IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> OpenBSD 下 chroot 命令的功能完善
猫猫草
post 2010-08-24 20:55:16, Tue
Post #1


猫猫猫
***

Group: Power Cat
Posts: 626
Joined: 2006-12-8
Member No.: 2



该功能已包含在OpenBSD 4.8 源码定制

OpenBSD 下的 chroot 命令允许带 -u 和 -g 参数指定目标程序运行时的用户和组,但原本只能使用 /etc/passwd 和 /etc/group 中已有的内容,在某些需要自动化权限分离的操作时并不方便,故此进一步完善其功能

改进:
在使用 -u 和 -g 参数时,如果 /etc/passwd 和 /etc/group 中没有对应用户/组名条目,此时,若参数内容为有效的十进制无符号整数,则直接将其视为 uid/gid 使用

代码修正如下:

在编译环境的 /usr/src 目录中 patch -p1 以下内容:

代码
--- ./usr.sbin/chroot/chroot.c  Tue May 24 06:52:04 2005
+++ /build/usr/src/usr.sbin/chroot/chroot.c     Tue Aug 24 20:51:19 2010
@@ -64,6 +64,10 @@
  {
         struct group    *grp;
         struct passwd   *pwd;
+
+       struct group    grp_new;
+       struct passwd   pwd_new;
+
         const char      *shell;
         char            *user, *group, *grouplist;
         gid_t           gidlist[NGROUPS_MAX];
@@ -95,8 +99,23 @@
                 usage();
  
         if (user != NULL && (pwd = getpwnam(user)) == NULL)
-               errx(1, "no such user `%s'", user);
+       {
+               const char *_errstr;
+               uid_t uid_iteration = strtonum(user, 0, UID_MAX - 1, &_errstr);
  
+               if (_errstr)
+               {
+                       errx(1, "no such user `%s'", user);
+               }
+               else
+               {
+                       pwd = &pwd_new;
+                       pwd->pw_uid = uid_iteration;
+                       pwd->pw_gid = uid_iteration;
+                       pwd->pw_name = user;
+               }
+       }
+
         while ((group = strsep(&grouplist, ",")) != NULL) {
                 if (*group == '')
                         continue;
@@ -104,7 +123,20 @@
                 if (ngids == NGROUPS_MAX)
                         errx(1, "too many supplementary groups provided");
                 if ((grp = getgrnam(group)) == NULL)
-                       errx(1, "no such group `%s'", group);
+               {
+                       const char *_errstr;
+                       gid_t gid_iteration = strtonum(group, 0, UID_MAX - 1, &_errstr);
+
+                       if (_errstr)
+                       {
+                               errx(1, "no such group `%s'", group);
+                       }
+                       else
+                       {
+                               grp = &grp_new;
+                               grp->gr_gid = gid_iteration;
+                       }
+               }
                 gidlist[ngids++] = grp->gr_gid;
         }
  
@@ -149,7 +181,7 @@
  {
         extern char *__progname;
  
-       (void)fprintf(stderr, "usage: %s [-g group,group,...] [-u user] "
+       (void)fprintf(stderr, "usage: %s [-g group | gid,group | gid,...] [-u user | uid] "
             "newroot [command]\n", __progname);
         exit(1);
  }
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



Lo-Fi Version Time is now: 2024-12-24 11:34