Hi,
I run cu(1) as ssh forced command for other users on my machine.
This allows them to reach the serial port of their machines over mine.
To prevent them of doing filesystem operations or further command
executions I implement this diff.
The diff adds the option -k (for kiosk mode) to cu(1) and reduces the
pledge string from "stdio rpath wpath cpath getpw proc exec tty" to
"stdio tty". If a user still tries to type a forbidden command, he gets
a warning message.
I successfully tested all escape command with and without the -k option.
Bye,
Jan
Index: command.c
===================================================================
RCS file: /cvs/src/usr.bin/cu/command.c,v
retrieving revision 1.15
diff -u -p -r1.15 command.c
--- command.c 5 Oct 2015 23:15:31 -0000 1.15
+++ command.c 1 Dec 2017 22:10:17 -0000
@@ -233,6 +233,10 @@ do_command(char c)
set_termios();
break;
case 'C':
+ if (k_flag) {
+ cu_warnx("~C command is not allowed in kiosk mode");
+ break;
+ }
connect_command();
break;
case 'D':
@@ -241,18 +245,34 @@ do_command(char c)
ioctl(line_fd, TIOCSDTR, NULL);
break;
case 'R':
+ if (k_flag) {
+ cu_warnx("~R command is not allowed in kiosk mode");
+ break;
+ }
start_record();
break;
case 'S':
set_speed();
break;
case 'X':
+ if (k_flag) {
+ cu_warnx("~X command is not allowed in kiosk mode");
+ break;
+ }
send_xmodem();
break;
case '$':
+ if (k_flag) {
+ cu_warnx("~$ command is not allowed in kiosk mode");
+ break;
+ }
pipe_command();
break;
case '>':
+ if (k_flag) {
+ cu_warnx("~> command is not allowed in kiosk mode");
+ break;
+ }
send_file();
break;
case '#':
Index: cu.1
===================================================================
RCS file: /cvs/src/usr.bin/cu/cu.1,v
retrieving revision 1.15
diff -u -p -r1.15 cu.1
--- cu.1 18 May 2015 09:35:05 -0000 1.15
+++ cu.1 1 Dec 2017 22:36:32 -0000
@@ -35,7 +35,7 @@
.Nd serial terminal emulator
.Sh SYNOPSIS
.Nm
-.Op Fl d
+.Op Fl dk
.Op Fl l Ar line
.Op Fl s Ar speed | Fl Ar speed
.Nm
@@ -55,6 +55,11 @@ The options are as follows:
Specify that the line is directly connected and
.Nm
should not allow the driver to block waiting for a carrier to be detected.
+.It Fl k
+Starts
+.Nm
+in kiosk mode.
+This prevents all local filesystem operations and command executions.
.It Fl l Ar line
Specify the line to use.
Either of the forms like
@@ -114,6 +119,7 @@ process to the remote host.
The command string sent to the local
.Ux
system is processed by the shell.
+This command is not allowed in kiosk mode.
.It Ic ~#
Send a
.Dv BREAK
@@ -132,16 +138,21 @@ file descriptors:
1 \*(Lt-\*(Gt remote tty out
2 \*(Lt-\*(Gt local tty stderr
.Ed
+.Pp
+This command is not allowed in kiosk mode.
.It Ic ~D
Deassert the data terminal ready (DTR) line briefly.
+This command is not allowed in kiosk mode.
.It Ic ~R
Record all output from the remote system to a file.
If the given file already exists, it is appended to.
If no file is specified, any existing recording is stopped.
+This command is not allowed in kiosk mode.
.It Ic ~S
Change the speed of the connection.
.It Ic ~X
Send a file with the XMODEM protocol.
+This command is not allowed in kiosk mode.
.It Ic ~?
Get a summary of the tilde escapes.
.El
Index: cu.c
===================================================================
RCS file: /cvs/src/usr.bin/cu/cu.c,v
retrieving revision 1.25
diff -u -p -r1.25 cu.c
--- cu.c 22 Aug 2017 16:32:37 -0000 1.25
+++ cu.c 1 Dec 2017 23:02:23 -0000
@@ -42,6 +42,7 @@ struct termios saved_tio;
struct bufferevent *input_ev;
struct bufferevent *output_ev;
int is_direct = -1;
+int k_flag = 0;
const char *line_path = NULL;
int line_speed = -1;
int line_fd;
@@ -66,7 +67,7 @@ void try_remote(const char *, const cha
__dead void
usage(void)
{
- fprintf(stderr, "usage: %s [-d] [-l line] [-s speed | -speed]\n",
+ fprintf(stderr, "usage: %s [-dk] [-l line] [-s speed | -speed]\n",
__progname);
fprintf(stderr, " %s [host]\n", __progname);
exit(1);
@@ -100,11 +101,16 @@ main(int argc, char **argv)
errx(1, "speed asprintf");
}
- while ((opt = getopt(argc, argv, "dl:s:")) != -1) {
+ while ((opt = getopt(argc, argv, "dkl:s:")) != -1) {
switch (opt) {
case 'd':
is_direct = 1;
break;
+ case 'k':
+ if (pledge("stdio rpath wpath tty", NULL) == -1)
+ err(1, "pledge");
+ k_flag = 1;
+ break;
case 'l':
line_path = optarg;
break;
@@ -162,6 +168,8 @@ main(int argc, char **argv)
line_fd = open(line_path, flags);
if (line_fd < 0)
err(1, "open(\"%s\")", line_path);
+ if (k_flag && pledge("stdio tty", NULL) == -1)
+ err(1, "pledge");
if (!isatty(line_fd))
err(1, "%s", line_path);
if (ioctl(line_fd, TIOCEXCL) != 0)
Index: cu.h
===================================================================
RCS file: /cvs/src/usr.bin/cu/cu.h,v
retrieving revision 1.7
diff -u -p -r1.7 cu.h
--- cu.h 5 Oct 2015 23:15:31 -0000 1.7
+++ cu.h 1 Dec 2017 22:00:52 -0000
@@ -23,6 +23,7 @@
void do_command(char);
/* cu.c */
+extern int k_flag;
extern FILE *record_file;
extern struct termios saved_tio;
extern int line_fd;
