4 * This wrapper makes some sanity checks on the command line arguments
5 * and environment variables when run with euid == 0 && euid != uid.
6 * If the checks fail, the wrapper exits with a message.
7 * If they succeed, it exec's the Xserver.
11 * Copyright (c) 1998 by The XFree86 Project, Inc. All Rights Reserved.
13 * Permission is hereby granted, free of charge, to any person obtaining
14 * a copy of this software and associated documentation files (the
15 * "Software"), to deal in the Software without restriction, including
16 * without limitation the rights to use, copy, modify, merge, publish,
17 * distribute, sublicense, and/or sell copies of the Software, and to
18 * permit persons to whom the Software is furnished to do so, subject
19 * to the following conditions:
21 * The above copyright notice and this permission notice shall be included
22 * in all copies or substantial portions of the Software.
24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
27 * IN NO EVENT SHALL THE XFREE86 PROJECT BE LIABLE FOR ANY CLAIM, DAMAGES
28 * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
29 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
30 * OR OTHER DEALINGS IN THE SOFTWARE.
32 * Except as contained in this notice, the name of the XFree86 Project
33 * shall not be used in advertising or otherwise to promote the sale,
34 * use or other dealings in this Software without prior written
35 * authorization from the XFree86 Project.
38 /* $XFree86: xc/programs/Xserver/os/wrapper.c,v 1.1.2.5 1998/02/27 15:28:59 dawes Exp $ */
40 /* This is normally set in the Imakefile */
42 #define XSERVER_PATH "/usr/X11R6/bin/X"
51 /* Neither of these should be required for XFree86 3.3.2 */
53 #define REJECT_CONFIG 0
56 #define REJECT_XKBDIR 0
59 /* Consider LD* variables insecure ? */
61 #define REMOVE_ENV_LD 1
64 /* Remove long environment variables? */
65 #ifndef REMOVE_LONG_ENV
66 #define REMOVE_LONG_ENV 1
69 /* Check args and env only if running setuid (euid == 0 && euid != uid) ? */
75 * Maybe the locale can be faked to make isprint(3) report that everything
76 * is printable? Avoid it by default.
82 #define MAX_ARG_LENGTH 128
83 #define MAX_ENV_LENGTH 256
84 #define MAX_ENV_PATH_LENGTH 2048
88 #define checkPrintable(c) isprint(c)
90 #define checkPrintable(c) (((c) & 0x7f) >= 0x20 && ((c) & 0x7f) != 0x7f)
103 "\nIf the arguments used are valid, and have been rejected incorrectly\n" \
104 "please send details of the arguments and why they are valid to\n" \
105 "XFree86@XFree86.org. In the meantime, you can start the Xserver as\n" \
106 "the \"super user\" (root).\n"
109 "\nIf the environment is valid, and have been rejected incorrectly\n" \
110 "please send details of the environment and why it is valid to\n" \
111 "XFree86@XFree86.org. In the meantime, you can start the Xserver as\n" \
112 "the \"super user\" (root).\n"
115 main(int argc, char **argv, char **envp)
117 enum BadCode bad = NotBad;
122 if (geteuid() == 0 && getuid() != geteuid()) {
124 /* Check each argv[] */
125 for (i = 1; i < argc; i++) {
127 /* Check for known bad arguments */
129 if (strcmp(argv[i], "-config") == 0) {
135 if (strcmp(argv[i], "-xkbdir") == 0) {
140 if (strlen(argv[i]) > MAX_ARG_LENGTH) {
146 if (checkPrintable(*a) == 0) {
147 bad = UnprintableArg;
155 /* Check each envp[] */
157 for (i = 0; envp[i]; i++) {
159 /* Check for bad environment variables and values */
161 while (envp[i] && (strncmp(envp[i], "LD", 2) == 0)) {
162 for (j = i; envp[j]; j++) {
167 if (envp[i] && (strlen(envp[i]) > MAX_ENV_LENGTH)) {
169 for (j = i; envp[j]; j++) {
177 eq = strchr(envp[i], '=');
186 strncpy(e, envp[i], len);
189 (strcmp(e + len - 4, "PATH") == 0 ||
190 strcmp(e, "TERMCAP") == 0)) {
191 if (strlen(envp[i]) > MAX_ENV_PATH_LENGTH) {
209 execve(XSERVER_PATH, argv, envp);
210 fprintf(stderr, "execve failed for %s (errno %d)\n", XSERVER_PATH,
214 fprintf(stderr, "Command line argument number %d is unsafe\n", i);
215 fprintf(stderr, ARGMSG);
218 fprintf(stderr, "Command line argument number %d is too long\n", i);
219 fprintf(stderr, ARGMSG);
222 fprintf(stderr, "Command line argument number %d contains unprintable"
224 fprintf(stderr, ARGMSG);
227 fprintf(stderr, "Environment variable `%s' is too long\n", e);
228 fprintf(stderr, ENVMSG);
231 fprintf(stderr, "Internal Error\n");
234 fprintf(stderr, "Unknown error\n");
235 fprintf(stderr, ARGMSG);
236 fprintf(stderr, ENVMSG);