kunkku: Hello.
Please find below a patch for the sendsms script, making it work without superuser privileges.
Currently, the sendsms script must execute with root privileges because it invokes chown(1). It can be made available for other users either by setting the SUID bit or via sudo(8). The former method is a well-known security risk, and the latter is inconvenient because it complicates the non-interactive use of the sendsms script, e.g. from other scripts.
The patch improves the situation by allowing the members of the smsd group to run the script without escalated privileges. The actual names of the user and group of the smsd process may vary and are therefore determined from the inode of the outgoing message directory.
The old authorization mechanism based on MD5-hashed keys is a bit pointless in my opinion, so the patch proposes its removal. With sudo, authorization is better handled via the sudoers(5) file, and with SUID bit set, you can basically consider your Linux and most UNIX systems already compromised.
There is one problem in the patch, though. When run as non-root user, the contents of the submitted message are visible to other members of the group as well, at least for a short period of time before it is sent. But as long as message submission in based on a shared directory, I cannot really see a way around this. One secure solution would be to implement submission via a socket. If someone thinks that this kind of visibility is a bigger security problem than requiring escalated privileges for the script, he can keep running the script as root, in which case the updated script will still invoke chown instead of chgrp(1) and chmod(1).
BR,
Kaarle
diff -ru smstools3/scripts/sendsms smstools3.send-non-root/scripts/sendsms
--- smstools3/scripts/sendsms 2010-07-08 15:41:13.000000000 +0300
+++ smstools3.send-non-root/scripts/sendsms 2013-05-14 21:45:28.226386668 +0300
@@ -10,15 +10,14 @@
# If a destination is asked, you can type multiple numbers
# delimited with spaces.
-# Keys for example: "password" and "keke":
-# KEYS="5f4dcc3b5aa765d61d8327deb882cf99 4a5ea11b030ec1cfbc8b9947fdf2c872 "
+OUT_DIR=/var/spool/sms/outgoing
+SMSD_GID=`stat -c %g $OUT_DIR`
-KEYS=""
-
-# When creating keys, remember to use -n for echo:
-# echo -n "key" | md5sum
+if [ `id -u` -gt 0 ] && ! echo " `id -G` " | grep -q " $SMSD_GID "; then
+ echo "Permission denied"
+ exit 1
+fi
-smsd_user="smsd"
# Will need echo which accepts -n argument:
ECHO=echo
@@ -28,20 +27,6 @@
;;
esac
-if ! [ -z "$KEYS" ]; then
- printf "Key: "
- read KEY
- if [ -z "$KEY" ]; then
- echo "Key required, stopping."
- exit 1
- fi
- KEY=`$ECHO -n "$KEY" | md5sum | awk '{print $1;}'`
- if ! echo "$KEYS" | grep "$KEY" >/dev/null; then
- echo "Incorrect key, stopping."
- exit 1
- fi
-fi
-
DEST=$1
TEXT=$2
@@ -85,13 +70,6 @@
fi
fi
-owner=""
-if [ -f /etc/passwd ]; then
- if grep $smsd_user: /etc/passwd >/dev/null; then
- owner=$smsd_user
- fi
-fi
-
for destination in $destinations
do
echo "To: $destination"
@@ -107,10 +85,13 @@
$ECHO -n "$TEXT" | iconv -t UNICODEBIG >> $TMPFILE
fi
- if [ "x$owner" != x ]; then
- chown $owner $TMPFILE
+ if [ `id -u` -eq 0 ]; then
+ chown `stat -c %u $OUT_DIR` $TMPFILE
+ else
+ chgrp $SMSD_GID $TMPFILE
+ chmod g+r $TMPFILE
fi
- FILE=`mktemp /var/spool/sms/outgoing/send_XXXXXX`
+ FILE=`mktemp $OUT_DIR/send_XXXXXX`
mv $TMPFILE $FILE
done
|
