1 /* 2 * Copyright (c) 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30 #if 0 31 #ifndef lint 32 static const char copyright[] = 33 "@(#) Copyright (c) 1988, 1993\n\ 34 The Regents of the University of California. All rights reserved.\n"; 35 #endif /* not lint */ 36 37 #ifndef lint 38 static char sccsid[] = "@(#)chroot.c 8.1 (Berkeley) 6/9/93"; 39 #endif /* not lint */ 40 #endif 41 #include <sys/cdefs.h> 42 __FBSDID("$FreeBSD$"); 43 44 #include <sys/types.h> 45 46 #include <ctype.h> 47 #include <err.h> 48 #include <grp.h> 49 #include <limits.h> 50 #include <paths.h> 51 #include <pwd.h> 52 #include <stdio.h> 53 #include <stdlib.h> 54 #include <string.h> 55 #include <unistd.h> 56 57 static void usage(void); 58 59 int 60 main(int argc, char *argv[]) 61 { 62 struct group *gp; 63 struct passwd *pw; 64 char *endp, *p, *user, *group, *grouplist; 65 const char *shell; 66 gid_t gid, *gidlist; 67 uid_t uid; 68 int ch, gids; 69 long ngroups_max; 70 71 gid = 0; 72 uid = 0; 73 user = group = grouplist = NULL; 74 while ((ch = getopt(argc, argv, "G:g:u:")) != -1) { 75 switch(ch) { 76 case 'u': 77 user = optarg; 78 if (*user == '\0') 79 usage(); 80 break; 81 case 'g': 82 group = optarg; 83 if (*group == '\0') 84 usage(); 85 break; 86 case 'G': 87 grouplist = optarg; 88 if (*grouplist == '\0') 89 usage(); 90 break; 91 case '?': 92 default: 93 usage(); 94 } 95 } 96 argc -= optind; 97 argv += optind; 98 99 if (argc < 1) 100 usage(); 101 102 if (group != NULL) { 103 if (isdigit((unsigned char)*group)) { 104 gid = (gid_t)strtoul(group, &endp, 0); 105 if (*endp != '\0') 106 goto getgroup; 107 } else { 108 getgroup: 109 if ((gp = getgrnam(group)) != NULL) 110 gid = gp->gr_gid; 111 else 112 errx(1, "no such group `%s'", group); 113 } 114 } 115 116 ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1; 117 if ((gidlist = malloc(sizeof(gid_t) * ngroups_max)) == NULL) 118 err(1, "malloc"); 119 for (gids = 0; 120 (p = strsep(&grouplist, ",")) != NULL && gids < ngroups_max; ) { 121 if (*p == '\0') 122 continue; 123 124 if (isdigit((unsigned char)*p)) { 125 gidlist[gids] = (gid_t)strtoul(p, &endp, 0); 126 if (*endp != '\0') 127 goto getglist; 128 } else { 129 getglist: 130 if ((gp = getgrnam(p)) != NULL) 131 gidlist[gids] = gp->gr_gid; 132 else 133 errx(1, "no such group `%s'", p); 134 } 135 gids++; 136 } 137 if (p != NULL && gids == ngroups_max) 138 errx(1, "too many supplementary groups provided"); 139 140 if (user != NULL) { 141 if (isdigit((unsigned char)*user)) { 142 uid = (uid_t)strtoul(user, &endp, 0); 143 if (*endp != '\0') 144 goto getuser; 145 } else { 146 getuser: 147 if ((pw = getpwnam(user)) != NULL) 148 uid = pw->pw_uid; 149 else 150 errx(1, "no such user `%s'", user); 151 } 152 } 153 154 if (chdir(argv[0]) == -1 || chroot(".") == -1) 155 err(1, "%s", argv[0]); 156 157 if (gids && setgroups(gids, gidlist) == -1) 158 err(1, "setgroups"); 159 if (group && setgid(gid) == -1) 160 err(1, "setgid"); 161 if (user && setuid(uid) == -1) 162 err(1, "setuid"); 163 164 if (argv[1]) { 165 execvp(argv[1], &argv[1]); 166 err(1, "%s", argv[1]); 167 } 168 169 if (!(shell = getenv("SHELL"))) 170 shell = _PATH_BSHELL; 171 execlp(shell, shell, "-i", (char *)NULL); 172 err(1, "%s", shell); 173 /* NOTREACHED */ 174 } 175 176 static void 177 usage(void) 178 { 179 (void)fprintf(stderr, "usage: chroot [-g group] [-G group,group,...] " 180 "[-u user] newroot [command]\n"); 181 exit(1); 182 } 183