--- /dev/null
+// $Id: capchroot.c,v 1.1.4.2 2003/11/28 23:08:43 ensc Exp $
+
+// Copyright (C) 2003 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
+// based on capchroot.cc by Jacques Gelinas
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 2, or (at your option)
+// any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+/*
+ This chroot command does very little. Once the chroot
+ system call is executed, it (option) remove the CAP_SYS_CHROOT
+ capability. Then it executes its argument
+*/
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+#include "compat.h"
+
+#include <stdio.h>
+#include <string.h>
+#include <pwd.h>
+#include <grp.h>
+#include <errno.h>
+#include <unistd.h>
+#include <stdbool.h>
+#include <stdlib.h>
+
+#include "linuxcaps.h"
+#include "vserver.h"
+
+int main (int argc, char *argv[])
+{
+ if (argc < 3){
+ fprintf (stderr,"capchroot version %s\n",VERSION);
+ fprintf (stderr
+ ,"capchroot --nochroot directory [ --suid user ] command argument\n"
+ "\n"
+ "--nochroot remove the CAP_SYS_CHROOT capability\n"
+ " after the chroot system call.\n"
+ "--suid switch to a different user (in the vserver context)\n"
+ " before executing the command.\n");
+ }else{
+ const char *uid = NULL;
+ bool nochroot = false;
+ int dir;
+ for (dir=1; dir<argc; dir++){
+ const char *arg = argv[dir];
+ if (arg[0] != '-' && arg[1] != '-'){
+ break;
+ }else if (strcmp(arg,"--nochroot")==0){
+ nochroot = true;
+ }else if (strcmp(arg,"--suid")==0){
+ dir++;
+ uid = argv[dir];
+ }
+
+ }
+ // We resolve the UID before doing the chroot.
+ // If we do the getpwnam after the chroot, we will end
+ // up loading shared object from the vserver.
+ // This is causing two kind of problem: Incompatibilities
+ // and also a security flaw. The shared objects in the vserver
+ // may be tweaked to get control of the root server ...
+ getpwnam ("root");
+ if (chroot(argv[dir]) == -1){
+ fprintf (stderr,"Can't chroot to directory %s (%s)\n",argv[dir]
+ ,strerror(errno));
+ }else{
+ struct passwd *p = NULL;
+ int cmd = dir + 1;
+
+ if (nochroot){
+ vc_new_s_context (-2,1<<CAP_SYS_CHROOT,0);
+ }
+
+ if (uid != NULL && strcmp(uid,"root")!=0){
+ p = getpwnam(uid);
+ if (p == NULL){
+ fprintf (stderr,"User not found: %s\n",uid);
+ exit (-1);
+ }
+ }
+ if (p != NULL) {
+ setgroups (0,NULL);
+ setgid(p->pw_gid);
+ setuid(p->pw_uid);
+ }
+ if (cmd >= argc){
+ fprintf (stderr,"capchroot: No command to execute, do nothing\n");
+ }else{
+ execvp (argv[cmd],argv+cmd);
+ fprintf (stderr,"Can't execute %s (%s)\n",argv[cmd]
+ ,strerror(errno));
+ }
+ }
+ }
+ return -1;
+}
+
+