projects / apple / mdnsresponder.git / blame
| Commit | Line | Data |
|---|---|---|
| 4aea607d A |
1 | #!/usr/bin/perl |
| 2 | # | |
| 3 | # File: installtool | |
| 4 | # | |
| 5 | # Abstract: Copy "ddnswriteconfig" to Application Support and make it setuid root. | |
| 6 | # | |
| 7 | # Copyright: (c) Copyright 2005 Apple Computer, Inc. All rights reserved. | |
| 8 | # | |
| 9 | # Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple Computer, Inc. | |
| 10 | # ("Apple") in consideration of your agreement to the following terms, and your | |
| 11 | # use, installation, modification or redistribution of this Apple software | |
| 12 | # constitutes acceptance of these terms. If you do not agree with these terms, | |
| 13 | # please do not use, install, modify or redistribute this Apple software. | |
| 14 | # | |
| 15 | # In consideration of your agreement to abide by the following terms, and subject | |
| 16 | # to these terms, Apple grants you a personal, non-exclusive license, under Apple's | |
| 17 | # copyrights in this original Apple software (the "Apple Software"), to use, | |
| 18 | # reproduce, modify and redistribute the Apple Software, with or without | |
| 19 | # modifications, in source and/or binary forms; provided that if you redistribute | |
| 20 | # the Apple Software in its entirety and without modifications, you must retain | |
| 21 | # this notice and the following text and disclaimers in all such redistributions of | |
| 22 | # the Apple Software. Neither the name, trademarks, service marks or logos of | |
| 23 | # Apple Computer, Inc. may be used to endorse or promote products derived from the | |
| 24 | # Apple Software without specific prior written permission from Apple. Except as | |
| 25 | # expressly stated in this notice, no other rights or licenses, express or implied, | |
| 26 | # are granted by Apple herein, including but not limited to any patent rights that | |
| 27 | # may be infringed by your derivative works or by other works in which the Apple | |
| 28 | # Software may be incorporated. | |
| 29 | # | |
| 30 | # The Apple Software is provided by Apple on an "AS IS" basis. APPLE MAKES NO | |
| 31 | # WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED | |
| 32 | # WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
| 33 | # PURPOSE, REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE OR IN | |
| 34 | # COMBINATION WITH YOUR PRODUCTS. | |
| 35 | # | |
| 36 | # IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL OR | |
| 37 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE | |
| 38 | # GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
| 39 | # ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION AND/OR DISTRIBUTION | |
| 40 | # OF THE APPLE SOFTWARE, HOWEVER CAUSED AND WHETHER UNDER THEORY OF CONTRACT, TORT | |
| 41 | # (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE HAS BEEN | |
| 42 | # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 43 | # | |
| 44 | # Change History (most recent first): | |
| 45 | # | |
| 46 | # $Log: installtool,v $ | |
| 47 | # Revision 1.1 2005/06/04 04:51:48 cheshire | |
| 48 | # <rdar://problem/4138070> ddnswriteconfig (Bonjour PreferencePane) vulnerability | |
| 49 | # Added separate "installtool" script instead of making ddnswriteconfig self-install | |
| 50 | # | |
| 51 | # Create the Bonjour subdirectory. | |
| 52 | # Copy ARGV[0] to $dest and set owner and suid permissions. | |
| 53 | # | |
| 54 | # This script will be run as root by the AEWP trampoline. | |
| 55 | # | |
| 56 | ||
| 57 | use File::Temp qw/ :mktemp /; | |
| 58 | ||
| 59 | $dest_dir = "/Library/Application Support/Bonjour"; | |
| 60 | $dest = $dest_dir . "/ddnswriteconfig"; | |
| 61 | ||
| 62 | $template = ".XXXXXX"; | |
| 63 | ||
| 64 | # Perl seems to think this code is running setuid root, so it applies its security checks. | |
| 65 | # See <http://www.monster-submit.com/resources/docs/pod/perlsec.html>. | |
| 66 | # In fact this is NOT a setuid script. It is a normal unprivileged user-level script -- | |
| 67 | # but it is run as root when properly authorized by a user with an admin password, | |
| 68 | # via the AuthorizationExecuteWithPrivileges() call. | |
| 69 | # We therefore have to do this trick pattern match to 'untaint' the source file specified in $ARGV[0]. | |
| 70 | if ($ARGV[0] =~ /^(.+)$/) { $src = $1; } | |
| 71 | ||
| 72 | # Also clear $ENV{PATH} so we don't get "Insecure $ENV{PATH}" fatal errors | |
| 73 | $ENV{PATH} = ""; | |
| 74 | ||
| 75 | if (! -d $dest_dir) { | |
| 76 | $dest_tmp_dir = mkdtemp ($dest_dir . $template); | |
| 77 | (chown 0, 80, $dest_tmp_dir) or cleanup_dir(); | |
| 78 | (chmod 0755, $dest_tmp_dir) or cleanup_dir(); | |
| 79 | (rename $dest_tmp_dir, $dest_dir) or cleanup_dir(); | |
| 80 | } | |
| 81 | ||
| 82 | $dest_tmp = mktemp ($dest . $template); | |
| 83 | ||
| 84 | if ($src ne '') { | |
| 85 | system ('/bin/cp', '-f', $src, $dest_tmp) and cleanup(); | |
| 86 | (chown 0, 80, $dest_tmp) or cleanup(); | |
| 87 | (chmod 04555, $dest_tmp) or cleanup(); | |
| 88 | (rename $dest_tmp, $dest) or cleanup(); | |
| 89 | } | |
| 90 | exit (0); | |
| 91 | ||
| 92 | sub cleanup { | |
| 93 | unlink $dest_tmp; | |
| 94 | exit (1); | |
| 95 | } | |
| 96 | ||
| 97 | sub cleanup_dir { | |
| 98 | unlink $dest_tmp_dir; | |
| 99 | exit (1); | |
| 100 | } |