compartment (1.1.0-4) direct (non packaging) changes

Summary

 Makefile      |   16 +++++++++++-----
 compartment.1 |    7 +++++--
 compartment.c |   35 ++++++++++-------------------------
 3 files changed, 26 insertions(+), 32 deletions(-)

    
download this patch

Patch contents

--- compartment-1.1.0.orig/compartment.1
+++ compartment-1.1.0/compartment.1
@@ -12,7 +12,7 @@
 
 .SH DESCRIPTION
 The
-.I SuSE Secure Compartment 
+.I Secure Compartment 
 was designed to allow safe execution of priviliged and/or untrusted executables and services.
 It has got all features possible included, which can be used to minimize the risk of a trojanized or vulnerable program/service.
 
@@ -107,6 +107,9 @@
 an RPM file from the SuSE FTP servers. It can also be downloaded as a .tar.gz
 file from
 .I http://www.suse.de/~marc
+.PP
+It has been also part of the Debian GNU/Linux distribution since just
+after woody (Debian 3.0)
 
 .SH LICENCE
 .Sp
@@ -125,4 +128,4 @@
 .I chroot
 (1),
 .I chroot
-(2)
\ No newline at end of file
+(2)
--- compartment-1.1.0.orig/Makefile
+++ compartment-1.1.0/Makefile
@@ -1,24 +1,30 @@
 CC=gcc
 OPTS=-Wall -O2
-BIN_DIR=/usr/sbin
+PREFIX=/usr
+BIN_DIR=${PREFIX}/sbin
 BIN_LIST=compartment
-DOC_DIR=/usr/doc/packages/compartment
+DOC_DIR=${PREFIX}/doc/packages/compartment
 DOC_LIST=README LICENCE CHANGES TODO
-MAN_DIR=/usr/share/man/man1
+MAN_DIR=${PREFIX}/share/man/man1
 MAN_LIST=compartment.1
 
 all:	compartment
 
 compartment: compartment.c
 	${CC} ${OPTS} -o ${BIN_LIST} compartment.c
-	strip ${BIN_LIST}
+#	strip ${BIN_LIST}
 
 clean:
 	rm -f ${BIN_LIST} core *~
 
-install:	compartment
+install:	install-doc install-bin 
+
+install-bin: compartment
 	install -o root -g root -m 751 ${BIN_LIST} ${BIN_DIR}
+
+install-doc:
 	install -d -o root -g root -m 755 ${DOC_DIR}
 	install -o root -g root -m 644 ${DOC_LIST} ${DOC_DIR}
 	install -d -o root -g root -m 755 ${MAN_DIR}
 	install -o root -g root -m 644 ${MAN_LIST} ${MAN_DIR}
+
--- compartment-1.1.0.orig/compartment.c
+++ compartment-1.1.0/compartment.c
@@ -35,7 +35,7 @@
 #include <sys/time.h>
 #include <sys/resource.h>
 
-#define PROGRAM_NAME	"SuSE secure compartment"
+#define PROGRAM_NAME	"Secure compartment"
 #define VERSION		"v1.1"
 #define AUTHOR		"Marc Heuse <marc@suse.de>"
 #define POINTER		"http://www.suse.de/~marc"
@@ -43,16 +43,16 @@
 
 char *_env[] = { "HOME=/", "COMPARTMENT=YES", "PATH=/bin:/usr/bin:/", "" };
 
