean + + +To uninstall ibsh: + +# make ibsh_uninstall + + +Of course you will have to enable this shell by: +# echo /bin/ibsh >> /etc/shells +or however you like it. +And make sure the permissions read 0755 ! + +2005.03.24. diff --git a/base/cgcs-users/cgcs-users-1.0/Makefile b/base/cgcs-users/cgcs-users-1.0/Makefile new file mode 100644 index 0000000..ed37d00 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/Makefile @@ -0,0 +1,56 @@ +# This is the makefile for ibsh 0.3e +CC = gcc +OBJECTS = main.o command.o jail.o execute.o config.o misc.o antixploit.o delbadfiles.o + +ibsh: ${OBJECTS} ibsh.h + ${CC} -o ibsh ${OBJECTS} + +main.o: main.c ibsh.h + ${CC} -c main.c + +command.o: command.c ibsh.h + ${CC} -c command.c + +jail.o: jail.c ibsh.h + ${CC} -c jail.c + +execute.o: execute.c ibsh.h + ${CC} -c execute.c + +config.o: config.c ibsh.h + ${CC} -c config.c + +misc.o: misc.c ibsh.h + ${CC} -c misc.c + +antixploit.o: antixploit.c ibsh.h + ${CC} -c antixploit.c + +delbadfiles.o: delbadfiles.c ibsh.h + ${CC} -c delbadfiles.c + +ibsh_install: + cp ./ibsh /bin/ + mkdir /etc/ibsh + mkdir /etc/ibsh/cmds + mkdir /etc/ibsh/xtns + cp ./globals.cmds /etc/ibsh/ + cp ./globals.xtns /etc/ibsh/ + +ibsh_uninstall: + rm -rf /etc/ibsh/globals.cmds + rm -rf /etc/ibsh/globals.xtns + rm -rf /etc/ibsh/cmds/*.* + rm -rf /etc/ibsh/xtns/*.* + rmdir /etc/ibsh/cmds + rmdir /etc/ibsh/xtns + rmdir /etc/ibsh + rm -rf /bin/ibsh + +clean: + rm -rf ibsh + rm -rf *.o + + +# 13:49 2005.04.06. + diff --git a/base/cgcs-users/cgcs-users-1.0/README b/base/cgcs-users/cgcs-users-1.0/README new file mode 100644 index 0000000..2035e57 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/README @@ -0,0 +1,29 @@ + Iron Bars SHell - a restricted interactive shell. + +Overview + + For long i have been in the search of a decent restricted shell, but in vain. + The few i found, were really easy to hack, and there were quite a few docs + around on the web about hacking restricted shells with a menu interface. + For my definitions, a restricted shell must not only prevent the user to + escape her jail, but also not to access any files outside the jail. + The system administrator must have total control over the restricted shell. + These are the major features incorporated and realized by ibsh. + + +Features + + Please read the changelog. + + +Installation + + Read the INSTALL file. + + +Contact + See Authors file. + + +Attila Nagyidai +2005.05.23. diff --git a/base/cgcs-users/cgcs-users-1.0/Release b/base/cgcs-users/cgcs-users-1.0/Release new file mode 100644 index 0000000..e6cb9f3 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/Release @@ -0,0 +1,17 @@ +This release introduces minor bugfixes, and important new and renewed features. +Erasing evil files in the home directory of the user is incorporated again, with +many improvements. First of all: no file will be erased! Only the access to them +will be blocked. The extension policy has changed, now ibsh blocks those extensions, +that are NOT listed. This goes in sync with the usual method of operation of ibsh. +The execute permission of files in the user space, will be removed. +New customizing features were added: each user now can have her own commands and +extensions file, created and maintained by the system administrator. Some users +(employees) may require access to special programs. User configuration files allow +this access only those, who need it, not for everybody. +Ibsh now scans not only the extensions of files, but the content too! Whatever the permission +for a certain file exists, if that contains source code, or is a linux binary, access +will be blocked. +The absolute path for the users is now limited to 255 characters. Longer, already +existing filenames will be renamed. + +06/04/2005 diff --git a/base/cgcs-users/cgcs-users-1.0/TODO b/base/cgcs-users/cgcs-users-1.0/TODO new file mode 100644 index 0000000..9a8de60 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/TODO @@ -0,0 +1,10 @@ +TODO + + - tab completion. + - shell variables. + - some changes to the prompt, maybe variable prompt. + - history + - to be able to use corporate, or other large/complicated programs in a safe + working environment, yet be able to share files/work with others. + +2005.05.23. diff --git a/base/cgcs-users/cgcs-users-1.0/VERSION b/base/cgcs-users/cgcs-users-1.0/VERSION new file mode 100644 