/*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void usage(void) __dead2; static gid_t resolve_group(const char *group) { char *endp; struct group *gp; unsigned long gid; gp = getgrnam(group); if (gp != NULL) return (gp->gr_gid); /* * Numeric IDs don't need a trip through the database to check them, * POSIX seems to think we should generally accept a numeric ID as long * as it's within the valid range. */ errno = 0; gid = strtoul(group, &endp, 0); if (errno == 0 && *endp == '\0' && gid <= GID_MAX) return (gid); errx(1, "no such group '%s'", group); } static uid_t resolve_user(const char *user) { char *endp; struct passwd *pw; unsigned long uid; pw = getpwnam(user); if (pw != NULL) return (pw->pw_uid); errno = 0; uid = strtoul(user, &endp, 0); if (errno == 0 && *endp == '\0' && uid <= UID_MAX) return (uid); errx(1, "no such user '%s'", user); } int main(int argc, char *argv[]) { const char *group, *p, *shell, *user; char *grouplist; long ngroups_max; gid_t gid, *gidlist; uid_t uid; int arg, ch, error, gids; bool nonprivileged; gid = 0; uid = 0; gids = 0; user = group = grouplist = NULL; gidlist = NULL; nonprivileged = false; while ((ch = getopt(argc, argv, "G:g:u:n")) != -1) { switch(ch) { case 'u': user = optarg; if (*user == '\0') usage(); break; case 'g': group = optarg; if (*group == '\0') usage(); break; case 'G': grouplist = optarg; /* * XXX Why not allow us to drop all of our supplementary * groups? */ if (*grouplist == '\0') usage(); break; case 'n': nonprivileged = true; break; case '?': default: usage(); } } argc -= optind; argv += optind; if (argc < 1) usage(); if (group != NULL) gid = resolve_group(group); if (grouplist != NULL) { ngroups_max = sysconf(_SC_NGROUPS_MAX); if ((gidlist = malloc(sizeof(gid_t) * ngroups_max)) == NULL) err(1, "malloc"); for (gids = 0; (p = strsep(&grouplist, ",")) != NULL && gids < ngroups_max; ) { if (*p == '\0') continue; gidlist[gids++] = resolve_group(p); } if (p != NULL && gids == ngroups_max) errx(1, "too many supplementary groups provided"); } if (user != NULL) uid = resolve_user(user); if (nonprivileged) { arg = PROC_NO_NEW_PRIVS_ENABLE; error = procctl(P_PID, getpid(), PROC_NO_NEW_PRIVS_CTL, &arg); if (error != 0) err(1, "procctl"); } if (chdir(argv[0]) == -1) err(1, "%s", argv[0]); if (chroot(".") == -1) { if (errno == EPERM && !nonprivileged && geteuid() != 0) errx(1, "unprivileged use requires -n"); err(1, "%s", argv[0]); } if (gidlist != NULL && setgroups(gids, gidlist) == -1) err(1, "setgroups"); if (group && setgid(gid) == -1) err(1, "setgid"); if (user && setuid(uid) == -1) err(1, "setuid"); if (argv[1]) { execvp(argv[1], &argv[1]); err(1, "%s", argv[1]); } if (!(shell = getenv("SHELL"))) shell = _PATH_BSHELL; execlp(shell, shell, "-i", (char *)NULL); err(1, "%s", shell); /* NOTREACHED */ } static void usage(void) { (void)fprintf(stderr, "usage: chroot [-g group] [-G group,group,...] " "[-u user] [-n] newroot [command]\n"); exit(1); }