有人在这个程序中看到任何问题吗 [英] Does anyone see any problem in this program

问题描述

没有得到答案后，我喜欢

After not getting an answer I liked for this question about chroot, I went and rolled my own solution:

#include <unistd.h>
#include <sys/types.h>
#include <pwd.h>
#include <stdio.h>
extern char **environ;

int main(int argc, char** argv, char** envp) {
  char* path = "/";
  char* name = "nobody";
  char* exe = "/bin/false";
  struct passwd *pass;

  if(argc < 4) { printf("Need more args: username chroot exe args...\n"); return 1; }
  name = argv[1];
  path = argv[2];
  exe = argv[3];

  if(!(pass = getpwnam(name))) { printf("Unknown user %s", name); return 2; }

  if(chroot(path)) {
    if(errno == EPERM) { printf("chroot not allowed\n"); return 3; }
    printf("chroot failed\n");
    return 4;
  }
  chdir("/");

  if(setgid(pass->pw_gid)) { printf("setgid failed: %d\n", pass->pw_gid); return 5; }
  if(setuid(pass->pw_uid)) { printf("setuid failed: %d\n", pass->pw_uid); return 6; }

  environ = envp;
  execvp(exe, argv + 3);

  printf("exec of %s failed\n", exe);
  return 7;
}

有人能看到其中的任何错误吗?(甚至更好的是，知道使它冗余的工具)?

Does anyone see any bugs in that (or even better, know of a tool that makes it redundant)?

推荐答案

1. 如果仍然覆盖默认值，为什么还要将默认值分配给path，name，exe?
2. 您不应从main()内部返回负值.它使实际的返回值不清楚，因为POSIX仅使用它的8个最低有效位(即-1返回为255等).
3. 您不应该依赖getuid()； chroot()也可以使用CAP_SYS_CHROOT功能.相反，您可以尝试chroot()并检查errno == EPERM.
4. chroot()不会更改当前工作目录；我想您也应该致电chdir().
5. environ = envp分配的确切作用是什么?好像很黑.
6. 无论如何，您都可以添加更好的错误报告.

1. Why do you assign defaults to path, name, exe, if you overwrite them anyway?
2. You should not return negative values from within main(). It makes the actual return value unclear, as POSIX uses only the 8 least significant bits of it (i.e. -1 is returned as 255, etc.).
3. You shouldn't rely on getuid(); chroot() would work CAP_SYS_CHROOT capability too. Instead, you could try to chroot() and check if errno == EPERM.
4. chroot() doesn't change the current working directory; I think you should call chdir() too.
5. What does environ = envp assignment exactly do? It seems hacky.
6. In any case, you could add better error reporting.

最后， chrootuid 可能是您正在寻找的工具

And finally, chrootuid is probably the tool you were looking for.

这篇关于有人在这个程序中看到任何问题吗的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！