lemoncube.com Search: (normal)
Articles
Links
News
Projects

Disclaimer

A chroot wrapper

This code is mostly the same as that shown in some NCSA web server doco. It chroots and switches to an ordinary user.

/** wrapper BEGINS **/
#include 
#include 
#include 
#include 

void    main( int argc, char *argv[] ) {
  uid_t uid;
  gid_t gid;
  int   ierr;
  char  *p;

   uid = 60001;
   gid = 60001;
   ierr = 1;

  if( argc != 2 )
  {
    fprintf( stderr, "USAGE: %s WEB_ROOT\n", argv[0] );
    fprintf( stderr, "WHERE: WEB_ROOT - is the root of the web tree\n" );
  }
  else
  {
    p = argv[1];
    if( chdir(p) )
    {
       printf( "chdir to %s failed: %S", p );
    }
    else if( chroot(p) )
    {
       printf( "chroot to %s failed: %S\n", p );
    }
    // On Solaris you must setgid before you setuid otherwise you won't have
    // the perms to setgid properly anyway.
    else if( setgid(gid) != 0 )
    {
       printf( "setgid failed: %S\n" );
    }
    else if( setuid(uid) != 0 )
    {
       printf("setuid failed: %S\n" );
    }
    else
    {
      printf("about to start shell\n");
      execl( "/bin/sh","sh",(char *)0 );
      printf( "execl failed for httpd: %S" );
    }
  }
  exit( ierr );
}

pablo , 2004-02-10 21:06:35