index 0000000..aaf9552 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/VERSION @@ -0,0 +1 @@ +IBSH v0.3e diff --git a/base/cgcs-users/cgcs-users-1.0/antixploit.c b/base/cgcs-users/cgcs-users-1.0/antixploit.c new file mode 100644 index 0000000..79ac9e4 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/antixploit.c @@ -0,0 +1,131 @@ +/* + Created: 03.19.05 11:34:57 by Attila Nagyidai + + $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $ + + This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell + Copyright (C) 2005 Attila Nagyidai + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Author: Attila Nagyidai + Email: na@ent.hu + + Co-Author: Shy + Email: shy@cpan.org + + Co-Author: Witzy + Email: stazzz@altern.org + + URL: http://ibsh.sourceforge.net + IRC: irc.freenode.net #ibsh + RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/ + +*/ + +/* Header files */ +#include "ibsh.h" + + +void lshift( char *line ) +{ + int i = 0; + + for (i=0; i (255 - 80 - 1) ) { + linesize = 255 - strlen(abspath) - 1; /* thats for the / */ + } + + while ( ((c = getchar()) != 10) && ( i < linesize ) ) { + //printf("%d", c); + if (c > 127) { + c = 0; + //ungetc(c, stdin); + //fflush(stdin); + break; + } + if ( c < 0 ) { + ungetc(c, stdin); + openlog("ibsh", LOG_PID, LOG_AUTH); + syslog(LOG_INFO, "user %s has logged out.", loggedin.uname); + closelog(); + exit(0); + } + chars[i] = c; + /* the user is not allowed to pass long lines of trash to ibsh */ + i++; + } + chars[i] = '\0'; + strncpy(vptr,chars,STRING_SIZE-1); + vptr[STRING_SIZE-1] = '\0'; +} + + +/* Checks, if the user command, is blacklisted, a hack attempt, */ +/* or it is a real and allowed command. */ +/* Technical Description: */ +/* Variables: pointer for the strtok, temporary strings, counters, */ +/* and an integer to check, how deep is the user in the jail. That is */ +/* the level of subdirectories below jail root. It is set to -1, because */ +/* there is always a / in the jailpath. So only subdir /'s are counted. */ +/* Check if the command contains special characters, if yes, quit. */ +/* If the user is in jailroot, a ../ is not appropriate! */ +/* Count the slashes in the jailpath, so if the user uses way too many */ +/* ../ 's, then we will know. Split the command to particles by the spaces. */ +/* Count the dirups (../); if a token starts with a /, paste the homedir path */ +/* right in front of it. Thats your root booby, not / !!!! */ +/* Finally check the command against the COMMANDS_LIST. */ +int CommandOK( const char *thecommand, const char *rootdir, +const char *jailpath, char *newcommand ) +{ + char *tok; + char temp1[STRING_SIZE], *temp2; + int i = 0, j = 0; + int subdirlevel = -1; /* jailpath always starts with a / */ + int dirupfound = 0; + int listed = 0; + + /* First, get the fancy stuff: */ + /* ../ out of the jailroot, too many ../ out of some */ + /* subdirectory in the jail, multiple commands, pipes. */ + bzero(newcommand,STRING_SIZE); + + if ( (strstr(thecommand, ";")) != NULL ) { + return 0; + } + if ( (strstr(thecommand, "|")) != NULL ) { + return 0; + } + if ( (strstr(thecommand, "&")) != NULL ) { + return 0; + } + if ( (strstr(thecommand, "&&")) != NULL ) { + return 0; + } + if ( (strstr(thecommand, "||")) != NULL ) { + return 0; + } + /* The user is in the jailroot. */ + if ( (strcmp(jailpath, "/")) == 0 ) { + /* Does the user wish to get out ? */ + if ( (strstr(thecommand, "..")) != NULL ) { + return 0; + } + } + /* The user is deeper, than the jailroot, and */ + /* this is a problem. How deep is he, how many */ + /* ../ do we allow ?? */ + else { + for (i = 0; i < strlen(jailpath); i++) { + if ( jailpath[i] == '/' ) { + subdirlevel++; + } + } + } + + /* Split the command */ + for (tok = strtok((void *) thecommand, " "); tok; tok = strtok(0, " ")) { + /* Separate parts of the command with a space */ + if ( (strlen(newcommand)) > 0 ) { + strncat(newcommand," ", STRING_SIZE-strlen(newcommand)-1); + } + + /* He wants to get to the real root, does he ? */ + /* In that case, add the jailroot to the left. */ + if ( tok[0] == '/' ) { + strncat(newcommand,rootdir,STRING_SIZE-strlen(newcommand)-1); + } + + /* how many ../ are here */ + /* if too many, that is more, then how deep */ + /* the user in the subdirs inside the jail is, */ + /* cancel the execution of the command. */ + if ( (strstr(tok, "../")) != NULL ) { + strncpy(temp1,tok,sizeof(temp1)-1); + temp1[sizeof(temp1)-1] = '\0'; + + while (1) { + temp2 = strstr(temp1, "../"); + if ( temp2 == NULL ) { + break; + } + LTrim3(temp2, temp1); + dirupfound++; + } + if ( dirupfound > subdirlevel ) { + return 0; + } + /* replace dirups with real path */ + for (i = 0; i < dirupfound; i++) { + PathMinusOne(jailpath, tok, subdirlevel,sizeof(tok)); + } + } + /* if command is not listed, return 0 */ + i = 0; + while ( ((strlen(commands[i])) > 0) && ( j == 0 ) ) { + if ( (strcmp(tok, commands[i])) == 0 ) { + listed = 1; + break; + } + i++; + } + j++; + strncat(newcommand,tok,STRING_SIZE-strlen(newcommand)-1); + +} +#ifdef DEBUG + printf("old: %s; new: %s; ok: %d\n", thecommand, newcommand, listed); +#endif + return listed; +} + + diff --git a/base/cgcs-users/cgcs-users-1.0/config.c b/base/cgcs-users/cgcs-users-1.0/config.c new file mode 100644 index 0000000..8e2af23 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/config.c @@ -0,0 +1,179 @@ +/* + Created: 03.19.05 11:34:57 by Attila Nagyidai + + $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $ + + This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell + Copyright (C) 2005 Attila Nagyidai + + Copyright(c) 2013-2017 Wind River Systems, Inc. All rights reserved. + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Author: Attila Nagyidai + Email: na@ent.hu + + Co-Author: Shy + Email: shy@cpan.org + + Co-Author: Witzy + Email: stazzz@altern.org + + URL: http://ibsh.sourceforge.net + IRC: irc.freenode.net #ibsh + RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/ + +*/ + +/* Header files */ +#include "ibsh.h" + +extern Strng commands[MAX_ITEMS]; +extern Strng extensions[MAX_ITEMS]; + +/* Shy's improved version of the original (and not well working) loadconfig. */ +/* Reads both config files, and parses the contents into arrays. */ +/* This one effectively dismisses every comment from the files. */ +/* Technical Description: */ +/* Variables: file pointer, counters, temporary string arrays. */ +/* The method is the same for both files. First open the file, catch */ +/* any errors. Read file 'til eof. Not read comments (starting with '#'), */ +/* remove trailing newline character. Copy the finished item to the */ +/* pass-by-address arguments. */ +int LoadConfig( void ) +{ + FILE *fp; + int i = 0; + char *file_user; + + Strng tmp[MAX_ITEMS]; + Strng tmp2[MAX_ITEMS]; + + /* COMMAND CONFIG !!!! */ + file_user = (char *)malloc(strlen(loggedin.uname) + strlen(COMMANDS_DIR) + strlen(".cmds") + 2); + + if(loggedin.uname != NULL) + sprintf(file_user, "%s/%s.cmds", COMMANDS_DIR, loggedin.uname); + else{ + free(file_user); + return -1; + } + + /* Open global config,if not present go out !!! */ + if((fp = fopen(COMMANDS_FILE,"r")) == NULL) { + OPENLOG; + syslog(LOG_ERR, "ibsh panic! Global commands file %s can not be read.", COMMANDS_FILE); + CLOSELOG; + exit(0); + } + + while (!feof(fp) && (id_name); +#endif + if ( (lstat(list->d_name, &attr)) < 0 ) + continue; + + // rename long path names +#ifdef DEBUG + printf("length: %d;\n", (strlen(basedir) + strlen(list->d_name) + 2) ); +#endif + if ( (strlen(basedir) + strlen(list->d_name) + 2) > 255 ) { + snprintf(tmp, 255 - strlen(basedir) - 2, "%s", list->d_name); + rename(list->d_name, tmp); +#ifdef DEBUG + printf("%s renamed to %s !\n", list->d_name, tmp); +#endif + if ( (antixploit(basedir, tmp)) == 1 ) { + removeAllRights(list->d_name, &attr); + } + if (isExecutable(&attr)) { + makeUnexecutable(tmp, &attr); + } + continue; + } + + if ( S_ISDIR(attr.st_mode) ) { /* in the case of a directory */ + if ( ((strcmp(list->d_name, ".")) != 0) && ((strcmp(list->d_name, "..")) != 0) ) { +#ifdef DEBUG + printf("recursive call for %s\n", list->d_name); +#endif + DelBadFiles(list->d_name); /* recursively look for bad files in this directory */ + chdir (".."); + } + } else if ( S_ISLNK(attr.st_mode) ) { /* in the case of a symlink */ + if ( symlinkGoesOuttaJail(list->d_name) ) { +#ifdef DEBUG + printf("symlinkoutofjail: %s\n", list->d_name); +#endif + if (unlink(list->d_name) == 0) { + bzero (tmp, sizeof(tmp)); + snprintf (tmp, sizeof(tmp)-1, "Illegal symbolic link %s was erased. Contact the sysadmin for policy.