1*41fbaed0Stron /* $NetBSD: chroot_uid.c,v 1.1.1.1 2009/06/23 10:08:59 tron Exp $ */
2*41fbaed0Stron
3*41fbaed0Stron /*++
4*41fbaed0Stron /* NAME
5*41fbaed0Stron /* chroot_uid 3
6*41fbaed0Stron /* SUMMARY
7*41fbaed0Stron /* limit possible damage a process can do
8*41fbaed0Stron /* SYNOPSIS
9*41fbaed0Stron /* #include <chroot_uid.h>
10*41fbaed0Stron /*
11*41fbaed0Stron /* void chroot_uid(root_dir, user_name)
12*41fbaed0Stron /* const char *root_dir;
13*41fbaed0Stron /* const char *user_name;
14*41fbaed0Stron /* DESCRIPTION
15*41fbaed0Stron /* \fBchroot_uid\fR changes the process root to \fIroot_dir\fR and
16*41fbaed0Stron /* changes process privileges to those of \fIuser_name\fR.
17*41fbaed0Stron /* DIAGNOSTICS
18*41fbaed0Stron /* System call errors are reported via the msg(3) interface.
19*41fbaed0Stron /* All errors are fatal.
20*41fbaed0Stron /* LICENSE
21*41fbaed0Stron /* .ad
22*41fbaed0Stron /* .fi
23*41fbaed0Stron /* The Secure Mailer license must be distributed with this software.
24*41fbaed0Stron /* AUTHOR(S)
25*41fbaed0Stron /* Wietse Venema
26*41fbaed0Stron /* IBM T.J. Watson Research
27*41fbaed0Stron /* P.O. Box 704
28*41fbaed0Stron /* Yorktown Heights, NY 10598, USA
29*41fbaed0Stron /*--*/
30*41fbaed0Stron
31*41fbaed0Stron /* System library. */
32*41fbaed0Stron
33*41fbaed0Stron #include <sys_defs.h>
34*41fbaed0Stron #include <pwd.h>
35*41fbaed0Stron #include <unistd.h>
36*41fbaed0Stron #include <grp.h>
37*41fbaed0Stron
38*41fbaed0Stron /* Utility library. */
39*41fbaed0Stron
40*41fbaed0Stron #include "msg.h"
41*41fbaed0Stron #include "chroot_uid.h"
42*41fbaed0Stron
43*41fbaed0Stron /* chroot_uid - restrict the damage that this program can do */
44*41fbaed0Stron
chroot_uid(const char * root_dir,const char * user_name)45*41fbaed0Stron void chroot_uid(const char *root_dir, const char *user_name)
46*41fbaed0Stron {
47*41fbaed0Stron struct passwd *pwd;
48*41fbaed0Stron uid_t uid;
49*41fbaed0Stron gid_t gid;
50*41fbaed0Stron
51*41fbaed0Stron /*
52*41fbaed0Stron * Look up the uid/gid before entering the jail, and save them so they
53*41fbaed0Stron * can't be clobbered. Set up the primary and secondary groups.
54*41fbaed0Stron */
55*41fbaed0Stron if (user_name != 0) {
56*41fbaed0Stron if ((pwd = getpwnam(user_name)) == 0)
57*41fbaed0Stron msg_fatal("unknown user: %s", user_name);
58*41fbaed0Stron uid = pwd->pw_uid;
59*41fbaed0Stron gid = pwd->pw_gid;
60*41fbaed0Stron if (setgid(gid) < 0)
61*41fbaed0Stron msg_fatal("setgid(%ld): %m", (long) gid);
62*41fbaed0Stron if (initgroups(user_name, gid) < 0)
63*41fbaed0Stron msg_fatal("initgroups: %m");
64*41fbaed0Stron }
65*41fbaed0Stron
66*41fbaed0Stron /*
67*41fbaed0Stron * Enter the jail.
68*41fbaed0Stron */
69*41fbaed0Stron if (root_dir) {
70*41fbaed0Stron if (chroot(root_dir))
71*41fbaed0Stron msg_fatal("chroot(%s): %m", root_dir);
72*41fbaed0Stron if (chdir("/"))
73*41fbaed0Stron msg_fatal("chdir(/): %m");
74*41fbaed0Stron }
75*41fbaed0Stron
76*41fbaed0Stron /*
77*41fbaed0Stron * Drop the user privileges.
78*41fbaed0Stron */
79*41fbaed0Stron if (user_name != 0)
80*41fbaed0Stron if (setuid(uid) < 0)
81*41fbaed0Stron msg_fatal("setuid(%ld): %m", (long) uid);
82*41fbaed0Stron
83*41fbaed0Stron /*
84*41fbaed0Stron * Give the desperate developer a clue of what is happening.
85*41fbaed0Stron */
86*41fbaed0Stron if (msg_verbose > 1)
87*41fbaed0Stron msg_info("chroot %s user %s",
88*41fbaed0Stron root_dir ? root_dir : "(none)",
89*41fbaed0Stron user_name ? user_name : "(none)");
90*41fbaed0Stron }
91