1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1988, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/types.h> 33 #include <sys/procctl.h> 34 35 #include <ctype.h> 36 #include <err.h> 37 #include <errno.h> 38 #include <grp.h> 39 #include <limits.h> 40 #include <paths.h> 41 #include <pwd.h> 42 #include <stdbool.h> 43 #include <stdio.h> 44 #include <stdlib.h> 45 #include <string.h> 46 #include <unistd.h> 47 48 static void usage(void) __dead2; 49 50 int 51 main(int argc, char *argv[]) 52 { 53 struct group *gp; 54 struct passwd *pw; 55 char *endp, *p, *user, *group, *grouplist; 56 const char *shell; 57 gid_t gid, *gidlist; 58 uid_t uid; 59 int arg, ch, error, gids; 60 long ngroups_max; 61 bool nonprivileged; 62 63 gid = 0; 64 uid = 0; 65 user = group = grouplist = NULL; 66 nonprivileged = false; 67 while ((ch = getopt(argc, argv, "G:g:u:n")) != -1) { 68 switch(ch) { 69 case 'u': 70 user = optarg; 71 if (*user == '\0') 72 usage(); 73 break; 74 case 'g': 75 group = optarg; 76 if (*group == '\0') 77 usage(); 78 break; 79 case 'G': 80 grouplist = optarg; 81 if (*grouplist == '\0') 82 usage(); 83 break; 84 case 'n': 85 nonprivileged = true; 86 break; 87 case '?': 88 default: 89 usage(); 90 } 91 } 92 argc -= optind; 93 argv += optind; 94 95 if (argc < 1) 96 usage(); 97 98 if (group != NULL) { 99 if (isdigit((unsigned char)*group)) { 100 gid = (gid_t)strtoul(group, &endp, 0); 101 if (*endp != '\0') 102 goto getgroup; 103 } else { 104 getgroup: 105 if ((gp = getgrnam(group)) != NULL) 106 gid = gp->gr_gid; 107 else 108 errx(1, "no such group `%s'", group); 109 } 110 } 111 112 ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1; 113 if ((gidlist = malloc(sizeof(gid_t) * ngroups_max)) == NULL) 114 err(1, "malloc"); 115 /* Populate the egid slot in our groups to avoid accidents. */ 116 if (gid == 0) 117 gidlist[0] = getegid(); 118 else 119 gidlist[0] = gid; 120 for (gids = 1; 121 (p = strsep(&grouplist, ",")) != NULL && gids < ngroups_max; ) { 122 if (*p == '\0') 123 continue; 124 125 if (isdigit((unsigned char)*p)) { 126 gidlist[gids] = (gid_t)strtoul(p, &endp, 0); 127 if (*endp != '\0') 128 goto getglist; 129 } else { 130 getglist: 131 if ((gp = getgrnam(p)) != NULL) 132 gidlist[gids] = gp->gr_gid; 133 else 134 errx(1, "no such group `%s'", p); 135 } 136 gids++; 137 } 138 if (p != NULL && gids == ngroups_max) 139 errx(1, "too many supplementary groups provided"); 140 141 if (user != NULL) { 142 if (isdigit((unsigned char)*user)) { 143 uid = (uid_t)strtoul(user, &endp, 0); 144 if (*endp != '\0') 145 goto getuser; 146 } else { 147 getuser: 148 if ((pw = getpwnam(user)) != NULL) 149 uid = pw->pw_uid; 150 else 151 errx(1, "no such user `%s'", user); 152 } 153 } 154 155 if (nonprivileged) { 156 arg = PROC_NO_NEW_PRIVS_ENABLE; 157 error = procctl(P_PID, getpid(), PROC_NO_NEW_PRIVS_CTL, &arg); 158 if (error != 0) 159 err(1, "procctl"); 160 } 161 162 if (chdir(argv[0]) == -1) 163 err(1, "%s", argv[0]); 164 if (chroot(".") == -1) { 165 if (errno == EPERM && !nonprivileged && geteuid() != 0) 166 errx(1, "unprivileged use requires -n"); 167 err(1, "%s", argv[0]); 168 } 169 170 if (gids && setgroups(gids, gidlist) == -1) 171 err(1, "setgroups"); 172 if (group && setgid(gid) == -1) 173 err(1, "setgid"); 174 if (user && setuid(uid) == -1) 175 err(1, "setuid"); 176 177 if (argv[1]) { 178 execvp(argv[1], &argv[1]); 179 err(1, "%s", argv[1]); 180 } 181 182 if (!(shell = getenv("SHELL"))) 183 shell = _PATH_BSHELL; 184 execlp(shell, shell, "-i", (char *)NULL); 185 err(1, "%s", shell); 186 /* NOTREACHED */ 187 } 188 189 static void 190 usage(void) 191 { 192 (void)fprintf(stderr, "usage: chroot [-g group] [-G group,group,...] " 193 "[-u user] [-n] newroot [command]\n"); 194 exit(1); 195 } 196