aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDuncaen <mail@duncano.de>2017-05-25 01:26:17 +0200
committerDuncaen <mail@duncano.de>2017-05-25 01:26:17 +0200
commit32d200ea3ef5644890fe9db306c6a4a5cead8873 (patch)
treec58f252477f6409f84a6e1cf0d85798ae65e72ee
parent047e9d0def1d85c3591c62e5d5a1a8cb77ac9d9f (diff)
downloadlobase-32d200ea3ef5644890fe9db306c6a4a5cead8873.tar.gz
usr.sbin/chroot: import
-rw-r--r--usr.sbin/Makefile2
-rw-r--r--usr.sbin/chroot/Makefile9
-rw-r--r--usr.sbin/chroot/chroot.8114
-rw-r--r--usr.sbin/chroot/chroot.c169
4 files changed, 293 insertions, 1 deletions
diff --git a/usr.sbin/Makefile b/usr.sbin/Makefile
index e1feaaa..e4ef22a 100644
--- a/usr.sbin/Makefile
+++ b/usr.sbin/Makefile
@@ -1,3 +1,3 @@
TOPDIR?=..
-SUBDIR= mtree rdate
+SUBDIR= chroot mtree rdate
include ${.TOPDIR}/mk/bsd.subdir.mk
diff --git a/usr.sbin/chroot/Makefile b/usr.sbin/chroot/Makefile
new file mode 100644
index 0000000..69dfe1c
--- /dev/null
+++ b/usr.sbin/chroot/Makefile
@@ -0,0 +1,9 @@
+# $OpenBSD: Makefile,v 1.3 1997/09/21 11:43:30 deraadt Exp $
+
+.TOPDIR?=../..
+
+PROG= chroot
+MAN= chroot.8
+LDSTATIC= ${STATIC}
+
+include ${.TOPDIR}/mk/bsd.prog.mk
diff --git a/usr.sbin/chroot/chroot.8 b/usr.sbin/chroot/chroot.8
new file mode 100644
index 0000000..6bf4cbb
--- /dev/null
+++ b/usr.sbin/chroot/chroot.8
@@ -0,0 +1,114 @@
+.\" $OpenBSD: chroot.8,v 1.16 2015/09/12 15:52:37 schwarze Exp $
+.\"
+.\" Copyright (c) 1988, 1991, 1993
+.\" The Regents of the University of California. All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" from: @(#)chroot.8 8.1 (Berkeley) 6/9/93
+.\"
+.Dd $Mdocdate: September 12 2015 $
+.Dt CHROOT 8
+.Os
+.Sh NAME
+.Nm chroot
+.Nd change root directory
+.Sh SYNOPSIS
+.Nm chroot
+.Op Fl g Ar group Ns Op Pf , Ar group Ns Op Pf , Ar ...
+.Op Fl u Ar user
+.Ar newroot
+.Op Ar command
+.Sh DESCRIPTION
+The
+.Nm
+command changes its root directory to the supplied directory
+.Ar newroot
+and executes
+.Ar command ,
+if supplied, or an interactive copy of the user's shell.
+.Pp
+The
+.Nm
+command is restricted to the superuser.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl g Ar group Ns Op Pf , Ar group Ns Op Pf , Ar ...
+Override the primary and supplemental group IDs.
+The primary group ID is set to the first group in the list.
+Any remaining groups are placed in the supplemental group ID vector.
+Each group listed must exist in the
+.Xr group 5
+databases.
+.It Fl u Ar user
+Set user ID to
+.Ar user
+(which must exist in the
+.Xr passwd 5
+database).
+The primary and supplemental group IDs will be set based on the user's
+entries in the
+.Xr passwd 5
+and
+.Xr group 5
+databases unless overridden by the
+.Fl g
+option.
+Additional settings may be applied as specified in
+.Xr login.conf 5
+depending on
+.Ar user Ns 's
+login class.
+.El
+.Sh ENVIRONMENT
+.Bl -tag -width SHELL
+.It Ev SHELL
+If set,
+the string specified by
+.Ev SHELL
+is interpreted as the name of
+the shell to execute.
+If the variable
+.Ev SHELL
+is not set,
+.Pa /bin/sh
+is used.
+.El
+.Sh SEE ALSO
+.Xr ldd 1 ,
+.Xr group 5 ,
+.Xr login.conf 5 ,
+.Xr passwd 5 ,
+.Xr environ 7
+.Sh HISTORY
+The
+.Nm
+utility first appeared in
+.Bx 4.3 Reno .
