Remove setuid root binary /usr/sbin/zypp-refresh-wrapper (bnc#724832)

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 81b774d..0ae2132 100644 (file)
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -118,13 +118,6 @@ INSTALL(
   RUNTIME DESTINATION ${INSTALL_PREFIX}/sbin
 )
 
-ADD_EXECUTABLE( zypp-refresh-wrapper zypp-refresh-wrapper.c )
-TARGET_LINK_LIBRARIES( zypp-refresh-wrapper ${ZYPP_LIBRARY} )
-INSTALL(
-  TARGETS zypp-refresh-wrapper
-  RUNTIME DESTINATION ${INSTALL_PREFIX}/sbin
-)
-
 # bash completion script
 INSTALL(
   FILES bash-completion.sh
@@ -133,7 +126,7 @@ INSTALL(
 )
 
 
-# installation_sources script 
+# installation_sources script
 INSTALL(
   PROGRAMS installation_sources
   DESTINATION ${INSTALL_PREFIX}/bin

diff --git a/src/zypp-refresh-wrapper.c b/src/zypp-refresh-wrapper.c
deleted file mode 100644 (file)
index e2465f9..0000000
--- a/src/zypp-refresh-wrapper.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/* A setuid-root wrapper for zypp-refresh utility */
-
-/* setgid, umask and open */
-#include <sys/stat.h>
-#include <grp.h>
-#include <fcntl.h>
-/* clearenv */
-#include <stdlib.h>
-/* chdir, execl, setuid, exit */
-#include <unistd.h>
-/* perror */
-#include <stdio.h>
-
-#define WRAPPER_ERROR 101
-
-const char *app = "/usr/sbin/zypp-refresh";
-/* const char *arg1 = ""; */
-
-char *lang = NULL;
-
-int main (void)
-{
-  /* see http://rechner.lst.de/~okir/blackhats/node41.html */
-  while (1)
-  {
-    int fd = open("/dev/null", O_RDWR);
-    if (fd < 0)
-        return WRAPPER_ERROR;
-    if (fd > 2) {
-        close(fd);
-        break;
-    }
-  }
-
-  /* see http://rechner.lst.de/~okir/blackhats/node35.html */
-  int fd = getdtablesize();
-  while (--fd > 2)
-      close(fd);
-
-  /* cd / to avoid NFS problems */
-  if (chdir ("/"))
-  {
-    perror ("chdir");
-    return WRAPPER_ERROR;
-  }
-
-  /* save language */
-  lang = getenv("LANG");
-
-  /* do not look at argv... done */
-  /* clear environment */
-  if (clearenv ())
-  {
-    fprintf (stderr, "clearenv failed\n");
-    return WRAPPER_ERROR;
-  }
-
-
-  /* set minimal environment... done */
-  /* prevent the user from sending signals */
-
-  if (initgroups("root", 0) != 0 || setgid (0) != 0)
-  {
-    fprintf (stdout,
-        "Unable to refresh repositories because /usr/sbin/zypp-refresh-wrapper"
-        " helper programm is not set SUID root.\n"
-        "This problem might be solved by setting 'File Permissons' in YaST"
-        " 'Local Security' tab to 'easy' or by modifying"
-        " /etc/permissions.local\n");
-    return WRAPPER_ERROR;
-  }
-
-  if (setuid (0) != 0)
-  {
-    // perror ("setuid");
-    // Forgot to chmod this program?
-    fprintf (stdout,
-        "Unable to refresh repositories because /usr/sbin/zypp-refresh-wrapper"
-        " helper programm is not set SUID root.\n"
-        "This problem might be solved by setting 'File Permissons' in YaST"
-        " 'Local Security' tab to 'easy' or by modifying"
-        " /etc/permissions.local\n");
-    return WRAPPER_ERROR;
-  }
-
-  umask(0022);
-
-  /* set language */
-  if (lang != NULL)
-    setenv("LANG", lang, 1);
-
-  /* execute the real application */
-  execl (app, app, (char *) NULL);
-
-  /* if we are still here, it has failed */
-  perror ("execl");
-  return WRAPPER_ERROR;
-}

diff --git a/zypper.spec.cmake b/zypper.spec.cmake
index c07bb0f..dbbd705 100644 (file)
--- a/zypper.spec.cmake
+++ b/zypper.spec.cmake
@@ -136,10 +136,6 @@ touch $RPM_BUILD_ROOT%{_var}/log/zypper.log
 %post
 %run_permissions
 
-%verifyscript
-%verify_permissions -e %{_sbindir}/zypp-refresh-wrapper
-%endif
-
 %clean
 rm -rf "$RPM_BUILD_ROOT"
 
@@ -152,7 +148,6 @@ rm -rf "$RPM_BUILD_ROOT"
 %{_bindir}/zypper
 %{_bindir}/installation_sources
 %{_sbindir}/zypp-refresh
-%verify(not mode) %attr (755,root,root) %{_sbindir}/zypp-refresh-wrapper
 %dir %{_datadir}/zypper
 %{_datadir}/zypper/zypper.aug
 %dir %{_datadir}/zypper/xml