--- chrootuid-1.3.orig/chrootuid.1 +++ chrootuid-1.3/chrootuid.1 @@ -8,7 +8,7 @@ .SH SYNOPSIS .na .nf -\fBchrootuid\fR \fInewroot newuser command\fR... +\fBchrootuid\fR [-i] \fInewroot newuser command\fR... .SH DESCRIPTION .ad .fi @@ -24,19 +24,32 @@ in the restricted environment. Only the superuser can use the \fBchrootuid\fR command. + +.SH OPTIONS +.ad +.fi +There is only one option for \fBchrootuid\fR: -i. That option makes it +run in \fIinteractive\fR mode. Errors will be printed on stderr instead of through +syslog and the exit status will be 1 if there are any errors. + +.SH RETURN CODES +.ad +.fi +The exit status of \fBchrootuid\fR when running on \fIdaemon\fR mode +(default) is always 0. + +If it is running on \fIinteractive\fR mode, it will exit with an exit status of +1 if there is any error in its invocation, otherwise the exit status is the +exit status of \fIcommand\fR. .SH DIAGNOSTICS .ad .fi -The exit status is 1 when \fBchrootuid\fR has a problem, otherwise -the exit status is the exit status of \fIcommand\fR. +Problems are reported to the syslog daemon if running on \fIdaemon\fR mode. +If running on \fIinteractive\fR mode, errors are reported on stderr. .SH SEE ALSO .na .nf chroot(8), su(1) -.SH DIAGNOSTICS -.ad -.fi -Problems are reported to the syslog daemon. .SH AUTHOR(S) .na .nf @@ -55,7 +68,7 @@ .SH LAST MODIFICATION .na .nf -Wed Jul 25 11:25:08 EDT 2001 +Mon May 20 22:49:02 CEST 2007 .SH VERSION/RELEASE .na .nf --- chrootuid-1.3.orig/patch +++ chrootuid-1.3/patch @@ -0,0 +1,96 @@ +--- chrootuid-1.3/chrootuid.c.orig 2002-12-11 15:28:44 +0200 ++++ chrootuid-1.3/chrootuid.c 2002-12-11 15:42:57 +0200 +@@ -50,9 +50,11 @@ + + #include + #include ++#include ++#include ++#include + #include + #include +-#include + + int main(argc, argv) + int argc; +@@ -65,12 +67,6 @@ + * require only two arguments. + */ + +-#ifdef LOG_DAEMON +- (void) openlog(argv[0], LOG_PID | LOG_NDELAY, LOG_DAEMON); +-#else +- (void) openlog(argv[0], LOG_PID); +-#endif +- + /* + * Require proper amount of arguments. In all cases of error, exit with + * zero status because we have already reported the problem via syslogd. +@@ -78,44 +74,44 @@ + */ + + if (argc < 4) { +- syslog(LOG_ERR, "usage: %s path user command", argv[0]); +- return (0); ++ fprintf(stderr,"usage: %s path user command\n", argv[0]); ++ return (1); + } + /* Must step into the new subtree. */ + + if (chdir(argv[1])) { +- syslog(LOG_ERR, "chdir(%s): %m", argv[1]); +- return (0); ++ fprintf(stderr, "chdir(%s): %s\n", argv[1], strerror(errno)); ++ return (1); + } + /* The user must be known in the *unrestricted* universe... */ + + if ((pwd = getpwnam(argv[2])) == 0) { +- syslog(LOG_ERR, "%s: user unknown", argv[2]); +- return (0); ++ fprintf(stderr, "%s: user unknown\n", argv[2]); ++ return (1); + } + /* initgroups() accesses the group file in the unrestricted universe... */ + + if (initgroups(pwd->pw_name, pwd->pw_gid) < 0) { +- syslog(LOG_ERR, "initgroups: %m"); +- return (0); ++ fprintf(stderr, "initgroups: %s\n", strerror(errno)); ++ return (1); + } + endgrent(); + + /* Do the chroot() before giving away root privileges. */ + + if (chroot(argv[1])) { +- syslog(LOG_ERR, "chroot(%s): %m", argv[1]); +- return (0); ++ fprintf(stderr, "chroot(%s): %s\n", argv[1], strerror(errno)); ++ return (1); + } + /* Switch group id then user id. */ + + if (setgid(pwd->pw_gid)) { +- syslog(LOG_ERR, "setgid(%d): %m", pwd->pw_gid); +- return (0); ++ fprintf(stderr, "setgid(%d): %s\n", pwd->pw_gid, strerror(errno)); ++ return (1); + } + if (setuid(pwd->pw_uid)) { +- syslog(LOG_ERR, "setuid(%d): %m", pwd->pw_uid); +- return (0); ++ fprintf(stderr, "setuid(%d): %s\n", pwd->pw_uid, strerror(errno)); ++ return (1); + } + /* In case we still have the /etc/passwd file still open. */ + +@@ -124,6 +120,6 @@ + /* Run the command and hope for the best. */ + + (void) execv(argv[3], argv + 3); +- syslog(LOG_ERR, "%s: %m", argv[3]); +- return (0); ++ fprintf(stderr, "%s: %s", argv[3], strerror(errno)); ++ return (1); + } --- chrootuid-1.3.orig/chrootuid.c +++ chrootuid-1.3/chrootuid.c @@ -50,15 +50,23 @@ #include #include +#include +#include +#include #include #include #include +extern char *optarg; +extern int optind, opterr, optopt; + int main(argc, argv) int argc; char **argv; { struct passwd *pwd; + int interactive = 1; + int optstart = 0; /* * Open a channel to the syslog daemon. Older versions of openlog() @@ -77,45 +85,91 @@ * No need to make inetd complain, too. */ - if (argc < 4) { - syslog(LOG_ERR, "usage: %s path user command", argv[0]); + /* If we use -i, skip it over and increment optstart */ + /* we cannot use the getopt library using: + * if (getopt(argc, argv, "i") != -1) { + * in order to preserve the arguments provided to the command + * This means that -i must be the *first* (and only) argument */ + if ( argv[1] != NULL && strncmp(argv[1], "-i", 2) == 0 ) { + interactive = 0; + optstart++; + } + + if (argc-optstart < 4) { + if (interactive) { + syslog(LOG_ERR, "usage: %s [-i] path user command", argv[0]); + } else { + fprintf(stderr,"usage: %s [-i] path user command\n", argv[0]); + return (1); + } return (0); } /* Must step into the new subtree. */ - if (chdir(argv[1])) { - syslog(LOG_ERR, "chdir(%s): %m", argv[1]); - return (0); + if (chdir(argv[1+optstart])) { + if (interactive) { + syslog(LOG_ERR, "chdir(%s): %m", argv[1+optstart]); + return (0); + } else { + fprintf(stderr, "chdir(%s): %s\n", argv[1+optstart], strerror(errno)); + return (1); + } } /* The user must be known in the *unrestricted* universe... */ - if ((pwd = getpwnam(argv[2])) == 0) { - syslog(LOG_ERR, "%s: user unknown", argv[2]); - return (0); + if ((pwd = getpwnam(argv[2+optstart])) == 0) { + if (interactive) { + syslog(LOG_ERR, "%s: user unknown", argv[2+optstart]); + return (0); + } else { + fprintf(stderr, "%s: user unknown\n", argv[2+optstart]); + return (1); + } } /* initgroups() accesses the group file in the unrestricted universe... */ if (initgroups(pwd->pw_name, pwd->pw_gid) < 0) { - syslog(LOG_ERR, "initgroups: %m"); - return (0); + if (interactive) { + syslog(LOG_ERR, "initgroups: %m"); + return (0); + } else { + fprintf(stderr, "initgroups: %s\n", strerror(errno)); + return (1); + } } endgrent(); /* Do the chroot() before giving away root privileges. */ - if (chroot(argv[1])) { - syslog(LOG_ERR, "chroot(%s): %m", argv[1]); - return (0); + if (chroot(argv[1+optstart])) { + if (interactive) { + syslog(LOG_ERR, "chroot(%s): %m", argv[1+optstart]); + return (0); + } else { + fprintf(stderr, "chroot(%s): %s\n", argv[1+optstart], strerror(errno)); + return (1); + } + } /* Switch group id then user id. */ if (setgid(pwd->pw_gid)) { - syslog(LOG_ERR, "setgid(%d): %m", pwd->pw_gid); - return (0); + if (interactive) { + syslog(LOG_ERR, "setgid(%d): %m", pwd->pw_gid); + return (0); + } else { + fprintf(stderr, "setgid(%d): %s\n", pwd->pw_gid, strerror(errno)); + return (1); + } } if (setuid(pwd->pw_uid)) { - syslog(LOG_ERR, "setuid(%d): %m", pwd->pw_uid); - return (0); + if (interactive) { + syslog(LOG_ERR, "setuid(%d): %m", pwd->pw_uid); + return (0); + } else { + fprintf(stderr, "setuid(%d): %s\n", pwd->pw_uid, strerror(errno)); + return (1); + } } /* In case we still have the /etc/passwd file still open. */ @@ -123,7 +177,11 @@ /* Run the command and hope for the best. */ - (void) execv(argv[3], argv + 3); - syslog(LOG_ERR, "%s: %m", argv[3]); - return (0); + (void) execv(argv[3+optstart], argv + 3+optstart); + if (interactive) { + syslog(LOG_ERR, "%s: %m", argv[3+optstart]); + return (0); + } + fprintf(stderr, "%s: %s", argv[3+optstart], strerror(errno)); + return (1); } --- chrootuid-1.3.orig/Makefile +++ chrootuid-1.3/Makefile @@ -1,7 +1,8 @@ # @(#) Makefile 1.2 93/08/12 16:09:29 FILES = README Makefile chrootuid.c chrootuid.1 -CFLAGS = -O +CFLAGS = -O2 +PREFIX = /usr/local all: chrootuid chrootuid.1 @@ -15,8 +16,8 @@ @shar $(FILES) install: chrootuid.1 chrootuid - cp chrootuid /usr/local/bin - cp chrootuid.1 /usr/local/man/man1 + cp chrootuid $(PREFIX)/bin + cp chrootuid.1 $(PREFIX)/man/man1 clean: rm -f *.o core chrootuid --- chrootuid-1.3.orig/debian/dirs +++ chrootuid-1.3/debian/dirs @@ -0,0 +1,2 @@ +usr/bin +usr/share/lintian/overrides/ --- chrootuid-1.3.orig/debian/docs +++ chrootuid-1.3/debian/docs @@ -0,0 +1 @@ +README --- chrootuid-1.3.orig/debian/rules +++ chrootuid-1.3/debian/rules @@ -0,0 +1,56 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +build: build-stamp +build-stamp: + dh_testdir + $(MAKE) + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + -$(MAKE) clean + dh_clean + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + install -m 755 chrootuid $(CURDIR)/debian/chrootuid/usr/bin/ + install -m 644 debian/overrides $(CURDIR)/debian/chrootuid/usr/share/lintian/overrides/chrootuid + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installdocs README chrootuid_license + dh_installexamples + dh_installmenu + dh_installcron + dh_installman chrootuid.1 + dh_installinfo + dh_installchangelogs + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- chrootuid-1.3.orig/debian/copyright +++ chrootuid-1.3/debian/copyright @@ -0,0 +1,36 @@ +This package was debianized by Javier Fernandez-Sanguino Peña +Thu, 25 Oct 2001 00:22:40 +0200. + +It was downloaded from http://www.porcupine.org + +Upstream Author: Wietse Venema + +Copyright: + + (c) 2001 Wietse Venema + +License: +(original license with PGP signature available at /usr/share/doc/chrootuid) + +As of July 25, 2001, the text below constitutes the chrootuid license. + + /* + * Copyright 2001 by Wietse Venema. All rights reserved. Some individual + * files may be covered by other copyrights. + * + * This material was originally written and compiled by Wietse Venema at + * Eindhoven University of Technology, The Netherlands, in 1990, 1991, 1992, + * 1993, 1994 and 1995. + * + * Later versions are maintained by Wietse Venema at IBM T.J. Watson Research, + * Hawthorne, USA, in 2001. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that this entire copyright notice is + * duplicated in all such copies. + * + * This software is provided "as is" and without any expressed or implied + * warranties, including, without limitation, the implied warranties of + * merchantibility and fitness for any particular purpose. + */ + --- chrootuid-1.3.orig/debian/overrides +++ chrootuid-1.3/debian/overrides @@ -0,0 +1 @@ +chrootuid: extra-license-file usr/share/doc/chrootuid/chrootuid_license --- chrootuid-1.3.orig/debian/control +++ chrootuid-1.3/debian/control @@ -0,0 +1,21 @@ +Source: chrootuid +Section: admin +Priority: optional +Maintainer: Javier Fernandez-Sanguino Pen~a +Build-Depends: debhelper (>> 3.0.0) +Standards-Version: 3.9.1.0 +Homepage: http://ftp.porcupine.org/pub/security/index.html + +Package: chrootuid +Architecture: any +Depends: ${shlibs:Depends} +Description: Run commands in restricted environments + Chrootuid makes it easy to run a network service at low privilege + level and with restricted file system access. The daemons have access only + to their own directory tree, and run under a low-privileged userid. + . + In the past it has been used to run the gopher and www + (world-wide web) network. It can be used nowadays also for proxy servers. + The arrangement greatly reduces the impact of possible loopholes in + network software. + --- chrootuid-1.3.orig/debian/changelog +++ chrootuid-1.3/debian/changelog @@ -0,0 +1,55 @@ +chrootuid (1.3-6) unstable; urgency=low + + * Change maintainer's e-mail address + * Use debhelper compatibility version 4 + * Update Standards-Version, no changes needed. + * Added a Homepage: to debian/control + * Convert debian/copyright to UTF-8 + * debian/rules: Cleanup and remove unnecessary configure target + + -- Javier Fernandez-Sanguino Pen~a Sun, 12 Jun 2011 17:39:21 +0200 + +chrootuid (1.3-5) unstable; urgency=low + + * Do not use getopt as this interferes with the options provided to the + command that chrootuid calls. Use a simple scan of the command line + instead. (Closes: #358980) + * Change usage line in the program to reflect the -i option + * Improve the previous changelog entry giving proper credit. + * Use debhelper compatibility version 4 + * Improve the manpage to explain better what the expected exit status are. + + -- Javier Fernandez-Sanguino Pen~a Mon, 07 May 2007 22:38:04 +0200 + +chrootuid (1.3-4) unstable; urgency=low + + * Add new interactive mode (-i) to make it output errors on stderr and + exit with 1 if something fails (patch provided by Yauhen Kharuzhy from + the ALT Linux distribution slightly modified). The default mode is the + daemon (inetd) mode: errors are logged to syslog and exit status is 0 + (regadless of any errors after the execve). Also change manpage + accordingly. (Closes: #328444) + + -- Javier Fernandez-Sanguino Pen~a Sun, 20 Nov 2005 16:25:03 +0100 + +chrootuid (1.3-3) unstable; urgency=low + + * Add -O2 with compilation (Closes: #180804) + + -- Javier Fernandez-Sanguino Pen~a Thu, 13 Feb 2003 20:30:15 +0100 + +chrootuid (1.3-2) unstable; urgency=low + + * Previous version was not released to the Debian archive, this is. + (Closes: #117996) + * This version provides the original copyright file (since it's PGP + signed) even if included partially in the debian copyright file. + + -- Javier Fernandez-Sanguino Pen~a Thu, 2 May 2002 00:12:30 +0200 + +chrootuid (1.3-1) unstable; urgency=low + + * Initial Release. + + -- Javier Fernandez-Sanguino Pen~a Thu, 25 Oct 2001 00:22:40 +0200 + --- chrootuid-1.3.orig/debian/compat +++ chrootuid-1.3/debian/compat @@ -0,0 +1 @@ +5