-int cap_set_no[29] = {
+int cap_set_no[28] = {
   CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH,CAP_FOWNER,CAP_FSETID,
-  CAP_FS_MASK,CAP_KILL,CAP_SETGID,CAP_SETUID,CAP_SETPCAP,CAP_LINUX_IMMUTABLE,
+  CAP_KILL,CAP_SETGID,CAP_SETUID,CAP_SETPCAP,CAP_LINUX_IMMUTABLE,
   CAP_NET_BIND_SERVICE,CAP_NET_BROADCAST,CAP_NET_ADMIN,CAP_NET_RAW,CAP_IPC_LOCK,
   CAP_IPC_OWNER,CAP_SYS_MODULE,CAP_SYS_RAWIO,CAP_SYS_CHROOT,CAP_SYS_PTRACE,
   CAP_SYS_PACCT,CAP_SYS_ADMIN,CAP_SYS_BOOT,CAP_SYS_NICE,CAP_SYS_RESOURCE,
   CAP_SYS_TIME,CAP_SYS_TTY_CONFIG, 0 };
-char cap_set_names[29][29] = {
+char cap_set_names[28][29] = {
   "CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_DAC_READ_SEARCH","CAP_FOWNER","CAP_FSETID",
-  "CAP_FS_MASK","CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP",
+  "CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP",
   "CAP_LINUX_IMMUTABLE","CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST",
   "CAP_NET_ADMIN","CAP_NET_RAW","CAP_IPC_LOCK","CAP_IPC_OWNER","CAP_SYS_MODULE",
   "CAP_SYS_RAWIO","CAP_SYS_CHROOT","CAP_SYS_PTRACE","CAP_SYS_PACCT",
@@ -74,18 +74,7 @@
 void help() {
     fprintf(stderr, "%s %s %s %s\n\n", PROGRAM_NAME, VERSION, AUTHOR, POINTER);
     fprintf(stderr, "Syntax: %s [options] /full/path/to/program\n", prg);
-    fprintf(stderr, "Options:
-\t --chroot path\t chroot to path
-\t --user user\t change uid to this user
-\t --group group\t change gid to this group
-\t --init program\t execute this program/script before doing anything
-\t --cap capset\t set capset name. This option can be used several times.
-\t --verbose\t be verbose
-\t --quiet\t do no logging (to syslog)
-\t --fork\t\t fork (if everything is fine)
-\nHints: always try to chroot; use --user&group if possible; chroot and chown all
-files to another user than root if you use capabilties. Read the README file!
-\nKnown capset names: none");
+    fprintf(stderr, "Options:\n\t --chroot path\t chroot to path\n\t --user user\t change uid to this user\n\t --group group\t change gid to this group\n\t --init program\t execute this program/script before doing anything\n\t --cap capset\t set capset name. This option can be used several times.\n\t --verbose\t be verbose\n\t --quiet\t do no logging (to syslog)\n\t --fork\t\t fork (if everything is fine)\n\nHints: always try to chroot; use --user&group if possible; chroot and chown all\nfiles to another user than root if you use capabilties. Read the README file!\n\nKnown capset names: none");
     tmp = 0;
     while(strlen(cap_set_names[tmp])>0)
         fprintf(stderr," %s",cap_set_names[tmp++]);
@@ -173,11 +162,11 @@
         help();
 
     my_secure();
-    openlog("SuSEcompartment", LOG_PID, LOG_DAEMON);
+    openlog("compartment", LOG_PID, LOG_DAEMON);
     if (sizeof(uid_t) == 4) {
-        (unsigned long int) uidrange = 65535;
+        uidrange = 65535;
     } else { if (sizeof(uid_t) == 8) {
-        (unsigned long int) uidrange = (unsigned long int) 2147483646; //4294967295;
+        uidrange = (unsigned long int) 2147483646; //4294967295;
      } else
         fprintf(stderr, "Warning: weird uid size: %d\n", sizeof(uid_t));
     }
@@ -418,11 +407,7 @@
 	    if (access(_argv[0], X_OK) < 0)
 		print_msg("Execute bit missing, or no permissions to execute %s\n", _argv[0]);
 	    else
-	        print_msg("Could not properly execute %s - the chroot environment might not be
-set up correctly:
-Create the directories /etc and /lib in chroot_dir and run \"ldd %s\"
-to see which libraries are needed. Copy these to chroot_dir/lib, then chdir to
-chroot_dir and execute \"ldconfig -X -r .\"\n", _argv[0], _argv[0]);
+	        print_msg("Could not properly execute %s - the chroot environment might not be\nset up correctly:\nCreate the directories /etc and /lib in chroot_dir and run \"ldd %s\"\nto see which libraries are needed. Copy these to chroot_dir/lib, then chdir to\nchroot_dir and execute \"ldconfig -X -r .\"\n", _argv[0], _argv[0]);
     }
 
     return 1;