summaryrefslogtreecommitdiffstats
path: root/live/config/chroot_local-includes/usr
diff options
context:
space:
mode:
authorTails developers <amnesia@boum.org>2015-01-08 18:04:04 +0100
committerHolger Levsen <holger@layer-acht.org>2015-01-08 18:04:40 +0100
commitb65883d343910a81a96707ff4e32f333410ca0f9 (patch)
treebbbe27cd44cd565aab3674102fded7fb91378b22 /live/config/chroot_local-includes/usr
parenta5a75b59283f2c2fa574d3f868e9791ce7323f58 (diff)
downloadjenkins.debian.net-b65883d343910a81a96707ff4e32f333410ca0f9.tar.xz
files copied from https://git-tails.immerda.ch/tails/config - many thanks to the tails developers for their nice work and documentation of it
Diffstat (limited to 'live/config/chroot_local-includes/usr')
-rw-r--r--live/config/chroot_local-includes/usr/local/sbin/autotest_remote_shell.py71
1 files changed, 71 insertions, 0 deletions
diff --git a/live/config/chroot_local-includes/usr/local/sbin/autotest_remote_shell.py b/live/config/chroot_local-includes/usr/local/sbin/autotest_remote_shell.py
new file mode 100644
index 00000000..8778ddd1
--- /dev/null
+++ b/live/config/chroot_local-includes/usr/local/sbin/autotest_remote_shell.py
@@ -0,0 +1,71 @@
+#!/usr/bin/python
+
+# ATTENTION: Yes, this can be used as a backdoor, but only for an
+# adversary with access to you *physical* serial port, which means
+# that you are screwed any way.
+
+from subprocess import Popen, PIPE
+from sys import argv
+from json import dumps, loads
+from pwd import getpwnam
+from os import setgid, setuid, environ
+from glob import glob
+import serial
+
+def mk_switch_user_fn(uid, gid):
+ def switch_user():
+ setgid(gid)
+ setuid(uid)
+ return switch_user
+
+def run_cmd_as_user(cmd, user):
+ env = environ.copy()
+ pwd_user = getpwnam(user)
+ switch_user_fn = mk_switch_user_fn(pwd_user.pw_uid,
+ pwd_user.pw_gid)
+ env['USER'] = user
+ env['LOGNAME'] = user
+ env['USERNAME'] = user
+ env['HOME'] = pwd_user.pw_dir
+ env['MAIL'] = "/var/mail/" + user
+ env['PWD'] = env['HOME']
+ env['DISPLAY'] = ':0.0'
+ try:
+ env['XAUTHORITY'] = glob("/var/run/gdm3/auth-for-amnesia-*/database")[0]
+ except IndexError:
+ pass
+ cwd = env['HOME']
+ return Popen(cmd, stdout=PIPE, stderr=PIPE, shell=True, env=env, cwd=cwd,
+ preexec_fn=switch_user_fn)
+
+def main():
+ dev = argv[1]
+ port = serial.Serial(port = dev, baudrate = 4000000)
+ port.open()
+ while True:
+ try:
+ line = port.readline()
+ except Exception as e:
+ # port must be opened wrong, so we restart everything and pray
+ # that it works.
+ print str(e)
+ port.close()
+ return main()
+ try:
+ cmd_type, user, cmd = loads(line)
+ except Exception as e:
+ # We had a parse/pack error, so we just send a \0 as an ACK,
+ # releasing the client from blocking.
+ print str(e)
+ port.write("\0")
+ continue
+ p = run_cmd_as_user(cmd, user)
+ if cmd_type == "spawn":
+ returncode, stdout, stderr = 0, "", ""
+ else:
+ stdout, stderr = p.communicate()
+ returncode = p.returncode
+ port.write(dumps([returncode, stdout, stderr]) + "\0")
+
+if __name__ == "__main__":
+ main()