+++ /dev/null
-// $Id: capchroot.c 2403 2006-11-24 23:06:08Z dhozac $
-
-// Copyright (C) 2003 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
-// based on capchroot.cc by Jacques Gelinas
-//
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; either version 2, or (at your option)
-// any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-/*
- This chroot command does very little. Once the chroot
- system call is executed, it (option) remove the CAP_SYS_CHROOT
- capability. Then it executes its argument
-*/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include "vserver.h"
-#include "util.h"
-
-#include <stdio.h>
-#include <string.h>
-#include <pwd.h>
-#include <grp.h>
-#include <errno.h>
-#include <unistd.h>
-#include <stdbool.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <libgen.h>
-
-#define ENSC_WRAPPERS_PREFIX "capchroot: "
-#define ENSC_WRAPPERS_UNISTD 1
-#define ENSC_WRAPPERS_VSERVER 1
-#include <wrappers.h>
-
-#define CMD_HELP 0x1000
-#define CMD_VERSION 0x1001
-#define CMD_NOCHROOT 0x2000
-#define CMD_SUID 0x2001
-
-int wrapper_exit_code = 255;
-
-static struct option const
-CMDLINE_OPTIONS[] = {
- { "help", no_argument, 0, CMD_HELP },
- { "version", no_argument, 0, CMD_VERSION },
- { "nochroot", no_argument, 0, CMD_NOCHROOT },
- { "suid", required_argument, 0, CMD_SUID },
- {0,0,0,0}
-};
-
-static void
-showHelp(int fd, char const *cmd, int res)
-{
- VSERVER_DECLARE_CMD(cmd);
-
-#if !defined(VC_ENABLE_API_COMPAT) && !defined(VC_ENABLE_API_LEGACY)
- WRITE_MSG(1, "ERROR: tools were built without legacy API support; capchroot will not work!\n\n");
-#endif
-
- WRITE_MSG(fd, "Usage: ");
- WRITE_STR(fd, cmd);
- WRITE_MSG(fd,
- " --nochroot [--suid <user>] [--] <directory> <command> <args>*\n"
- "\n"
- "Options:\n"
- " --nochroot ... remove the CAP_SYS_CHROOT capability\n"
- " after the chroot system call.\n"
- " --suid <user> ... switch to a different user (in the vserver\n"
- " context) before executing the command.\n"
- "\n"
- "Please report bugs to " PACKAGE_BUGREPORT "\n");
- exit(res);
-}
-
-static void
-showVersion()
-{
- WRITE_MSG(1,
- "capchroot " VERSION " -- a capability aware chroot\n"
- "This program is part of " PACKAGE_STRING "\n\n"
- "Copyright (C) 2004 Enrico Scholz\n"
- VERSION_COPYRIGHT_DISCLAIMER);
- exit(0);
-}
-
-static UNUSED void
-setUser(char const *user)
-{
- struct passwd *p = 0;
- if (user!=0 && strcmp(user, "root")!=0 && strcmp(user, "0")!=0) {
- errno = 0;
- p = getpwnam(user);
- if (p==0) {
- if (errno==0) errno = ENOENT;
- PERROR_Q(ENSC_WRAPPERS_PREFIX "getpwnam", user);
- exit(wrapper_exit_code);
- }
- }
-
- if (p!=0) {
- Esetgroups(1, &p->pw_gid);
- Esetgid(p->pw_gid);
- Esetuid(p->pw_uid);
-
- if (getuid()!=p->pw_uid || getgid()!=p->pw_gid) {
- WRITE_MSG(2, ENSC_WRAPPERS_PREFIX "Something went wrong while changing uid; expected uid/gid do not match the actual one\n");
- exit(wrapper_exit_code);
- }
- }
-}
-
-int main (int argc, char *argv[])
-{
- bool nochroot = false;
- char const * suid_user = 0;
-
- while (1) {
- int c = getopt_long(argc, argv, "+", CMDLINE_OPTIONS, 0);
- if (c==-1) break;
-
- switch (c) {
- case CMD_HELP : showHelp(1, argv[0], 0);
- case CMD_VERSION : showVersion();
- case CMD_NOCHROOT : nochroot = true; break;
- case CMD_SUID : suid_user = optarg; break;
- default :
- WRITE_MSG(2, "Try '");
- WRITE_STR(2, argv[0]);
- WRITE_MSG(2, " --help' for more information.\n");
- return EXIT_FAILURE;
- break;
- }
- }
-
-#if defined(VC_ENABLE_API_COMPAT) || defined(VC_ENABLE_API_LEGACY)
- if (optind==argc)
- WRITE_MSG(2, "No directory specified; try '--help' for more information\n");
- else if (optind+1==argc)
- WRITE_MSG(2, "No command specified; try '--help' for more information\n");
- else {
- // We resolve the UID before doing the chroot.
- // If we do the getpwnam after the chroot, we will end
- // up loading shared object from the vserver.
- // This is causing two kind of problem: Incompatibilities
- // and also a security flaw. The shared objects in the vserver
- // may be tweaked to get control of the root server ...
- getpwnam("root");
- Echroot(argv[optind]);
- if (nochroot)
- Evc_new_s_context(VC_SAMECTX, 1<<VC_CAP_SYS_CHROOT,0);
- setUser(suid_user);
- EexecvpD(argv[optind+1], argv+optind+1);
- }
-#else
- WRITE_MSG(2, "capchroot: tools were built without legacy API support; can not continue\n");
-#endif
-
- return EXIT_FAILURE;
-}