blob: 4a7660f45ce34ee80291620303e39e7ae8d29898 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
/*++
/* NAME
/* chroot_uid 3
/* SUMMARY
/* limit possible damage a process can do
/* SYNOPSIS
/* #include <chroot_uid.h>
/*
/* void chroot_uid(root_dir, user_name)
/* const char *root_dir;
/* const char *user_name;
/* DESCRIPTION
/* \fBchroot_uid\fR changes the process root to \fIroot_dir\fR and
/* changes process privileges to those of \fIuser_name\fR.
/* DIAGNOSTICS
/* System call errors are reported via the msg(3) interface.
/* All errors are fatal.
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
/* System library. */
#include <sys_defs.h>
#include <pwd.h>
#include <unistd.h>
#include <grp.h>
/* Utility library. */
#include "msg.h"
#include "chroot_uid.h"
/* chroot_uid - restrict the damage that this program can do */
void chroot_uid(const char *root_dir, const char *user_name)
{
struct passwd *pwd;
uid_t uid;
gid_t gid;
/*
* Look up the uid/gid before entering the jail, and save them so they
* can't be clobbered. Set up the primary and secondary groups.
*/
if (user_name != 0) {
if ((pwd = getpwnam(user_name)) == 0)
msg_fatal("unknown user: %s", user_name);
uid = pwd->pw_uid;
gid = pwd->pw_gid;
if (setgid(gid) < 0)
msg_fatal("setgid(%ld): %m", (long) gid);
if (initgroups(user_name, gid) < 0)
msg_fatal("initgroups: %m");
}
/*
* Enter the jail.
*/
if (root_dir) {
if (chroot(root_dir))
msg_fatal("chroot(%s): %m", root_dir);
if (chdir("/"))
msg_fatal("chdir(/): %m");
}
/*
* Drop the user privileges.
*/
if (user_name != 0)
if (setuid(uid) < 0)
msg_fatal("setuid(%ld): %m", (long) uid);
/*
* Give the desperate developer a clue of what is happening.
*/
if (msg_verbose > 1)
msg_info("chroot %s user %s",
root_dir ? root_dir : "(none)",
user_name ? user_name : "(none)");
}
|
