src/consaver/cons.saver.c

   1 /* This program should be setuid vcsa and /dev/vcsa* should be
   2    owned by the same user too.
   3    Partly rewritten by Jakub Jelinek <jakub@redhat.com>.  */
   4
   5 /* General purpose Linux console screen save/restore server
   6    Copyright (C) 1994, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
   7    2006, 2007 Free Software Foundation, Inc.
   8    Original idea from Unix Interactive Tools version 3.2b (tty.c)
   9    This code requires root privileges.
  10    You may want to make the cons.saver setuid root.
  11    The code should be safe even if it is setuid but who knows?
  12
  13    This program is free software; you can redistribute it and/or modify
  14    it under the terms of the GNU General Public License as published by
  15    the Free Software Foundation; either version 2 of the License, or
  16    (at your option) any later version.
  17
  18    This program is distributed in the hope that it will be useful,
  19    but WITHOUT ANY WARRANTY; without even the implied warranty of
  20    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  21    GNU General Public License for more details.
  22
  23    You should have received a copy of the GNU General Public License
  24    along with this program; if not, write to the Free Software
  25    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  */
  26
  27 /* This code does _not_ need to be setuid root. However, it needs
  28    read/write access to /dev/vcsa* (which is priviledged
  29    operation). You should create user vcsa, make cons.saver setuid
  30    user vcsa, and make all vcsa's owned by user vcsa.
  31
  32    Seeing other peoples consoles is bad thing, but believe me, full
  33    root is even worse. */
  34
  35 /** \file cons.saver.c
  36  *  \brief Source: general purpose Linux console screen save/restore server
  37  *
  38  *  This code does _not_ need to be setuid root. However, it needs
  39  *  read/write access to /dev/vcsa* (which is priviledged
  40  *  operation). You should create user vcsa, make cons.saver setuid
  41  *  user vcsa, and make all vcsa's owned by user vcsa.
  42  *  Seeing other peoples consoles is bad thing, but believe me, full
  43  *  root is even worse.
  44  */
  45
  46 #include <config.h>
  47
  48 #ifndef _GNU_SOURCE
  49 #define _GNU_SOURCE
  50 #endif
  51
  52 #include <stdlib.h>
  53 #include <stdio.h>
  54 #include <string.h>
  55
  56 #include <sys/types.h>
  57 #include <sys/stat.h>
  58 #include <sys/ioctl.h>
  59 #include <fcntl.h>
  60 #include <termios.h>
  61 #include <unistd.h>
  62
  63 #define LINUX_CONS_SAVER_C
  64 #include "cons.saver.h"
  65 #include "lib/tty/win.h"
  66
  67 static void
  68 send_contents (char *buffer, unsigned int columns, unsigned int rows)
  69 {
  70   unsigned char begin_line = 0, end_line = 0;
  71   unsigned int lastline, lc_index, x;
  72   unsigned char message, outbuf[1024], *p;
  73   unsigned short bytes;
  74
  75   lc_index = 2 * rows * columns;
  76   for (lastline = rows; lastline > 0; lastline--)
  77     for (x = 0; x < columns; x++)
  78       {
  79         lc_index -= 2;
  80         if (buffer [lc_index] != ' ')
  81           goto out;
  82       }
  83 out:
  84
  85   message = CONSOLE_CONTENTS;
  86   write (1, &message, 1);
  87
  88   read (0, &begin_line, 1);
  89   read (0, &end_line, 1);
  90   if (begin_line > lastline)
  91     begin_line = lastline;
  92   if (end_line > lastline)
  93     end_line = lastline;
  94
  95   lc_index = (end_line - begin_line) * columns;
  96   bytes = lc_index;
  97   if (lc_index != bytes)
  98     bytes = 0;
  99   write (1, &bytes, 2);
 100   if (! bytes)
 101     return;
 102
 103   p = outbuf;
 104   for (lc_index = 2 * begin_line * columns;
 105        lc_index < 2 * end_line * columns;
 106        lc_index += 2)
 107     {
 108       *p++ = buffer [lc_index];
