From eee9736e27aae251515c194190301dcc50055c57 Mon Sep 17 00:00:00 2001
From: Fumitoshi UKAI <ukai@debian.or.jp>
Date: Wed, 6 Nov 2002 03:50:48 +0000
Subject: [w3m-dev 03379] setuid w3mimgdisplay and check console tty *
 XMakefile: w3mimgdisplay install by INSTALL_W3MIMGDISPLAY * configure: ask
 setuid w3mimgdisplay 	(w3mimgdisplay_setuid): added 
 (INSTALL_W3MIMGDISPLAY): added * etc.c (mySystem): close until FOPEN_MAX *
 image.c (openImgdisplay): setenv W3M_TTY 		stderr to /dev/null 
 	close until FOPEN_MAX * install-sh: -o, -g for owner, group * proto.h
 (ttyname_tty): added * search.c (open_migemo): stderr to /dev/null 	
 close until FOPEN_MAX * terms.c (ttyname_tty): added * w3mimgdisplay.c:
 include <sys/types.h>, <unistd.h> 		W3MIMGDISPLAY_SETUID 	
 stderr to /dev/null * w3mimg/w3mimg.c: include <sys/types.h>, <unistd.h> 
 	W3MIMGDISPLAY_SETUID * w3mimg/fb/fb_w3mimg.c (check_tty_console):
 added From: Fumitoshi UKAI  <ukai@debian.or.jp>

---
 w3mimg/fb/fb_w3mimg.c | 29 ++++++++++++++++++++++++++++-
 w3mimg/w3mimg.c       | 16 +++++++++++++++-
 2 files changed, 43 insertions(+), 2 deletions(-)

(limited to 'w3mimg')

diff --git a/w3mimg/fb/fb_w3mimg.c b/w3mimg/fb/fb_w3mimg.c
index 2733624..6734463 100644
--- a/w3mimg/fb/fb_w3mimg.c
+++ b/w3mimg/fb/fb_w3mimg.c
@@ -1,8 +1,12 @@
-/* $Id: fb_w3mimg.c,v 1.5 2002/10/31 09:36:22 ukai Exp $ */
+/* $Id: fb_w3mimg.c,v 1.6 2002/11/06 03:50:49 ukai Exp $ */
 #include <stdio.h>
 #include <stdlib.h>
 #include <ctype.h>
 #include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
 
 #include "w3mimg/fb/fb.h"
 #include "w3mimg/fb/fb_img.h"
@@ -128,6 +132,24 @@ w3mfb_get_image_size(w3mimg_op * self, W3MImage * img,
     return 1;
 }
 
+#ifdef W3MIMGDISPLAY_SETUID
+static int
+check_tty_console(char *tty)
+{
+    if (tty == NULL || *tty == '\0')
+	return 0;
+    if (strncmp(tty, "/dev/", 5) == 0)
+	tty += 5;
+    if (strncmp(tty, "tty", 3) == 0 && isdigit(*(tty+3)))
+	return 1;
+    if (strncmp(tty, "vc/", 3) == 0 && isdigit(*(tty+3)))
+	return 1;
+    return 0;
+}
+#else
+#define check_tty_console(tty)	1
+#endif
+
 w3mimg_op *
 w3mimg_fbopen()
 {
@@ -137,6 +159,11 @@ w3mimg_fbopen()
 	return NULL;
     memset(wop, 0, sizeof(w3mimg_op));
 
+    if (! check_tty_console(getenv("W3M_TTY"))) {
+	fprintf(stderr, "w3mimgdisplay/fb: tty is not console\n");
+	goto error;
+    }
+
     if (fb_open())
 	goto error;
 
diff --git a/w3mimg/w3mimg.c b/w3mimg/w3mimg.c
index ebbd618..144a2d9 100644
--- a/w3mimg/w3mimg.c
+++ b/w3mimg/w3mimg.c
@@ -1,18 +1,32 @@
-/* $Id: w3mimg.c,v 1.4 2002/07/19 03:25:56 ukai Exp $ */
+/* $Id: w3mimg.c,v 1.5 2002/11/06 03:50:49 ukai Exp $ */
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <sys/types.h>
+#include <unistd.h>
 #include "w3mimg/w3mimg.h"
 
 w3mimg_op *
 w3mimg_open()
 {
     w3mimg_op *w_op = NULL;
+#ifdef W3MIMGDISPLAY_SETUID
+    uid_t runner_uid = getuid();
+    uid_t owner_uid = geteuid();
+#endif
 #ifdef USE_W3MIMG_X11
+#ifdef W3MIMGDISPLAY_SETUID
+    /* run in user privileges */
+    setreuid(owner_uid, runner_uid);
+#endif
     if (w_op == NULL)
 	w_op = w3mimg_x11open();
+#ifdef W3MIMGDISPLAY_SETUID
+    setreuid(runner_uid, owner_uid);
+#endif
 #endif
 #ifdef USE_W3MIMG_FB
+    /* run in setuid privileges */
     if (w_op == NULL)
 	w_op = w3mimg_fbopen();
 #endif
-- 
cgit v1.2.3