1BSD/s6/public.c

#
/*
 * public - make a file available to the world
 *
 * Author: Chuck Haley
 *
 * Yet another setuserid security problem!
 */
#define PUBLICID 8
char	buf[512];
main(argc, argv)
char	*argv[];
{
	char *c, *cp, *c1;
	int out;
	int stbuf[18];
	int i, j, k, pf;
	int file;

	if (argc == 1)
	{
		printf("usage: public file1 file2 ... filen\n");
		exit(0);
	}

	pf = open("/usr/adm/publog", 1);
	seek(pf, 0, 2);
	while (--argc)
	{
		c = *++argv;
		if (access(c, 4) < 0)
		{
			printf("%s: cannot read!!!\n", c);
			continue;
		}
		if (stat(c, stbuf) < 0)
		{
			printf("%s: cannot stat\n", c);
			continue;
		}
		if ((stbuf[2] & 060000))
		{
			printf("%s: ", c);
			if ((stbuf[2] & 060000) == 040000)
				printf("directory\n");
			else
				printf("special file\n");
			continue;
		}
		if ((stbuf[2] & 5) == 0)
		{
			printf("%s: neither read nor execute access for others\n", c);
			continue;
		}
		cp = c - 1;
		while (*c)
			if (*c == '/')
				cp = c++;
			else c++;
		c = c1 = "/usr/public/xxxxxxxxxxxxxxx";
		c =+ 12;
		cp++;
		while (*c++ = *cp++);
		if ((i = open(c1, 0)) >= 0)
		{
			printf("%s: file already exists\n", c1);
			continue;
		}
		close(i);
		file = open(*argv, 0);
		out = creat(c1, stbuf[2] & 0777);
		chown(c1, PUBLICID);
		while ((i = read(file, buf, 512)) > 0)
			write(out, buf, i);
		close(1);
		dup(pf);
		printf("%d,%d\t%s\n", getuid() & 0377, (getuid() >> 8) & 0377, c1);
		close(1);
		dup(2);
	}
}