1/* 2 * Copyright (c) 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include <sys/cdefs.h> 35#ifndef lint 36__COPYRIGHT("@(#) Copyright (c) 1988, 1993\n\ 37 The Regents of the University of California. All rights reserved.\n"); 38#endif /* not lint */ 39 40#ifndef lint 41#if 0 42static char sccsid[] = "@(#)chroot.c 8.1 (Berkeley) 6/9/93"; 43#else 44__RCSID("$NetBSD: chroot.c,v 1.7 1998/10/06 03:47:51 mrg Exp $"); 45#endif 46#endif /* not lint */ 47 48#include <sys/param.h> 49 50#include <ctype.h> 51#include <err.h> 52#include <errno.h> 53#include <grp.h> 54#include <paths.h> 55#include <pwd.h> 56#include <stdio.h> 57#include <stdlib.h> 58#include <string.h> 59#include <unistd.h> 60 61int main __P((int, char **)); 62void usage __P((void)) __attribute__((__noreturn__)); 63 64char *user; /* user to switch to before running program */ 65char *group; /* group to switch to ... */ 66char *grouplist; /* group list to switch to ... */ 67 68int 69main(argc, argv) 70 int argc; 71 char *argv[]; 72{ 73 struct group *gp; 74 struct passwd *pw; 75 char *shell, *endp, *comma; 76 gid_t gid = 0, gidlist[NGROUPS_MAX]; 77 uid_t uid = 0; 78 int ch, gids; 79 80 while ((ch = getopt(argc, argv, "G:g:u:")) != -1) 81 switch(ch) { 82 case 'u': 83 user = optarg; 84 break; 85 case 'g': 86 group = optarg; 87 break; 88 case 'G': 89 grouplist = optarg; 90 break; 91 case '?': 92 default: 93 usage(); 94 } 95 argc -= optind; 96 argv += optind; 97 98 if (argc < 1) 99 usage(); 100 101 if (group) { 102 if (isdigit(*group)) { 103 gid = (gid_t)strtol(group, &endp, 0); 104 if (endp == group) 105 goto getgroup; 106 } else { 107getgroup: 108 if ((gp = getgrnam(group))) 109 gid = gp->gr_gid; 110 else 111 errx(1, "no such group %s", group); 112 } 113 } 114 115 for (gids = 0; grouplist; ) { 116 comma = strchr(grouplist, ','); 117 118 if (comma) 119 *comma++ = '\0'; 120 121 if (isdigit(*grouplist)) { 122 gidlist[gids] = (gid_t)strtol(grouplist, &endp, 0); 123 if (endp == grouplist) 124 goto getglist; 125 } else { 126getglist: 127 if ((gp = getgrnam(grouplist))) 128 gidlist[gids] = gp->gr_gid; 129 else 130 errx(1, "no such group %s", group); 131 } 132 gids++; 133 grouplist = comma; 134 } 135 136 if (user) { 137 if (isdigit(*user)) { 138 uid = (uid_t)strtol(user, &endp, 0); 139 if (endp == user) 140 goto getuser; 141 } else { 142getuser: 143 if ((pw = getpwnam(user))) 144 uid = pw->pw_uid; 145 else 146 errx(1, "no such user %s", user); 147 } 148 } 149 150 if (chdir(argv[0]) || chroot(".")) 151 err(1, "%s", argv[0]); 152 153 if (gids && setgroups(gids, gidlist) < 0) 154 err(1, "setgroups"); 155 if (group && setgid(gid) < 0) 156 err(1, "setgid"); 157 if (user && setuid(uid) < 0) 158 err(1, "setuid"); 159 160 if (argv[1]) { 161 execvp(argv[1], &argv[1]); 162 err(1, "%s", argv[1]); 163 } 164 165 if (!(shell = getenv("SHELL"))) 166 shell = _PATH_BSHELL; 167 execlp(shell, shell, "-i", NULL); 168 err(1, "%s", shell); 169 /* NOTREACHED */ 170} 171 172void 173usage() 174{ 175 (void)fprintf(stderr, "usage: chroot [-g group] [-G group,group,...] " 176 "[-u user] newroot [command]\n"); 177 exit(1); 178} 179