\n", list->d_name); + logPrintBadfile (tmp); + } + } + } else if (hasSomeRwxRights(&attr)) { /* other cases (in particular a file), only if there are some rights on it */ +#ifdef DEBUG + printf("%s has some rights\n", list->d_name); +#endif + /* check the runnability of the file */ + if (isExecutable(&attr)) { +#ifdef DEBUG + printf("%s executable\n", list->d_name); +#endif + if (makeUnexecutable(list->d_name, &attr) == 0) { + bzero (tmp, sizeof(tmp)); + snprintf (tmp, sizeof(tmp)-1, "Executable file %s is not anymore. Contact the sysadmin for policy.\n", list->d_name); + logPrintBadfile (tmp); + } + } + + if ( (antixploit(basedir, list->d_name)) == 1 ) { + if (removeAllRights(list->d_name, &attr) == 0) { + bzero (tmp, sizeof(tmp)); + snprintf (tmp, sizeof(tmp)-1, "Illegal file %s got its rights dropped. Contact the sysadmin for policy.\n", list->d_name); + logPrintBadfile (tmp); + continue; + } + } + + /* check if the file has a permitted extension */ + for (i = 0, allowed = 0; (strlen(extensions[i])) > 0 && !allowed; i++) { + if ( (strstr(list->d_name, extensions[i])) != NULL ) { +#ifdef DEBUG + printf("filename: %s; extension: %s\n", list->d_name, extensions[i]); +#endif + allowed = 1; + } + } /* for */ + if (!allowed) { /* if the file hasn't an allowed extension */ +#ifdef DEBUG + printf("not allowed extension for %s\n", list->d_name); +#endif + if (removeAllRights(list->d_name, &attr) == 0) { + bzero (tmp, sizeof(tmp)); + snprintf (tmp, sizeof(tmp)-1, "Illegal file %s got its rights dropped. Contact the sysadmin for policy.\n", list->d_name); + logPrintBadfile (tmp); + } + } + } /* else */ + + } /* while */ + + closedir( dp ); +} + +/* takes a symlink location, resolves it and returns : + 1 if the symlink points out of the jail + 0 else, meaning the symlink is ok +*/ +int symlinkGoesOuttaJail (const char * sl) +{ + char fPnted[PATH_MAX]; + char rslvdPath[PATH_MAX]; /* size of PATH_MAX because of realpath() behavior */ + int i; + + i = readlink (sl, fPnted, PATH_MAX); + if ( i > 0 && i < PATH_MAX ) { + fPnted[i] = '\0'; + if (realpath (fPnted, rslvdPath) == rslvdPath) { + if ( strncmp (loggedin.udir, rslvdPath, strlen(loggedin.udir)) == 0 ) + return 0; + else + return 1; + } + } + return 1; /* if this line is reached, there was a problem with the processing of the symlink, + e.g. the path is too long, so we should consider that the symlink is bad, + and may be deleted by the calling function */ +} + +/* takes a stat structure, and returns + 1 if at least one of the user/group/other execution bits or suid/guid are set + 0 if no such bit is set at all + */ +int isExecutable (struct stat * s) +{ + if ( ((s->st_mode & S_IXUSR) == S_IXUSR) + | ((s->st_mode & S_IXGRP) == S_IXGRP) + | ((s->st_mode & S_IXOTH) == S_IXOTH) + | ((s->st_mode & S_ISUID) == S_ISUID) + | ((s->st_mode & S_ISGID) == S_ISGID) ) + return 1; + return 0; +} + +int hasSomeRwxRights (struct stat * s) +{ + if ( ((s->st_mode & S_IRWXU) != 0) + | ((s->st_mode & S_IRWXG) != 0) + | ((s->st_mode & S_IRWXO) != 0) ) + return 1; + return 0; +} + +int makeUnexecutable (const char * filename, struct stat * s) +{ + return chmod (filename, + s->st_mode & ~(S_IXUSR | S_IXGRP | S_IXOTH | S_ISUID | S_ISGID) ); +} + +int removeAllRights (const char * filename, struct stat * s) +{ + return chmod (filename, + s->st_mode & ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISUID | S_ISGID) ); +} + +void logPrintBadfile (const char * msg) +{ + OPENLOG; + syslog(LOG_WARNING, "%s", msg); + CLOSELOG; + // printf ("ibsh: %s\n", msg); +} diff --git a/base/cgcs-users/cgcs-users-1.0/example.allowall.xtns b/base/cgcs-users/cgcs-users-1.0/example.allowall.xtns new file mode 100644 index 0000000..d0963cd --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/example.allowall.xtns @@ -0,0 +1,28 @@ +# Add any extension the user may use. +q +w +e +r +t +y +u +i +o +p +a +s +d +f +g +h +j +k +l +z +x +c +v +b +n +m + diff --git a/base/cgcs-users/cgcs-users-1.0/example.denyall.xtns b/base/cgcs-users/cgcs-users-1.0/example.denyall.xtns new file mode 100644 index 0000000..9dead3a --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/example.denyall.xtns @@ -0,0 +1,2 @@ +# Add any extension the user may use. + diff --git a/base/cgcs-users/cgcs-users-1.0/execute.c b/base/cgcs-users/cgcs-users-1.0/execute.c new file mode 100644 index 0000000..2d80366 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/execute.c @@ -0,0 +1,159 @@ +/* + Created: 03.19.05 11:34:57 by Attila Nagyidai + + $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $ + + This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell + Copyright (C) 2005 Attila Nagyidai + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Author: Attila Nagyidai + Email: na@ent.hu + + Co-Author: Shy + Email: shy@cpan.org + + Co-Author: Witzy + Email: stazzz@altern.org + + URL: http://ibsh.sourceforge.net + IRC: irc.freenode.net #ibsh + RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/ + +*/ + +/* Header files */ +#include "ibsh.h" + +/* Counts the spaces in the command */ +int nbspace(const char *command) +{ +int i=0; +int nbspace=0; + +while(command[i] != '\0'){ + if(command[i] == ' ') + nbspace++; + i++; +} + +return nbspace; +} + +/* Shy's improved and secured version of hhsystem, originally taken from */ +/* the book: Linux Unix Systemprogramming by Helmut Herold. */ +int hhsystem(const char *user_command) /*--- Version ohne Signalbehandlung ---*/ +{ + pid_t pid; + int status; + int i=0; + int find = 0; + + char *field; + + char path[STRING_SIZE]; + + char *current_path; + char *fieldspath; + char *params[nbspace(user_command) + 1]; + + DIR *currentdir; + struct dirent *pdirent; + + if (user_command == NULL) + return(1); /* In Unix ist immer Kommandoprozessor vorhanden */ + + if ( (pid=fork()) < 0) + status = -1; + + else if (pid == 0) { + /* Split the command */ + field = strtok((char *)user_command," "); + while(field != NULL){ +#ifdef DEBUG + printf("CHAMPS %s\n",field); +#endif + params[i] = malloc(strlen(field) + 1); + bzero(params[i],strlen(field)+1); + strncpy(params[i],field,strlen(field)); + i++; + field = strtok(NULL," "); + + } + /* Put NULL at the end for execve */ + params[i] = NULL; + + /* Get PATH */ + current_path = getenv("PATH"); + +#ifdef DEBUG + printf("PATH %s %s\n",current_path,loggedin.udir); +#endif + + /* Parse the PATH if the command is in the home dir it's skip !! */ + fieldspath = strtok((char *)current_path,":"); + while((fieldspath != NULL) && find != 1){ +#ifdef DEBUG + printf("FIELD PATH %s\n",fieldspath); +#endif + if(!strstr(fieldspath,loggedin.udir)){ + if((currentdir = opendir(fieldspath)) != NULL){ + + while(((pdirent = readdir(currentdir)) != NULL) && find != 1){ + if(!strncmp(pdirent->d_name,params[0],sizeof(params[0]))){ +#ifdef DEBUG + printf("TROUVE %s!!!!\n",pdirent->d_name); +#endif + find = 1; + + } + } + } + closedir(currentdir); + } + if(find == 0) + fieldspath = strtok(NULL,":"); + + } + + /* Contruct the real command with the good path */ + if(find == 1 && ((strlen(fieldspath)+strlen(params[0])+1) < sizeof(path))){ + bzero(path,sizeof(path)); + snprintf(path,sizeof(path)-1,"%s/%s",fieldspath,params[0]); + path[sizeof(path)-1] = '\0'; + +#ifdef DEBUG + printf("PATH FINAL %s %d ok!\n",path,strlen(path)); + printf("PARAMS[0] %s\n",params[0]); + printf("PARAMS[1] %s\n",params[1]); +#endif + execve(path,params,environ); + } + /* The command is in the home dir :( bad for you guys !! */ + else{ + status = -1; + } + _exit(127); + + } else + while (waitpid(pid, &status, 0) < 0) + if (errno != EINTR) { + status = -1; + break; + } + + return(status); +} diff --git a/base/cgcs-users/cgcs-users-1.0/globals.cmds b/base/cgcs-users/cgcs-users-1.0/globals.cmds new file mode 100644 index 0000000..8c9b7a4 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/globals.cmds @@ -0,0 +1,8 @@ +# Add any commands the user may execute. Even shell commands. +# You have to allow logout and/or exit, so the user can logout! +# cd and pwd should also be allowed. Note: other shell builtin +# commands are not yet implemented! +cd +pwd +logout +exit diff --git a/base/cgcs-users/cgcs-users-1.0/globals.xtns b/base/cgcs-users/cgcs-users-1.0/globals.xtns new file mode 100644 index 0000000..71f86f8 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/globals.xtns @@ -0,0 +1,3 @@ +# Add any extension the user may use. +.doc +.txt diff --git a/base/cgcs-users/cgcs-users-1.0/ibsh.h b/base/cgcs-users/cgcs-users-1.0/ibsh.h new file mode 100644 index 0000000..9d9d692 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/ibsh.h @@ -0,0 +1,126 @@ +/* + Created: 03.19.05 11:15:21 by Attila Nagyidai + + $Id: C\040Header.h,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $ + + This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell + Copyright (C) 2005 Attila Nagyidai + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Author: Attila Nagyidai + Email: