diff options
author | Cameron Katri <me@cameronkatri.com> | 2021-05-09 14:20:58 -0400 |
---|---|---|
committer | Cameron Katri <me@cameronkatri.com> | 2021-05-09 14:20:58 -0400 |
commit | 5fd83771641d15c418f747bd343ba6738d3875f7 (patch) | |
tree | 5abf0f78f680d9837dbd93d4d4c3933bb7509599 /shell_cmds/chroot | |
download | apple_cmds-5fd83771641d15c418f747bd343ba6738d3875f7.tar.gz apple_cmds-5fd83771641d15c418f747bd343ba6738d3875f7.tar.zst apple_cmds-5fd83771641d15c418f747bd343ba6738d3875f7.zip |
Import macOS userland
adv_cmds-176
basic_cmds-55
bootstrap_cmds-116.100.1
developer_cmds-66
diskdev_cmds-667.40.1
doc_cmds-53.60.1
file_cmds-321.40.3
mail_cmds-35
misc_cmds-34
network_cmds-606.40.1
patch_cmds-17
remote_cmds-63
shell_cmds-216.60.1
system_cmds-880.60.2
text_cmds-106
Diffstat (limited to 'shell_cmds/chroot')
-rw-r--r-- | shell_cmds/chroot/chroot.8 | 102 | ||||
-rw-r--r-- | shell_cmds/chroot/chroot.c | 178 |
2 files changed, 280 insertions, 0 deletions
diff --git a/shell_cmds/chroot/chroot.8 b/shell_cmds/chroot/chroot.8 new file mode 100644 index 0000000..fce026b --- /dev/null +++ b/shell_cmds/chroot/chroot.8 @@ -0,0 +1,102 @@ +.\" Copyright (c) 1988, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)chroot.8 8.1 (Berkeley) 6/9/93 +.\" $NetBSD: chroot.8,v 1.7 1998/10/06 03:47:50 mrg Exp $ +.\" +.Dd October 6, 1998 +.Dt CHROOT 8 +.Os BSD 4.3 +.Sh NAME +.Nm chroot +.Nd change root directory +.Sh SYNOPSIS +.Nm +.Op Fl u user +.Op Fl g group +.Op Fl G group,group,... +.Ar newroot +.Op Ar command +.Sh DESCRIPTION +The +.Nm +command changes its root directory to the supplied directory +.Ar newroot +and exec's +.Ar command , +if supplied, or an interactive copy of your shell. +.Pp +If the +.Fl u , +.Fl g +or +.Fl G +options are given, the user, group and group list of the process are +set to these values after the chroot has taken place. See +.Xr setgid 2 , +.Xr setgroups 2 , +.Xr setuid 2 , +.Xr getgrnam 3 +and +.Xr getpwnam 3 . +.Pp +Note, +.Ar command +or the shell are run as your real-user-id. +.Sh ENVIRONMENT +The following environment variable is referenced by +.Nm : +.Bl -tag -width SHELL +.It Ev SHELL +If set, +the string specified by +.Ev SHELL +is interpreted as the name of +the shell to exec. +If the variable +.Ev SHELL +is not set, +.Pa /bin/sh +is used. +.El +.Sh SEE ALSO +.Xr chdir 2 , +.Xr chroot 2 , +.Xr environ 7 +.Sh HISTORY +The +.Nm +utility first appeared in +.Bx 4.4 . +.Sh SECURITY CONSIDERATIONS +.Nm +should never be installed setuid root, as it would then be possible +to exploit the program to gain root privileges. diff --git a/shell_cmds/chroot/chroot.c b/shell_cmds/chroot/chroot.c new file mode 100644 index 0000000..c9c38f5 --- /dev/null +++ b/shell_cmds/chroot/chroot.c @@ -0,0 +1,178 @@ +/* + * Copyright (c) 1988, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +#ifndef lint +__COPYRIGHT("@(#) Copyright (c) 1988, 1993\n\ + The Regents of the University of California. All rights reserved.\n"); +#endif /* not lint */ + +#ifndef lint +#if 0 +static char sccsid[] = "@(#)chroot.c 8.1 (Berkeley) 6/9/93"; +#else +__RCSID("$NetBSD: chroot.c,v 1.7 1998/10/06 03:47:51 mrg Exp $"); +#endif +#endif /* not lint */ + +#include <sys/param.h> + +#include <ctype.h> +#include <err.h> +#include <errno.h> +#include <grp.h> +#include <paths.h> +#include <pwd.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +int main __P((int, char **)); +void usage __P((void)) __attribute__((__noreturn__)); + +char *user; /* user to switch to before running program */ +char *group; /* group to switch to ... */ +char *grouplist; /* group list to switch to ... */ + +int +main(argc, argv) + int argc; + char *argv[]; +{ + struct group *gp; + struct passwd *pw; + char *shell, *endp, *comma; + gid_t gid = 0, gidlist[NGROUPS_MAX]; + uid_t uid = 0; + int ch, gids; + + while ((ch = getopt(argc, argv, "G:g:u:")) != -1) + switch(ch) { + case 'u': + user = optarg; + break; + case 'g': + group = optarg; + break; + case 'G': + grouplist = optarg; + break; + case '?': + default: + usage(); + } + argc -= optind; + argv += optind; + + if (argc < 1) + usage(); + + if (group) { + if (isdigit(*group)) { + gid = (gid_t)strtol(group, &endp, 0); + if (endp == group) + goto getgroup; + } else { +getgroup: + if ((gp = getgrnam(group))) + gid = gp->gr_gid; + else + errx(1, "no such group %s", group); + } + } + + for (gids = 0; grouplist; ) { + comma = strchr(grouplist, ','); + + if (comma) + *comma++ = '\0'; + + if (isdigit(*grouplist)) { + gidlist[gids] = (gid_t)strtol(grouplist, &endp, 0); + if (endp == grouplist) + goto getglist; + } else { +getglist: + if ((gp = getgrnam(grouplist))) + gidlist[gids] = gp->gr_gid; + else + errx(1, "no such group %s", group); + } + gids++; + grouplist = comma; + } + + if (user) { + if (isdigit(*user)) { + uid = (uid_t)strtol(user, &endp, 0); + if (endp == user) + goto getuser; + } else { +getuser: + if ((pw = getpwnam(user))) + uid = pw->pw_uid; + else + errx(1, "no such user %s", user); + } + } + + if (chdir(argv[0]) || chroot(".")) + err(1, "%s", argv[0]); + + if (gids && setgroups(gids, gidlist) < 0) + err(1, "setgroups"); + if (group && setgid(gid) < 0) + err(1, "setgid"); + if (user && setuid(uid) < 0) + err(1, "setuid"); + + if (argv[1]) { + execvp(argv[1], &argv[1]); + err(1, "%s", argv[1]); + } + + if (!(shell = getenv("SHELL"))) + shell = _PATH_BSHELL; + execlp(shell, shell, "-i", NULL); + err(1, "%s", shell); + /* NOTREACHED */ +} + +void +usage() +{ + (void)fprintf(stderr, "usage: chroot [-g group] [-G group,group,...] " + "[-u user] newroot [command]\n"); + exit(1); +} |