On Thu, Feb 04, 2010 at 09:40:08AM +1300, martin f krafft wrote:
> also sprach b...@bc-bd.org <b...@bc-bd.org> [2010.02.03.0021 +1300]:
> > I still think the patch is a valuable addition to molly-guard, as
> > it fixes a problem I and maybe others have. I think that holding
> > this patch back because you feel molly-guard needs to be rewritten
> > is the wrong thing to do.
>
> There is no reason for me *not* to include it, so I will.
Great :).
> However, there is one remaining problem, as far as I can see. While
> your patch gets rid of the pgrep-based approach and hence solves the
> kFreeBSD-problem, where the tty-name of the sshd process is not
> exported by ps, it introduces another Linux-ism:
>
> EXE=$(basename $(readlink /proc/$PARENT/exe) )
>
> /proc/$PARENT/exe does not exist on FreeBSD. Can you fathom another
> way to achieve this?
Since I don't have a kfreebsd machine I asked in irc.debian.org/#debian-kbsd,
where I have been told that kfreebsd normally does have /proc mounted and the
exe link exists.
We discovered one bash-ism, but the test for /proc/$PID/exe worked.
Attached is an updated version of the patch fixing said bash-ism.
regards
Stefan
--
You will be winged by an anti-aircraft battery.
diff --git a/rc b/rc
index d5b87cc..eb456ed 100644
--- a/rc
+++ b/rc
@@ -4,3 +4,9 @@
# when set, causes the 30-query-hostname script to always ask for the
# hostname, even if no SSH session was detected.
#ALWAYS_QUERY_HOSTNAME=true
+#
+# CHECK_IMAGES
+#
+# Space seperated list of image names to look for and if found to protect
+# against.
+CHECK_IMAGES="sshd screen"
diff --git a/run.d/30-query-hostname b/run.d/30-query-hostname
index d040603..0aa9833 100755
--- a/run.d/30-query-hostname
+++ b/run.d/30-query-hostname
@@ -3,6 +3,7 @@
# 30-ask-hostname - request the user to type in the hostname of the local host
#
# Copyright © martin f. krafft <madd...@madduck.net>
+# Copyright © 2009-2010 Stefan Völkel <b...@bc-bd.org>
# Released under the terms of the Artistic Licence 2.0
#
set -eu
@@ -21,28 +22,57 @@ done
# require an interactive terminal connected to stdin
test -t 0 || exit 0
-# we've been asked to always protect this host
+# whether we should check for an ssh session or not
+CHECK=1
+
+# should we bypass ssh session checking and handle as if we found one?
+if [ $PRETEND_SSH -eq 1 ]; then
+ CHECK=0
+ echo "I: $ME: --pretend-ssh was given, handling as ssh session" >&2
+fi
+
+# should this hostname always be guarded?
case "${ALWAYS_QUERY_HOSTNAME:-0}" in
0|false|False|no|No|off|Off)
- # only run if we are being called over SSH, that is if the current terminal
- # was created by sshd.
- PTS=$(readlink /proc/$$/fd/0)
- if ! pgrep -f "^sshd.+${PTS#/dev/}\>" >/dev/null \
- && [ -z "${SSH_CONNECTION:-}" ]; then
- if [ $PRETEND_SSH -eq 1 ]; then
- echo "I: $ME: this is not an SSH session, but --pretend-ssh was given..." >&2
- else
- exit 0
- fi
- else
- echo "W: $ME: SSH session detected!" >&2
- fi
- ;;
+ ;;
*)
+ CHECK=0
echo "I: $ME: $MOLLYGUARD_CMD is always molly-guarded on this system." >&2
;;
esac
+# bypass image check?
+if [ $CHECK -ne 0 ]; then
+ # no, set parent pid
+ PARENT=$$
+
+ FOUND=""
+ # keep looking at parent pid until ...
+ while [ -z $FOUND ]; do
+ # ... no more parents
+ # => molly-guard was NOT started as child of sshd
+ # => this is NOT an ssh/screen/whatever session
+ # => reboot/halt/... as requested
+ [ $PARENT -eq 0 ] && exit 0
+
+ # find out image name
+ EXE=$(basename $(readlink /proc/$PARENT/exe) )
+
+ # ... parent image is one of sshd, screen
+ for p in $CHECK_IMAGES; do
+ if [ "$p" = "$EXE" ]; then
+ FOUND=$p
+ break;
+ fi
+ done
+
+ # get next pid
+ PARENT=$(ps -o "ppid=" $PARENT | sed 's/^ \+//')
+ done
+
+ echo "I: $ME: $FOUND found." >&2
+fi
+
HOSTNAME="$(hostname --short)"
sigh()