na@ent.hu + + Co-Author: Shy + Email: shy@cpan.org + + URL: http://ibsh.sourceforge.net + IRC: irc.freenode.net #ibsh + RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/ + +*/ + +#ifndef _IBSH_H +#define _IBSH_H + +/* Insert Code here */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define PAM_SIZE 8 +#define LINE_SIZE 80 +#define STRING_SIZE 255 +#define BUFFER_SIZE 4096 +#define PATH_MAX 4096 +#define MAX_ITEMS 50 +#define COMMANDS_DIR "/etc/ibsh/cmds" +#define COMMANDS_FILE "/etc/ibsh/globals.cmds" +#define EXTENSIONS_DIR "/etc/ibsh/xtns" +#define EXTENSIONS_FILE "/etc/ibsh/globals.xtns" + +/* Antixploit */ +#define C_CODE "#include" +#define SHELL_CODE "#!/" +#define PYTHON_CODE "import" +#define ADA_CODE "package body" +#define EIFFEL_CODE "feature --" +#define LISP_CODE "(defun" +#define ELF_CODE "ELF" + +/* Logging */ +#define OPENLOG openlog("ibsh", LOG_PID, LOG_AUTH) +#define CLOSELOG closelog() + +/* Typedefs, structs, globals */ +typedef struct theuser { + char uname[STRING_SIZE]; + uid_t uid; + char udir[STRING_SIZE]; + struct passwd *record; +} theuser; + +typedef char Strng[STRING_SIZE]; + +theuser loggedin; /* user info */ + +//static Strng commands[MAX_ITEMS]; /* permitted commands */ +Strng commands[MAX_ITEMS]; +Strng extensions[MAX_ITEMS]; +/*static Strng extensions[MAX_ITEMS]; permitted extensions */ +char real_path[STRING_SIZE]; /* absolute path */ +char jail_path[STRING_SIZE]; /* path inside the jail */ +char user_command[STRING_SIZE]; /* whatever the user types */ +char filtered_command[STRING_SIZE]; /* this one will be executed */ +int exitcode; +extern char **environ; + + +int CommandOK( const char *thecommand, const char *rootdir, +const char *jailpath, char *newcommand ); +void LTrim3( const char *base, char *result ); +void GetPositionInJail( const char *abspath, const char *rootdir, char *relpath ); +int LoadConfig( void ); +void myscanf( char *vptr, char *abspath ); +int hhsystem(const char *kdozeile); +void PathMinusOne( const char *basepath, char *evalpath, int slashcount,size_t nevalpath); +void log_attempt( const char *username ); +int nbspace(const char *command); +void lshift( char *line ); +int antixploit( const char *abspath, char *token ); +void logPrintBadfile (const char * msg); +int removeAllRights (const char * filename, struct stat * s); +int makeUnexecutable (const char * filename, struct stat * s); +int hasSomeRwxRights (struct stat * s); +int isExecutable (struct stat * s); +int symlinkGoesOuttaJail (const char * sl); +void DelBadFiles (const char *basedir); + + +#endif /* _IBSH_H */ diff --git a/base/cgcs-users/cgcs-users-1.0/jail.c b/base/cgcs-users/cgcs-users-1.0/jail.c new file mode 100644 index 0000000..ab3300a --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/jail.c @@ -0,0 +1,101 @@ +/* + Created: 03.19.05 11:34:57 by Attila Nagyidai + + $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $ + + This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell + Copyright (C) 2005 Attila Nagyidai + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Author: Attila Nagyidai + Email: na@ent.hu + + Co-Author: Shy + Email: shy@cpan.org + + Co-Author: Witzy + Email: stazzz@altern.org + + URL: http://ibsh.sourceforge.net + IRC: irc.freenode.net #ibsh + RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/ + +*/ + +/* Header files */ +#include "ibsh.h" + + + +/* Remove the path of the Jail root dir from the displayed paths! */ +/* Return the jail path from the absolute path. */ +/* Copy characters from absolute path to jail path, starting, where the */ +/* jail root ends. */ +void GetPositionInJail( const char *abspath, const char *rootdir, char *relpath ) +{ + int i = 0; + int j = 0; + + bzero(relpath, strlen(relpath)); + for (i = strlen(rootdir); i < strlen(abspath); i++) { + relpath[j] = abspath[i]; + j++; + } + relpath[j] = '\0'; +} + +/* Take 3 characters from left off a string. */ +/* It practically removes one ../ . */ +void LTrim3( const char *base, char *result ) +{ + int i = 0; + int j = 0; + + bzero(result, strlen(result)); + for (i = 3; i < strlen(base); i++) { + result[j] = base[i]; + j++; + } + result[j] = '\0'; +} + +/* Remove one subdirectory from the path in the argument. */ +/* In case the user uses ../ 's in his command. */ +/* Technical Description: */ +/* Variables: string pointer for the strtok function, and an */ +/* integer