1 /* Suid wrapper for the vserver shell script. This code checks and ensures
2 that it may only be called by /usr/sbin/vsh. All safety checks need to be implemented
11 typedef enum CREDS { CREDS_OK, CREDS_BAD, CREDS_ERR } creds_t;
13 /* Ensure that the pid corresponds to the vsh executable, which
14 * transfers users from root to slice context. */
16 #define VSH_PATH "/usr/sbin/vsh"
21 creds_t get_pid_creds(int pid) {
22 char exe_link_path[PATH_MAX], exe_path[PATH_MAX];
23 snprintf(exe_link_path,PATH_MAX - 1, "/proc/%d/exe", pid);
24 if (readlink(exe_link_path, exe_path, PATH_MAX-1) == -1)
26 else if (strncmp(exe_path, VSH_PATH, sizeof(VSH_PATH)) != 0)
32 #define VSERVER_PATH "/usr/sbin/vserver"
34 int main(int argc, char **argv, char **environment)
36 environment = (char **) NULL;
44 caller_creds = get_pid_creds(ppid);
46 if (caller_creds == CREDS_BAD) {
50 else if (caller_creds == CREDS_ERR)
53 if (setuid(geteuid()))
56 system(VSERVER_PATH, argv, environment);
61 printf("%s\n", strerror(errno));