From owner-freebsd-current  Mon Mar 24  8: 5:40 2003
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D256E37B401
	for <current@freebsd.org>; Mon, 24 Mar 2003 08:05:27 -0800 (PST)
Received: from relay.macomnet.ru (relay.macomnet.ru [195.128.64.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7EEB943FB1
	for <current@freebsd.org>; Mon, 24 Mar 2003 08:05:26 -0800 (PST)
	(envelope-from maxim@macomnet.ru)
Received: from news1.macomnet.ru (news1.macomnet.ru [195.128.64.14])
	by relay.macomnet.ru (8.11.6/8.11.6) with ESMTP id h2OG5O51924339
	for <current@freebsd.org>; Mon, 24 Mar 2003 19:05:24 +0300 (MSK)
Date: Mon, 24 Mar 2003 19:05:24 +0300 (MSK)
From: Maxim Konovalov <maxim@macomnet.ru>
To: current@freebsd.org
Subject: jail(8) setuid-before-exec patch
Message-ID: <20030324182942.O51952@news1.macomnet.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Status: No, hits=-6.0 required=5.0
	tests=PATCH_UNIFIED_DIFF
	autolearn=ham	version=2.50
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp)
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

Hello,

Here is a patch which gives to jail(8) an ability to specify a user
context before execv(3).  Comments/suggestions?

P.S. I am aware of bin/44320.

Index: Makefile
===================================================================
RCS file: /home/ncvs/src/usr.sbin/jail/Makefile,v
retrieving revision 1.8
diff -u -r1.8 Makefile
--- Makefile	20 Jul 2001 06:19:52 -0000	1.8
+++ Makefile	21 Mar 2003 14:16:25 -0000
@@ -2,6 +2,7 @@

 PROG=	jail
 MAN=	jail.8
+LDADD=	-lutil

 WARNS?=	2

Index: jail.8
===================================================================
RCS file: /home/ncvs/src/usr.sbin/jail/jail.8,v
retrieving revision 1.41
diff -u -r1.41 jail.8
--- jail.8	18 Mar 2003 14:01:02 -0000	1.41
+++ jail.8	24 Mar 2003 15:06:08 -0000
@@ -41,11 +41,28 @@
 .Nd "imprison process and its descendants"
 .Sh SYNOPSIS
 .Nm
+.Op Fl u Ar username
 .Ar path hostname ip-number command ...
 .Sh DESCRIPTION
 The
 .Nm
 utility imprisons a process and all future descendants.
+.Pp
+The options are as follows:
+.Bl -tag -width ".Fl u Ar username"
+.It Fl u Ar username
+The user name as whom the
+.Ar command
+should run.
+.It Ar path
+Directory which is to be the root of the prison.
+.It Ar hostname
+Hostname of the prison.
+.It Ar ip-number
+IP number assigned to the prison.
+.It Ar command
+Pathname of the program which is to be executed.
+.El
 .Pp
 Please see the
 .Xr jail 2
Index: jail.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/jail/jail.c,v
retrieving revision 1.8
diff -u -r1.8 jail.c
--- jail.c	22 Apr 2002 13:44:43 -0000	1.8
+++ jail.c	21 Mar 2003 16:15:15 -0000
@@ -10,44 +10,97 @@
  *
  */

-#include <sys/types.h>
+#include <sys/param.h>
 #include <sys/jail.h>

 #include <netinet/in.h>
 #include <arpa/inet.h>

 #include <err.h>
+#include <grp.h>
+#include <login_cap.h>
+#include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>

+static void	usage(void);
+
 int
 main(int argc, char **argv)
 {
+	login_cap_t *lcap;
 	struct jail j;
-	int i;
+	struct passwd *pwd;
 	struct in_addr in;
+	int ch, groups[NGROUPS], i, ngroups;
+	char *username;
+
+	username = NULL;
+
+	while ((ch = getopt(argc, argv, "u:")) != -1)
+		switch (ch) {
+		case 'u':
+			username = optarg;
+			break;
+		default:
+			usage();
+			break;
+		}
+	argc -= optind;
+	argv += optind;
+	if (argc < 4)
+		usage();

-	if (argc < 5)
-		errx(1, "usage: %s path hostname ip-number command ...\n",
-		    argv[0]);
-	i = chdir(argv[1]);
+	if (username != NULL) {
+		pwd = getpwnam(username);
+		if (pwd == NULL)
+			err(1, "getpwnam %s", username);
+		lcap = login_getpwclass(pwd);
+		if (lcap == NULL)
+			err(1, "getpwclass failed", username);
+		ngroups = NGROUPS;
+		i = getgrouplist(username, pwd->pw_gid, groups, &ngroups);
+		if (i)
+			err(1, "getgrouplist %s", username);
+	}
+	i = chdir(argv[0]);
 	if (i)
-		err(1, "chdir %s", argv[1]);
+		err(1, "chdir %s", argv[0]);
 	memset(&j, 0, sizeof(j));
 	j.version = 0;
-	j.path = argv[1];
-	j.hostname = argv[2];
-	i = inet_aton(argv[3], &in);
+	j.path = argv[0];
+	j.hostname = argv[1];
+	i = inet_aton(argv[2], &in);
 	if (!i)
 		errx(1, "Couldn't make sense of ip-number\n");
 	j.ip_number = ntohl(in.s_addr);
 	i = jail(&j);
 	if (i)
 		err(1, "Imprisonment failed");
-	i = execv(argv[4], argv + 4);
+	if (username != NULL) {
+		i = setgroups(ngroups, groups);
+		if (i)
+			err(1, "setgroups failed");
+		i = setgid(pwd->pw_gid);
+		if (i)
+			err(1, "setgid failed");
+		i = setusercontext(lcap, pwd, pwd->pw_uid,
+		    LOGIN_SETALL & ~LOGIN_SETGROUP);
+		if (i)
+			err(1, "setusercontext failed");
+	}
+	i = execv(argv[3], argv + 3);
 	if (i)
-		err(1, "execv(%s)", argv[4]);
+		err(1, "execv(%s)", argv[3]);
 	exit (0);
+}
+
+static void
+usage(void)
+{
+
+	errx(1,
+	    "Usage: jail [-u username] path hostname ip-number command ...");
 }

%%%

-- 
Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message