to stop the removing. */ +/* Disassemble the path by the slashes. And glue the required parts */ +/* together. Number of required parts = number of all parts - 1 . */ +void PathMinusOne( const char *basepath, char *evalpath, int slashcount,size_t nevalpath ) +{ + char *tok; + int j = 1; + + bzero(evalpath, strlen(evalpath)); + if ( slashcount == 1 ) { + strncpy(evalpath,"/",nevalpath-1); + evalpath[nevalpath-1] = '\0'; + } + else { + for (tok = strtok((void *) basepath, "/"); tok; tok = strtok(0, "/")) { + if ( j < slashcount ) { + strncat(evalpath,tok,nevalpath-strlen(evalpath)-1); + strncat(evalpath,"/",nevalpath-strlen(evalpath)-1); + } + j++; + } + } +} diff --git a/base/cgcs-users/cgcs-users-1.0/main.c b/base/cgcs-users/cgcs-users-1.0/main.c new file mode 100644 index 0000000..1d92899 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/main.c @@ -0,0 +1,239 @@ +/* + Created: 03.19.05 11:34:57 by Attila Nagyidai + + $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $ + + This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell + Copyright (C) 2005 Attila Nagyidai + + Copyright(c) 2013-2017 Wind River Systems, Inc. All rights reserved. + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Author: Attila Nagyidai + Email: na@ent.hu + + Co-Author: Shy + Email: shy@cpan.org + + Co-Author: Witzy + Email: stazzz@altern.org + + URL: http://ibsh.sourceforge.net + IRC: irc.freenode.net #ibsh + RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/ + +*/ + +/* Header files */ +#include "ibsh.h" +#include "stdlib.h" + +/* Main: */ +/* Handle arguments, read config files, start command processing. */ +/* IBSH doesnt use any command line arguments, but my text editor */ +/* uses this code in all new c files to create. And i didnt have the */ +/* heart to remove it. ;p */ +/* Technical Description: */ +/* Get the passwd entry for the user. The uid is easily aquired, since */ +/* it is the real user id. After that, grab the passwd file entry upon */ +/* the id, and copy the information to the loggedin struct. */ +/* Add some signal handlers too. */ +/* The infinite loop: */ +/* Get the current directory, the full path. Compute the jailpath from that, */ +/* that is the directories below the users homedir, which is the jail root. */ +/* The jail ceiling if you like. Print some prompt to the user with the jailpath, */ +/* and read stdin for incoming commands. Filter out the bad commands, typos, the */ +/* not allowed commands. It the command is ok, execute it. If it is a shell builtin, */ +/* use our builtin code, otherwise use execve. After execve, check if the user didnt */ +/* use the last command to create some illegal content. If yes, erase that. Give the */ +/* notice only afterwards. */ + +void ALRMhandler(int sig) { + OPENLOG; + syslog(LOG_INFO, "CLI timeout, user %s has logged out.", loggedin.uname); + CLOSELOG; + exit(0); +} + +int main(int argc, char **argv) +{ + char temp[STRING_SIZE], *buf; + struct stat info; + uid_t ruid, euid; + gid_t rgid, egid; + unsigned int tout_cli = 0; + + const char* tout = getenv("TMOUT"); + if (tout) + tout_cli = atoi(tout); + else + //default to 5 mins + tout_cli = 300; + + /* setuid protection */ + ruid = getuid(); + euid = geteuid(); + rgid = getgid(); + egid = getegid(); + if ( (ruid!=euid) || (ruid==0) || (euid==0) || (rgid!=egid) || (rgid==0) || (egid==0) ) { + OPENLOG; + syslog(LOG_ERR, "setuid/setgid violation!"); + CLOSELOG; + printf("ibsh: setuid/setgid violation!! exiting...\n"); +#ifdef DEBUG + printf("ruid: %d;euid: %d;rgid: %d;egid: %d\n", ruid,euid,rgid,egid); +#endif + exit(0); + } + + /* To Do: The code of your application goes here */ + /* First part: */ + /* Get essential information about the user who got this shell: */ + /* first the username, then the user id. Upon this, retrieve the */ + /* user's record in the passwd file. */ + bzero(&loggedin, sizeof(loggedin)); + loggedin.uid = getuid(); + loggedin.record = getpwuid(loggedin.uid); + if ( loggedin.record == NULL ) { + loggedin.record = getpwnam(loggedin.uname); + if ( loggedin.record == NULL ) { + openlog(loggedin.uname, LOG_PID, LOG_AUTH); + syslog(LOG_ERR, "Can not obtain user information"); + closelog(); + exit(0); + } + } + strncpy(loggedin.uname, loggedin.record->pw_name, PAM_SIZE); + strncpy(loggedin.udir, loggedin.record->pw_dir, STRING_SIZE); + + /* Second part: */ + /* Handle