/
libchroot.c
119 lines (105 loc) · 2.35 KB
/
libchroot.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#define _GNU_SOURCE
#include <asm-generic/fcntl.h>
#include <dlfcn.h>
#include <errno.h>
#include <grp.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
static int (*real_open) (const char *file, int flags, mode_t mode) = 0;
static int (*real_open64) (const char *file, int flags, mode_t mode) = 0;
static int fdnull, fdzero;
int
open (const char *file, int flags, mode_t mode)
{
if (0 == strcmp ("/dev/null", file))
return dup (fdnull);
if (0 == strcmp ("/dev/zero", file))
return dup (fdzero);
return real_open (file, flags, mode);
}
int
open64 (const char *file, int flags, mode_t mode)
{
if (0 == strcmp ("/dev/null", file))
return dup (fdnull);
if (0 == strcmp ("/dev/zero", file))
return dup (fdzero);
return real_open64 (file, flags, mode);
}
void __attribute__ ((constructor)) run ()
{
char *dir = 0, *uid_str = 0, *gid_str = 0, *user_str = 0;
int uid = 0, gid = 0;
if (0 == real_open)
{
if (0 == (real_open = dlsym (RTLD_NEXT, "open")))
{
fprintf (stderr, "libchroot: dlsym(open): %s.\n", dlerror ());
abort ();
}
if (0 == (real_open64 = dlsym (RTLD_NEXT, "open64")))
{
fprintf (stderr, "libchroot: dlsym(open): %s.\n", dlerror ());
abort ();
}
if (-1 == (fdzero = real_open ("/dev/zero", O_RDWR, 0)))
{
perror ("open /dev/zero failed");
abort ();
}
if (-1 == (fdnull = real_open ("/dev/null", O_RDWR, 0)))
{
perror ("open /dev/null failed");
abort ();
}
}
if (0 == (dir = getenv ("CHROOT")))
{
fputs ("libchroot: You forgot to specify $CHROOT.", stderr);
abort ();
}
if ((gid_str = getenv ("SUDO_GID")))
{
gid = atoi (gid_str);
if ((user_str = getenv ("SUDO_USER")))
{
if (-1 == initgroups (user_str, gid))
{
perror ("initgroups");
abort ();
}
}
}
if (chdir (dir) == -1)
{
perror ("chdir");
abort ();
}
if (chroot (dir) == -1)
{
perror ("libchroot: chroot");
abort ();
}
if (0 == (uid_str = getenv ("SUDO_UID")))
{
return;
}
uid = atoi (uid_str);
if (uid != 0 && gid != 0)
{
if (-1 == setresgid (gid, gid, gid))
{
perror ("setresgid failed");
abort ();
}
if (-1 == setresuid (uid, uid, uid))
{
perror ("setresuid failed");
abort ();
}
}
}