Cover V03, I06
Article
Figure 1
Listing 1
Listing 2
Listing 3
Listing 4
Sidebar 1

nov94.tar


Listing 1: sufw.c--The suFirewall frontend program

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <libgen.h>
#include <sys/types.h>

/*  Directory where secured programs reside.
*/
#define FWSDIR  "/home/suser/secured"

/*  Suffix string used to prevent accidental
* execution within FWSDIR.
*/
#define FWMAGIC "\003"

void main(argc, argv)
int argc;
char* argv[];
{
char secured_name[15]; /* or longer if not POSIX */
char path[256];        /* "  "      "  "   "     */
char fwsdir[256];      /* "  "      "  "   "     */
char pgm_name[21];     /* "  "      "  "   "     */
char realuid[32];
char realppid[32];
uid_t uid;
pid_t ppid;

uid=getuid();
ppid=getppid();

/*  For scripts calling "realdo" nice to have
* access to the real uid.
*/
sprintf(realuid,"FWREALUID=%d",uid);

/* May need to have the process id of the
*  invoking shell.
*/
sprintf(realppid,"FWREALPPID=%d",ppid);

/*  Explicit storage of FWSDIR in environment allows
* scripts to be sourced without having to have
* execute permissions.  Also needed for AIX.
*/
sprintf(fwsdir,"FWSDIR=%s",FWSDIR);

/*  Need to pass original program name into
* environment. This way error messages etc.,
* can use the public stub name instead of
* the secure-name.
*/
sprintf(pgm_name,"FWPGM=%s",basename(argv[0]));

sprintf(path,"PATH=%s:/usr/bin:/bin",FWSDIR);

putenv(realuid);
putenv(realppid);
putenv(fwsdir);
putenv(pgm_name);
putenv(path);

/*  Use the basename of the "stub" file pointing
* to this executable to determine the Secured
* program to execute.
*/
sprintf(secured_name,"%s.%s",basename(argv[0]),
FWMAGIC);

execvp(secured_name,argv);
}