A chroot wrapper
This code is mostly the same as that shown in some NCSA web server doco. It chroots and switches to an ordinary user.
/** wrapper BEGINS **/
#include
#include
#include
#include
void main( int argc, char *argv[] ) {
uid_t uid;
gid_t gid;
int ierr;
char *p;
uid = 60001;
gid = 60001;
ierr = 1;
if( argc != 2 )
{
fprintf( stderr, "USAGE: %s WEB_ROOT\n", argv[0] );
fprintf( stderr, "WHERE: WEB_ROOT - is the root of the web tree\n" );
}
else
{
p = argv[1];
if( chdir(p) )
{
printf( "chdir to %s failed: %S", p );
}
else if( chroot(p) )
{
printf( "chroot to %s failed: %S\n", p );
}
// On Solaris you must setgid before you setuid otherwise you won't have
// the perms to setgid properly anyway.
else if( setgid(gid) != 0 )
{
printf( "setgid failed: %S\n" );
}
else if( setuid(uid) != 0 )
{
printf("setuid failed: %S\n" );
}
else
{
printf("about to start shell\n");
execl( "/bin/sh","sh",(char *)0 );
printf( "execl failed for httpd: %S" );
}
}
exit( ierr );
}
pablo , 2004-02-10 21:06:35