diff options
Diffstat (limited to 'usr.sbin/chroot')
| -rw-r--r-- | usr.sbin/chroot/Makefile | 7 | ||||
| -rw-r--r-- | usr.sbin/chroot/Makefile.depend | 18 | ||||
| -rw-r--r-- | usr.sbin/chroot/chroot.8 | 94 | ||||
| -rw-r--r-- | usr.sbin/chroot/chroot.c | 182 |
4 files changed, 301 insertions, 0 deletions
diff --git a/usr.sbin/chroot/Makefile b/usr.sbin/chroot/Makefile new file mode 100644 index 0000000..652de79 --- /dev/null +++ b/usr.sbin/chroot/Makefile @@ -0,0 +1,7 @@ +# @(#)Makefile 8.1 (Berkeley) 6/6/93 +# $FreeBSD$ + +PROG= chroot +MAN= chroot.8 + +.include <bsd.prog.mk> diff --git a/usr.sbin/chroot/Makefile.depend b/usr.sbin/chroot/Makefile.depend new file mode 100644 index 0000000..3646e2e --- /dev/null +++ b/usr.sbin/chroot/Makefile.depend @@ -0,0 +1,18 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + gnu/lib/csu \ + gnu/lib/libgcc \ + include \ + include/xlocale \ + lib/${CSU_DIR} \ + lib/libc \ + lib/libcompiler_rt \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/usr.sbin/chroot/chroot.8 b/usr.sbin/chroot/chroot.8 new file mode 100644 index 0000000..e5f9f44 --- /dev/null +++ b/usr.sbin/chroot/chroot.8 @@ -0,0 +1,94 @@ +.\" Copyright (c) 1988, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)chroot.8 8.1 (Berkeley) 6/9/93 +.\" $FreeBSD$ +.\" +.Dd June 7, 2003 +.Dt CHROOT 8 +.Os +.Sh NAME +.Nm chroot +.Nd change root directory +.Sh SYNOPSIS +.Nm +.Op Fl u Ar user +.Op Fl g Ar group +.Op Fl G Ar group,group,... +.Ar newroot +.Op Ar command +.Sh DESCRIPTION +The +.Nm +utility changes its current and root directories to the supplied directory +.Ar newroot +and then exec's +.Ar command , +if supplied, +or an interactive copy of the user's login shell. +.Pp +If the +.Fl u , +.Fl g +or +.Fl G +options are given, +the user, +group and group list of the process are set to +these values after the +.Nm +has taken place. +.Sh ENVIRONMENT +The following environment variable is referenced by +.Nm : +.Bl -tag -width ".Ev SHELL" +.It Ev SHELL +If set, +the string specified by +.Ev SHELL +is interpreted as the name of +the shell to exec. +If the variable +.Ev SHELL +is not set, +.Pa /bin/sh +is used. +.El +.Sh SEE ALSO +.Xr chdir 2 , +.Xr chroot 2 , +.Xr setgid 2 , +.Xr setgroups 2 , +.Xr setuid 2 , +.Xr getgrnam 3 , +.Xr environ 7 , +.Xr jail 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Bx 4.4 . diff --git a/usr.sbin/chroot/chroot.c b/usr.sbin/chroot/chroot.c new file mode 100644 index 0000000..9db0192 --- /dev/null +++ b/usr.sbin/chroot/chroot.c @@ -0,0 +1,182 @@ +/* + * Copyright (c) 1988, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#if 0 +#ifndef lint +static const char copyright[] = +"@(#) Copyright (c) 1988, 1993\n\ + The Regents of the University of California. All rights reserved.\n"; +#endif /* not lint */ + +#ifndef lint +static char sccsid[] = "@(#)chroot.c 8.1 (Berkeley) 6/9/93"; +#endif /* not lint */ +#endif +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <sys/types.h> + +#include <ctype.h> +#include <err.h> +#include <grp.h> +#include <limits.h> +#include <paths.h> +#include <pwd.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +static void usage(void); + +int +main(int argc, char *argv[]) +{ + struct group *gp; + struct passwd *pw; + char *endp, *p, *user, *group, *grouplist; + const char *shell; + gid_t gid, *gidlist; + uid_t uid; + int ch, gids; + long ngroups_max; + + gid = 0; + uid = 0; + user = group = grouplist = NULL; + while ((ch = getopt(argc, argv, "G:g:u:")) != -1) { + switch(ch) { + case 'u': + user = optarg; + if (*user == '\0') + usage(); + break; + case 'g': + group = optarg; + if (*group == '\0') + usage(); + break; + case 'G': + grouplist = optarg; + if (*grouplist == '\0') + usage(); + break; + case '?': + default: + usage(); + } + } + argc -= optind; + argv += optind; + + if (argc < 1) + usage(); + + if (group != NULL) { + if (isdigit((unsigned char)*group)) { + gid = (gid_t)strtoul(group, &endp, 0); + if (*endp != '\0') + goto getgroup; + } else { + getgroup: + if ((gp = getgrnam(group)) != NULL) + gid = gp->gr_gid; + else + errx(1, "no such group `%s'", group); + } + } + + ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1; + if ((gidlist = malloc(sizeof(gid_t) * ngroups_max)) == NULL) + err(1, "malloc"); + for (gids = 0; + (p = strsep(&grouplist, ",")) != NULL && gids < ngroups_max; ) { + if (*p == '\0') + continue; + + if (isdigit((unsigned char)*p)) { + gidlist[gids] = (gid_t)strtoul(p, &endp, 0); + if (*endp != '\0') + goto getglist; + } else { + getglist: + if ((gp = getgrnam(p)) != NULL) + gidlist[gids] = gp->gr_gid; + else + errx(1, "no such group `%s'", p); + } + gids++; + } + if (p != NULL && gids == ngroups_max) + errx(1, "too many supplementary groups provided"); + + if (user != NULL) { + if (isdigit((unsigned char)*user)) { + uid = (uid_t)strtoul(user, &endp, 0); + if (*endp != '\0') + goto getuser; + } else { + getuser: + if ((pw = getpwnam(user)) != NULL) + uid = pw->pw_uid; + else + errx(1, "no such user `%s'", user); + } + } + + if (chdir(argv[0]) == -1 || chroot(".") == -1) + err(1, "%s", argv[0]); + + if (gids && setgroups(gids, gidlist) == -1) + err(1, "setgroups"); + if (group && setgid(gid) == -1) + err(1, "setgid"); + if (user && setuid(uid) == -1) + err(1, "setuid"); + + if (argv[1]) { + execvp(argv[1], &argv[1]); + err(1, "%s", argv[1]); + } + + if (!(shell = getenv("SHELL"))) + shell = _PATH_BSHELL; + execlp(shell, shell, "-i", (char *)NULL); + err(1, "%s", shell); + /* NOTREACHED */ +} + +static void +usage(void) +{ + (void)fprintf(stderr, "usage: chroot [-g group] [-G group,group,...] " + "[-u user] newroot [command]\n"); + exit(1); +} |