 109       if (p == outbuf + sizeof (outbuf))
 110         {
 111           write (1, outbuf, sizeof (outbuf));
 112           p = outbuf;
 113         }
 114     }
 115
 116   if (p != outbuf)
 117     write (1, outbuf, p - outbuf);
 118 }
 119
 120 static void __attribute__ ((noreturn))
 121 die (void)
 122 {
 123   unsigned char zero = 0;
 124   write (1, &zero, 1);
 125   exit (3);
 126 }
 127
 128 int
 129 main (int argc, char **argv)
 130 {
 131   unsigned char action = 0, console_flag = 3;
 132   int console_fd, vcsa_fd, console_minor, buffer_size;
 133   struct stat st;
 134   uid_t uid, euid;
 135   char *buffer, *tty_name, console_name [16], vcsa_name [16];
 136   const char *p, *q;
 137   struct winsize winsz;
 138
 139   close (2);
 140
 141   if (argc != 2)
 142     die ();
 143
 144   tty_name = argv [1];
 145   if (strnlen (tty_name, 15) == 15
 146       || strncmp (tty_name, "/dev/", 5))
 147     die ();
 148
 149   setsid ();
 150   uid = getuid ();
 151   euid = geteuid ();
 152
 153   if (seteuid (uid) < 0)
 154     die ();
 155   console_fd = open (tty_name, O_RDONLY);
 156   if (console_fd < 0)
 157     die ();
 158   if (fstat (console_fd, &st) < 0 || ! S_ISCHR (st.st_mode))
 159     die ();
 160   if ((st.st_rdev & 0xff00) != 0x0400)
 161     die ();
 162   console_minor = (int) (st.st_rdev & 0x00ff);
 163   if (console_minor < 1 || console_minor > 63)
 164     die ();
 165   if (st.st_uid != uid)
 166     die ();
 167
 168   switch (tty_name [5])
 169     {
 170     /* devfs */
 171     case 'v': p = "/dev/vc/%d"; q = "/dev/vcc/a%d"; break;
 172     /* /dev/ttyN */
 173     case 't': p = "/dev/tty%d"; q = "/dev/vcsa%d"; break;
 174     default: die (); break;
 175     }
 176
 177   snprintf (console_name, sizeof (console_name), p, console_minor);
 178   if (strncmp (console_name, tty_name, sizeof (console_name)) != 0)
 179     die ();
 180
 181   if (seteuid (euid) < 0)
 182     die ();
 183
 184   snprintf (vcsa_name, sizeof (vcsa_name), q, console_minor);
 185   vcsa_fd = open (vcsa_name, O_RDWR);
 186   if (vcsa_fd < 0)
 187     die ();
 188   if (fstat (vcsa_fd, &st) < 0 || ! S_ISCHR (st.st_mode))
 189     die ();
 190
 191   if (seteuid (uid) < 0)
 192     die ();
 193
 194   winsz.ws_col = winsz.ws_row = 0;
 195   if (ioctl (console_fd, TIOCGWINSZ, &winsz) < 0
 196       || winsz.ws_col <= 0 || winsz.ws_row <= 0
 197       || winsz.ws_col >= 256 || winsz.ws_row >= 256)
 198     die ();
 199
 200   buffer_size = 4 + 2 * winsz.ws_col * winsz.ws_row;
 201   buffer = calloc (buffer_size, 1);
 202   if (buffer == NULL)
 203     die ();
 204
 205   write (1, &console_flag, 1);
 206
 207   while (console_flag && read (0, &action, 1) == 1)
 208     {
 209       switch (action)
 210         {
 211         case CONSOLE_DONE:
 212           console_flag = 0;
 213           continue;
 214         case CONSOLE_SAVE:
 215           if (seteuid (euid) < 0
 216               || lseek (vcsa_fd, 0, 0) != 0
 217               || fstat (console_fd, &st) < 0 || st.st_uid != uid
 218               || read (vcsa_fd, buffer, buffer_size) != buffer_size
 219               || fstat (console_fd, &st) < 0 || st.st_uid != uid)
 220             memset (buffer, 0, buffer_size);
 221           if (seteuid (uid) < 0)
 222             die ();
 223           break;
 224         case CONSOLE_RESTORE:
 225           if (seteuid (euid) >= 0
 226               && lseek (vcsa_fd, 0, 0) == 0
 227               && fstat (console_fd, &st) >= 0 && st.st_uid == uid)
 228             write (vcsa_fd, buffer, buffer_size);
 229           if (seteuid (uid) < 0)
 230             die ();
 231           break;
 232         case CONSOLE_CONTENTS:
 233           send_contents (buffer + 4, winsz.ws_col, winsz.ws_row);
 234           break;
 235         }
 236
 237       write (1, &console_flag, 1);
 238     }
 239
 240   exit (0);
 241 }