+.Sh CAVEATS
+.Nm
+should never be installed setuid root, as it would then be possible
+to exploit the program to gain root privileges.
diff --git a/usr.sbin/chroot/chroot.c b/usr.sbin/chroot/chroot.c
new file mode 100644
index 0000000..8825f0d
--- /dev/null
+++ b/usr.sbin/chroot/chroot.c
@@ -0,0 +1,169 @@
+/* $OpenBSD: chroot.c,v 1.14 2015/05/19 16:05:12 millert Exp $ */
+
+/*
+ * Copyright (c) 1988, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <ctype.h>
+#include <err.h>
+#include <errno.h>
+#include <grp.h>
+#include <limits.h>
+#ifdef __OpenBSD__
+#include <login_cap.h>
+#endif
+#include <paths.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+int main(int, char **);
+__dead void usage(void);
+
+int
+main(int argc, char **argv)
+{
+ struct group *grp;
+ struct passwd *pwd;
+#ifdef __OpenBSD__
+ login_cap_t *lc;
+#endif
+ const char *shell;
+ char *user, *group, *grouplist;
+ gid_t gidlist[NGROUPS_MAX];
+ int ch, ngids;
+#ifdef __OpenBSD__
+ int flags = LOGIN_SETALL & ~(LOGIN_SETLOGIN|LOGIN_SETUSER);
+
+ lc = NULL;
+#endif
+ ngids = 0;
+ pwd = NULL;
+ user = grouplist = NULL;
+ while ((ch = getopt(argc, argv, "g:u:")) != -1) {
+ switch(ch) {
+ case 'u':
+ user = optarg;
+ if (*user == '\0')
+ usage();
+ break;
+ case 'g':
+ grouplist = optarg;
+ if (*grouplist == '\0')
+ usage();
+ break;
+ default:
+ usage();
+ }
+ }
+ argc -= optind;
+ argv += optind;
+
+ if (argc < 1)
+ usage();
+
+ if (user != NULL) {
+ if ((pwd = getpwnam(user)) == NULL)
+ errx(1, "no such user `%s'", user);
+#ifdef __OpenBSD__
+ if ((lc = login_getclass(pwd->pw_class)) == NULL)
+ err(1, "unable to get login class for `%s'", user);
+#endif
+ }
+
+ while ((group = strsep(&grouplist, ",")) != NULL) {
+ if (*group == '\0')
+ continue;
+
+ if (ngids == NGROUPS_MAX)
+ errx(1, "too many supplementary groups provided");
+ if ((grp = getgrnam(group)) == NULL)
+ errx(1, "no such group `%s'", group);
+ gidlist[ngids++] = grp->gr_gid;
+ }
+
+ if (ngids != 0) {
+ if (setgid(gidlist[0]) != 0)
+ err(1, "setgid");
+ if (setgroups(ngids, gidlist) != 0)
+ err(1, "setgroups");
+#ifdef __OpenBSD__
+ flags &= ~LOGIN_SETGROUP;
+#endif
+ }
+#ifdef __OpenBSD__
+ if (lc != NULL) {
+ if (setusercontext(lc, pwd, pwd->pw_uid, flags) == -1)
+ err(1, "setusercontext");
+ }
+#else
+ if (pwd != NULL) {
+ if (setresgid(pwd->pw_gid, pwd->pw_gid, pwd->pw_gid) != 0)
+ errx(1, "setresgid");
+ if (initgroups(pwd->pw_name, pwd->pw_gid) != 0)
+ errx(1, "initgroups");
+ }
+#endif
+
+ if (chroot(argv[0]) != 0 || chdir("/") != 0)
+ err(1, "%s", argv[0]);
+
+ if (pwd != NULL) {
+#ifndef __linux__
+ /* only set login name if we are/can be a session leader */
+ if (getsid(0) == getpid() || setsid() != -1)
+ setlogin(pwd->pw_name);
+#endif
+ if (setuid(pwd->pw_uid) != 0)
+ err(1, "setuid");
+ }
+
+ if (argv[1]) {
+ execvp(argv[1], &argv[1]);
+ err(1, "%s", argv[1]);
+ }
+
+ if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
+ shell = _PATH_BSHELL;
+ execlp(shell, shell, "-i", (char *)NULL);
+ err(1, "%s", shell);
+ /* NOTREACHED */
+}
+
+__dead void
+usage(void)
+{
+ extern char *__progname;
+
+ (void)fprintf(stderr, "usage: %s [-g group,group,...] [-u user] "
+ "newroot [command]\n", __progname);
+ exit(1);
+}