]> git.saurik.com Git - apple/mdnsresponder.git/blob - mDNSMacOSX/PreferencePane/installtool
projects / apple / mdnsresponder.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
mDNSResponder-107.6.tar.gz
[apple/mdnsresponder.git] / mDNSMacOSX / PreferencePane / installtool
1 #!/usr/bin/perl
2 # Emacs settings: -*- tab-width: 4 -*-
3 #
4 # File: installtool
5 #
6 # Abstract: Copy "ddnswriteconfig" to Application Support and make it setuid root.
7 #
8 # Copyright: (c) Copyright 2005 Apple Computer, Inc. All rights reserved.
9 #
10 # Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple Computer, Inc.
11 # ("Apple") in consideration of your agreement to the following terms, and your
12 # use, installation, modification or redistribution of this Apple software
13 # constitutes acceptance of these terms. If you do not agree with these terms,
14 # please do not use, install, modify or redistribute this Apple software.
15 #
16 # In consideration of your agreement to abide by the following terms, and subject
17 # to these terms, Apple grants you a personal, non-exclusive license, under Apple's
18 # copyrights in this original Apple software (the "Apple Software"), to use,
19 # reproduce, modify and redistribute the Apple Software, with or without
20 # modifications, in source and/or binary forms; provided that if you redistribute
21 # the Apple Software in its entirety and without modifications, you must retain
22 # this notice and the following text and disclaimers in all such redistributions of
23 # the Apple Software. Neither the name, trademarks, service marks or logos of
24 # Apple Computer, Inc. may be used to endorse or promote products derived from the
25 # Apple Software without specific prior written permission from Apple. Except as
26 # expressly stated in this notice, no other rights or licenses, express or implied,
27 # are granted by Apple herein, including but not limited to any patent rights that
28 # may be infringed by your derivative works or by other works in which the Apple
29 # Software may be incorporated.
30 #
31 # The Apple Software is provided by Apple on an "AS IS" basis. APPLE MAKES NO
32 # WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED
33 # WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR
34 # PURPOSE, REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE OR IN
35 # COMBINATION WITH YOUR PRODUCTS.
36 #
37 # IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL OR
38 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
39 # GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
40 # ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION AND/OR DISTRIBUTION
41 # OF THE APPLE SOFTWARE, HOWEVER CAUSED AND WHETHER UNDER THEORY OF CONTRACT, TORT
42 # (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE HAS BEEN
43 # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
44 #
45 # Change History (most recent first):
46 #
47 # $Log: installtool,v $
48 # Revision 1.3 2006/09/05 20:00:13 cheshire
49 # Moved Emacs settings to second line of file
50 #
51 # Revision 1.2 2006/08/14 23:15:14 cheshire
52 # Added "tab-width" emacs header line
53 #
54 # Revision 1.1 2005/06/04 04:51:48 cheshire
55 # <rdar://problem/4138070> ddnswriteconfig (Bonjour PreferencePane) vulnerability
56 # Added separate "installtool" script instead of making ddnswriteconfig self-install
57 #
58 # Create the Bonjour subdirectory.
59 # Copy ARGV[0] to $dest and set owner and suid permissions.
60 #
61 # This script will be run as root by the AEWP trampoline.
62 #
63
64 use File::Temp qw/ :mktemp /;
65
66 $dest_dir = "/Library/Application Support/Bonjour";
67 $dest = $dest_dir . "/ddnswriteconfig";
68
69 $template = ".XXXXXX";
70
71 # Perl seems to think this code is running setuid root, so it applies its security checks.
72 # See <http://www.monster-submit.com/resources/docs/pod/perlsec.html>.
73 # In fact this is NOT a setuid script. It is a normal unprivileged user-level script --
74 # but it is run as root when properly authorized by a user with an admin password,
75 # via the AuthorizationExecuteWithPrivileges() call.
76 # We therefore have to do this trick pattern match to 'untaint' the source file specified in $ARGV[0].
77 if ($ARGV[0] =~ /^(.+)$/) { $src = $1; }
78
79 # Also clear $ENV{PATH} so we don't get "Insecure $ENV{PATH}" fatal errors
80 $ENV{PATH} = "";
81
82 if (! -d $dest_dir) {
83 $dest_tmp_dir = mkdtemp ($dest_dir . $template);
84 (chown 0, 80, $dest_tmp_dir) or cleanup_dir();
85 (chmod 0755, $dest_tmp_dir) or cleanup_dir();
86 (rename $dest_tmp_dir, $dest_dir) or cleanup_dir();
87 }
88
89 $dest_tmp = mktemp ($dest . $template);
90
91 if ($src ne '') {
92 system ('/bin/cp', '-f', $src, $dest_tmp) and cleanup();
93 (chown 0, 80, $dest_tmp) or cleanup();
94 (chmod 04555, $dest_tmp) or cleanup();
95 (rename $dest_tmp, $dest) or cleanup();
96 }
97 exit (0);
98
99 sub cleanup {
100 unlink $dest_tmp;
101 exit (1);
102 }
103
104 sub cleanup_dir {
105 unlink $dest_tmp_dir;
106 exit (1);
107 }
mirror of mDNSResponder