ostbuild: ostbuild-user-chroot: New Linux-specific utility for safe chroots
This commit is contained in:
Colin Walters
parent
f812720fc6
commit
7093ed4c57
|
|
@ -0,0 +1,92 @@
|
||||||
|
/* -*- mode: c; tab-width: 2; indent-tabs-mode: nil -*-
|
||||||
|
*
|
||||||
|
* user-chroot: A setuid program that allows non-root users to safely chroot(2)
|
||||||
|
*
|
||||||
|
* Copyright 2011 Colin Walters <walters@verbum.org>
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 2 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it would be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
*
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#define _GNU_SOURCE
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/prctl.h>
|
||||||
|
#include <linux/securebits.h>
|
||||||
|
|
||||||
|
static void
|
||||||
|
fatal_errno (const char *message) __attribute__ ((noreturn));
|
||||||
|
|
||||||
|
static void
|
||||||
|
fatal_errno (const char *message)
|
||||||
|
{
|
||||||
|
perror (message);
|
||||||
|
exit (1);
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
main (int argc,
|
||||||
|
char **argv)
|
||||||
|
{
|
||||||
|
const char *chroot_dir;
|
||||||
|
const char *program;
|
||||||
|
uid_t ruid, euid, suid;
|
||||||
|
gid_t rgid, egid, sgid;
|
||||||
|
|
||||||
|
if (argc < 3)
|
||||||
|
{
|
||||||
|
fprintf (stderr, "usage: %s DIR PROGRAM ARGS...\n", argv[0]);
|
||||||
|
exit (1);
|
||||||
|
}
|
||||||
|
chroot_dir = argv[1];
|
||||||
|
program = argv[2];
|
||||||
|
|
||||||
|
if (getresgid (&rgid, &egid, &sgid) < 0)
|
||||||
|
fatal_errno ("getresgid");
|
||||||
|
if (getresuid (&ruid, &euid, &suid) < 0)
|
||||||
|
fatal_errno ("getresuid");
|
||||||
|
|
||||||
|
if (ruid == 0)
|
||||||
|
{
|
||||||
|
fprintf (stderr, "error: ruid is 0\n");
|
||||||
|
exit (1);
|
||||||
|
}
|
||||||
|
if (rgid == 0)
|
||||||
|
rgid = ruid;
|
||||||
|
|
||||||
|
/* Ensure we can't execute setuid programs - see prctl(2) and capabilities(7) */
|
||||||
|
if (prctl (PR_SET_SECUREBITS,
|
||||||
|
SECBIT_NOROOT | SECBIT_NOROOT_LOCKED) < 0)
|
||||||
|
fatal_errno ("prctl");
|
||||||
|
|
||||||
|
if (chroot (chroot_dir) < 0)
|
||||||
|
fatal_errno ("chroot");
|
||||||
|
if (chdir ("/") < 0)
|
||||||
|
fatal_errno ("chdir");
|
||||||
|
|
||||||
|
/* These are irrevocable - see setuid(2) */
|
||||||
|
if (setgid (rgid) < 0)
|
||||||
|
fatal_errno ("setgid");
|
||||||
|
if (setuid (ruid) < 0)
|
||||||
|
fatal_errno ("setuid");
|
||||||
|
|
||||||
|
if (execv (program, argv + 2) < 0)
|
||||||
|
fatal_errno ("execv");
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue