OpenBSD 下 chroot 命令的功能完善 |
OpenBSD 下 chroot 命令的功能完善 |
2010-08-24 20:55:16, Tue
Post
#1
|
|
猫猫猫 Group: Power Cat Posts: 626 Joined: 2006-12-8 Member No.: 2 |
该功能已包含在OpenBSD 4.8 源码定制中
OpenBSD 下的 chroot 命令允许带 -u 和 -g 参数指定目标程序运行时的用户和组,但原本只能使用 /etc/passwd 和 /etc/group 中已有的内容,在某些需要自动化权限分离的操作时并不方便,故此进一步完善其功能 改进: 在使用 -u 和 -g 参数时,如果 /etc/passwd 和 /etc/group 中没有对应用户/组名条目,此时,若参数内容为有效的十进制无符号整数,则直接将其视为 uid/gid 使用 代码修正如下: 在编译环境的 /usr/src 目录中 patch -p1 以下内容: 代码 --- ./usr.sbin/chroot/chroot.c Tue May 24 06:52:04 2005
+++ /build/usr/src/usr.sbin/chroot/chroot.c Tue Aug 24 20:51:19 2010 @@ -64,6 +64,10 @@ { struct group *grp; struct passwd *pwd; + + struct group grp_new; + struct passwd pwd_new; + const char *shell; char *user, *group, *grouplist; gid_t gidlist[NGROUPS_MAX]; @@ -95,8 +99,23 @@ usage(); if (user != NULL && (pwd = getpwnam(user)) == NULL) - errx(1, "no such user `%s'", user); + { + const char *_errstr; + uid_t uid_iteration = strtonum(user, 0, UID_MAX - 1, &_errstr); + if (_errstr) + { + errx(1, "no such user `%s'", user); + } + else + { + pwd = &pwd_new; + pwd->pw_uid = uid_iteration; + pwd->pw_gid = uid_iteration; + pwd->pw_name = user; + } + } + while ((group = strsep(&grouplist, ",")) != NULL) { if (*group == '') continue; @@ -104,7 +123,20 @@ if (ngids == NGROUPS_MAX) errx(1, "too many supplementary groups provided"); if ((grp = getgrnam(group)) == NULL) - errx(1, "no such group `%s'", group); + { + const char *_errstr; + gid_t gid_iteration = strtonum(group, 0, UID_MAX - 1, &_errstr); + + if (_errstr) + { + errx(1, "no such group `%s'", group); + } + else + { + grp = &grp_new; + grp->gr_gid = gid_iteration; + } + } gidlist[ngids++] = grp->gr_gid; } @@ -149,7 +181,7 @@ { extern char *__progname; - (void)fprintf(stderr, "usage: %s [-g group,group,...] [-u user] " + (void)fprintf(stderr, "usage: %s [-g group | gid,group | gid,...] [-u user | uid] " "newroot [command]\n", __progname); exit(1); } |
|
|
Lo-Fi Version | Time is now: 2024-12-25 02:30 |