1 /*
2 * Copyright (c) 1988, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 4. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 */
29
30 #if 0
31 #ifndef lint
32 static const char copyright[] =
33 "@(#) Copyright (c) 1988, 1993\n\
34 The Regents of the University of California. All rights reserved.\n";
35 #endif /* not lint */
36
37 #ifndef lint
38 static char sccsid[] = "@(#)chroot.c 8.1 (Berkeley) 6/9/93";
39 #endif /* not lint */
40 #endif
41 #include <sys/cdefs.h>
42 __FBSDID("$FreeBSD$");
43
44 #include <sys/types.h>
45
46 #include <ctype.h>
47 #include <err.h>
48 #include <grp.h>
49 #include <limits.h>
50 #include <paths.h>
51 #include <pwd.h>
52 #include <stdio.h>
53 #include <stdlib.h>
54 #include <string.h>
55 #include <unistd.h>
56
57 static void usage(void);
58
59 int
main(int argc,char * argv[])60 main(int argc, char *argv[])
61 {
62 struct group *gp;
63 struct passwd *pw;
64 char *endp, *p, *user, *group, *grouplist;
65 const char *shell;
66 gid_t gid, *gidlist;
67 uid_t uid;
68 int ch, gids;
69 long ngroups_max;
70
71 gid = 0;
72 uid = 0;
73 user = group = grouplist = NULL;
74 while ((ch = getopt(argc, argv, "G:g:u:")) != -1) {
75 switch(ch) {
76 case 'u':
77 user = optarg;
78 if (*user == '\0')
79 usage();
80 break;
81 case 'g':
82 group = optarg;
83 if (*group == '\0')
84 usage();
85 break;
86 case 'G':
87 grouplist = optarg;
88 if (*grouplist == '\0')
89 usage();
90 break;
91 case '?':
92 default:
93 usage();
94 }
95 }
96 argc -= optind;
97 argv += optind;
98
99 if (argc < 1)
100 usage();
101
102 if (group != NULL) {
103 if (isdigit((unsigned char)*group)) {
104 gid = (gid_t)strtoul(group, &endp, 0);
105 if (*endp != '\0')
106 goto getgroup;
107 } else {
108 getgroup:
109 if ((gp = getgrnam(group)) != NULL)
110 gid = gp->gr_gid;
111 else
112 errx(1, "no such group `%s'", group);
113 }
114 }
115
116 ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
117 if ((gidlist = malloc(sizeof(gid_t) * ngroups_max)) == NULL)
118 err(1, "malloc");
119 for (gids = 0;
120 (p = strsep(&grouplist, ",")) != NULL && gids < ngroups_max; ) {
121 if (*p == '\0')
122 continue;
123
124 if (isdigit((unsigned char)*p)) {
125 gidlist[gids] = (gid_t)strtoul(p, &endp, 0);
126 if (*endp != '\0')
127 goto getglist;
128 } else {
129 getglist:
130 if ((gp = getgrnam(p)) != NULL)
131 gidlist[gids] = gp->gr_gid;
132 else
133 errx(1, "no such group `%s'", p);
134 }
135 gids++;
136 }
137 if (p != NULL && gids == ngroups_max)
138 errx(1, "too many supplementary groups provided");
139
140 if (user != NULL) {
141 if (isdigit((unsigned char)*user)) {
142 uid = (uid_t)strtoul(user, &endp, 0);
143 if (*endp != '\0')
144 goto getuser;
145 } else {
146 getuser:
147 if ((pw = getpwnam(user)) != NULL)
148 uid = pw->pw_uid;
149 else
150 errx(1, "no such user `%s'", user);
151 }
152 }
153
154 if (chdir(argv[0]) == -1 || chroot(".") == -1)
155 err(1, "%s", argv[0]);
156
157 if (gids && setgroups(gids, gidlist) == -1)
158 err(1, "setgroups");
159 if (group && setgid(gid) == -1)
160 err(1, "setgid");
161 if (user && setuid(uid) == -1)
162 err(1, "setuid");
163
164 if (argv[1]) {
165 execvp(argv[1], &argv[1]);
166 err(1, "%s", argv[1]);
167 }
168
169 if (!(shell = getenv("SHELL")))
170 shell = _PATH_BSHELL;
171 execlp(shell, shell, "-i", (char *)NULL);
172 err(1, "%s", shell);
173 /* NOTREACHED */
174 }
175
176 static void
usage(void)177 usage(void)
178 {
179 (void)fprintf(stderr, "usage: chroot [-g group] [-G group,group,...] "
180 "[-u user] newroot [command]\n");
181 exit(1);
182 }
183