Drop bbs euid whenever it is not required, so that users don't end up in privileged editors which can be used to vandalise posts.

1 files changed, 35 insertions, 2 deletions

diff --git a/telem.lua b/telem.lua
index 9b81881..56379ca 100755
--- a/telem.lua
+++ b/telem.lua
@@ -10,6 +10,7 @@ path = require("pl.path")
 string = require("string")
 stringx = require("pl.stringx")
 table = require("table")
+unistd = require("posix.unistd")
 
 _BBS_ROOT = "/var/bbs/"
 _EDITOR = os.getenv("EDITOR")
@@ -37,6 +38,21 @@ current_thread_posts = {}	-- Array of post tables, containing posts associated w
 current_post_index = nil	-- Integer index into current_thread_posts
 colours = true			-- Boolean, controls whether to use ANSI colours
 
+-- Setuid stuff
+
+bbs_uid = unistd.geteuid()
+user_uid = unistd.getuid()
+
+function drop_privs()
+	unistd.setpid("U", user_uid)
+end
+
+function raise_privs()
+	unistd.setpid("U", bbs_uid)
+end
+
+drop_privs()
+
 -- Utility functions
 
 function cat_file(filename)
@@ -147,6 +163,7 @@ end
 
 function load_scan_times()
 	local scanfile = path.join(_BBS_ROOT, "scans", username ..".scan")
+	raise_privs()
 	local f, err = io.open(scanfile, "r")
 	if f == nil then return end
 	for line in f:lines() do
@@ -156,15 +173,18 @@ function load_scan_times()
 		end
 	end
 	f:close()
+	drop_privs()
 end
 
 function save_scan_times()
 	local scanfile = path.join(_BBS_ROOT, "scans", username ..".scan")
+	raise_privs()
 	local f, err = io.open(scanfile, "w")
 	for _, board in ipairs(boards) do
 		f:write(board.name .. ":" .. tostring(board.last_scanned) .. "\n")
 	end
 	f:close()
+	drop_privs()
 end
 
 -- Commands
@@ -192,6 +212,7 @@ function do_board()
 		return
 	end
 	-- Create directory
+	raise_privs()
 	local board_dir = path.join(_BBS_ROOT, "boards", board)
 	lfs.mkdir(board_dir)
 	os.execute("chmod og+rwx " .. board_dir)
@@ -199,6 +220,7 @@ function do_board()
 	local topic_file = path.join(board_dir, "topic")
 	file.write(topic_file, desc)
 	os.execute("chmod og+r " .. topic_file)
+	drop_privs()
 	-- Update representation of BBS
 	update_boards()
 	-- Done!
@@ -324,6 +346,9 @@ function create_post()
 		file.delete(filename)
 		return nil
 	else
+		-- Make sure the telem program can read this file once
+		-- it sets the euid to bbs.
+		os.execute("chmod og+r " .. filename)
 		return filename
 	end
 end
@@ -351,6 +376,7 @@ function do_new()
 	local timestamp = tostring(os.time())
 	local thread_dir = timestamp .. "-" .. username
 	local thread_path = path.join(current_board.directory, thread_dir)
+	raise_privs()
 	lfs.mkdir(thread_path)
 	os.execute("chmod og+rwx " .. thread_path)
 	-- Write subject file
@@ -359,11 +385,15 @@ function do_new()
 	-- Move post file
 	local post_file = thread_dir -- first post and thread directory names are the same!
 	local newpath = path.join(thread_path, post_file)
-	local ret, str = file.move(filename, newpath)
+	-- Copy first - bbs user doesn't have permissions to delete
+	local ret, str = file.copy(filename, newpath)
 	if not ret then
 		print(str)
 	end
 	os.execute("chmod og+r " .. newpath)
+	drop_privs()
+	-- Delete file to complete the move
+	file.delete(filename)
 	-- Done!
 	print("Post submitted.")
 end
@@ -426,11 +456,14 @@ function do_type_reply()
 	local timestamp = tostring(os.time())
 	local newfilename = timestamp .. "-" .. username
 	local newpath = path.join(current_thread.directory, newfilename)
-	local ret, str = file.move(filename, newpath)
+	raise_privs()
+	local ret, str = file.copy(filename, newpath)
 	if not ret then
 		print(str)
 	end
 	os.execute("chmod og+r " .. newpath)
+	drop_privs()
+	file.delete(filename)
 	-- Update state and show reply
 	current_thread_posts = get_posts(current_thread)
 	current_post_index = #current_thread_posts