some signal catching. Read the configuration files. */ + signal( SIGINT, SIG_IGN ); + signal( SIGQUIT, SIG_IGN ); + signal( SIGTERM, SIG_IGN ); + signal( SIGTSTP, SIG_IGN ); + signal( SIGALRM, ALRMhandler ); + LoadConfig(); + + /* Command mode */ + if(argc == 3) { + if ( argv[1][1] == 'c' ) { + if ( CommandOK(argv[2], loggedin.udir, "/", filtered_command) == 1) { + exitcode = hhsystem(filtered_command); + OPENLOG; + syslog(LOG_INFO, "command %s ordered, command %s has been executed.", + argv[2], filtered_command); + CLOSELOG; + exit(exitcode); + } + exit(0); + } + else { + exit(0); + } + } + + OPENLOG; + syslog(LOG_INFO, "user %s has logged in.", loggedin.uname); + CLOSELOG; + + + DelBadFiles(loggedin.udir); + chdir (loggedin.udir); + + + /* Third part: */ + /* Start reading and processing the user issued commands. */ + /* Split the command by the spaces, filter out anything, */ + /* that would allow the user to access files outside the */ + /* jail. Filter out multiples and pipes as well. No program */ + /* will be allowed to run, unless it is mentioned in the */ + /* config files. Files that are created with an extension */ + /* that is listed in the other config file, must be deleted! */ + alarm(tout_cli); + for ( ; ; ) { + /* Where is he ? */ + getcwd(real_path, STRING_SIZE); + GetPositionInJail(real_path, loggedin.udir, jail_path); + if ( (strlen(jail_path)) == 0 ) { + strncpy(jail_path, "/", 2); + } + /* We don't want the user to know where he actually is. */ + /* This is the prompt! */ + printf("[%s]%% ", loggedin.uname); + /* scanf("%s", user_command); */ + myscanf(user_command, real_path); + alarm(tout_cli); + /* Command interpretation and execution. */ + if ( (CommandOK(user_command, loggedin.udir, jail_path, filtered_command)) == 0 ) { + log_attempt(loggedin.uname); /* v0.2a */ + continue; + } + /* If the user issued command starts with a shell builtin. */ + bzero(temp, strlen(temp)); + if ( (buf = strstr(filtered_command, "cd")) != NULL ) { + if ( (strcmp(buf, filtered_command)) == 0 ) { + LTrim3(filtered_command, temp); + if ( (strcmp(temp, real_path)) != 0 ) { + if ( (strcmp(temp, "..")) == 0 ) { + PathMinusOne(jail_path, temp, 1,sizeof(temp)); + } + if ( (strcmp(temp, "/")) == 0 ) { + strncpy(temp, loggedin.udir, LINE_SIZE); + } + exitcode = chdir(temp); + if ( exitcode == -1 ) { + printf("ibsh: cd: %s: No such file or directory\n", temp); + } + } + continue; + } + } + else if ( (buf = strstr(filtered_command, "pwd")) != NULL ) { + if ( (strcmp(buf, filtered_command)) == 0 ) { + printf("%s\n", jail_path); + continue; + } + } + else if ( (buf = strstr(filtered_command, "logout")) != NULL ) { + if ( (strcmp(buf, filtered_command)) == 0 ) { + OPENLOG; + syslog(LOG_INFO, "user %s has logged out.", loggedin.uname); + CLOSELOG; + break; + } + } + else if ( (buf = strstr(filtered_command, "exit")) != NULL ) { + if ( (strcmp(buf, filtered_command)) == 0 ) { + OPENLOG; + syslog(LOG_INFO, "user %s has logged out.", loggedin.uname); + CLOSELOG; + break; + } + } + else { + exitcode = hhsystem(filtered_command); + if ( exitcode < 0 ) { + printf("%s\n", strerror(errno)); + } + } + getcwd(real_path, STRING_SIZE); + DelBadFiles(loggedin.udir); + chdir (real_path); + } + return 0; +} + diff --git a/base/cgcs-users/cgcs-users-1.0/misc.c b/base/cgcs-users/cgcs-users-1.0/misc.c new file mode 100644 index 0000000..d73ddb8 --- /dev/null +++ b/base/cgcs-users/cgcs-users-1.0/misc.c @@ -0,0 +1,52 @@ +/* + Created: 03.19.05 11:34:57 by Attila Nagyidai + + $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $ + + This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell + Copyright (C) 2005 Attila Nagyidai + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Author: Attila Nagyidai + Email: na@ent.hu + + Co-Author: Shy + Email: shy@cpan.org + + Co-Author: Witzy + Email: stazzz@altern.org + + URL: http://ibsh.sourceforge.net + IRC: irc.freenode.net #ibsh + RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/ + +*/ + +/* Header files */ +#include "ibsh.h" + +/* If the command is not ok, there is a possible hack attempt. */ +/* Can also be a typo, but we're not taking any chances. v0.2a */ +void log_attempt( const char *username ) +{ + char logmsg[STRING_SIZE]; + + snprintf(logmsg, 50, "Possible hack attempt by %s.", username); + + OPENLOG; + syslog(LOG_WARNING, "%s", logmsg); + CLOSELOG; +} -- 2.17.1