emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make xbps_file_*_exec() always chroot if uid==0 and /bin/sh (+x, relative) exists.

Browse Source
This commit is contained in:
Juan RP 2010-11-06 06:40:19 +01:00
parent 74500381ff
commit f8629652da
1 changed files with 24 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lib/fexec.c
View File

@ -51,27 +51,35 @@ pfcexec(const char *path, const char *file, const char **argv)
{ {
pid_t child; pid_t child;
int status; int status;
bool do_chroot = false;
child = vfork(); child = vfork();
switch (child) { switch (child) {
case 0: case 0:
if (path != NULL) { if (getuid() == 0 && access("./bin/sh", X_OK) == 0)
do_chroot = true;
/* /*
* If root and /bin/sh exists chroot to * If uid==0 and /bin/sh exists, we can change root directory,
* destdir and exec the command. Otherwise * fork and execute the command. Otherwise just change current
* just change CWD to destdir. * directory and fork/execute.
*/ */
if (getuid() == 0 && access("./bin/sh", X_OK) == 0) { if (path && do_chroot) {
if (chroot(path) == -1) if (chroot(path) == -1)
_exit(127); _exit(127);
if (chdir("/") == -1) if (chdir("/") == -1)
_exit(127); _exit(127);
} else { } else if (path && !do_chroot) {
if (chdir(path) == -1) if (chdir(path) == -1)
_exit(127); _exit(127);
} else if (!path && do_chroot) {
if (chroot(".") == -1)
_exit(127);
if (chdir("/") == -1)
_exit(127);
} }
}
(void)execvp(file, (char ** const)__UNCONST(argv)); (void)execvp(file, __UNCONST(argv));
_exit(127); _exit(127);
/* NOTREACHED */ /* NOTREACHED */
case -1: case -1: