Upgrade to version 1.3.
This commit is contained in:
Don Lewis
parent
4c26a07a15
commit
1479907f68
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=61844
@ -6,28 +6,21 @@
|
||||
#
|
||||
|
||||
PORTNAME= chrootuid
|
||||
PORTVERSION= 1.2
|
||||
PORTVERSION= 1.3
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= ftp://ftp.porcupine.org/pub/security/ \
|
||||
ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/chrootuid/
|
||||
DISTNAME= ${PORTNAME}${PORTVERSION}
|
||||
EXTRACT_SUFX= .shar.Z
|
||||
|
||||
MAINTAINER= truckman@FreeBSD.org
|
||||
|
||||
BUILD_DEPENDS= gunshar:${PORTSDIR}/archivers/gshar+gunshar
|
||||
|
||||
EXTRACT_CMD= uncompress
|
||||
EXTRACT_BEFORE_ARGS= -c
|
||||
EXTRACT_AFTER_ARGS= | gunshar -d ${WRKDIR}
|
||||
NO_WRKSUBDIR= yes
|
||||
|
||||
MAN8= chrootuid.8
|
||||
|
||||
do-install:
|
||||
.if !defined(NOPORTDOCS)
|
||||
@${MKDIR} ${PREFIX}/share/doc/chrootuid
|
||||
${INSTALL_MAN} ${WRKSRC}/README ${PREFIX}/share/doc/chrootuid
|
||||
${INSTALL_MAN} ${WRKSRC}/chrootuid_license ${PREFIX}/share/doc/chrootuid
|
||||
.endif
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/chrootuid ${PREFIX}/sbin/chrootuid
|
||||
${CP} ${WRKSRC}/chrootuid.1 ${WRKSRC}/chrootuid.8
|
||||
|
||||
@ -1 +1 @@
|
||||
MD5 (chrootuid1.2.shar.Z) = 2ebf68f6d14c42947bb5160a20729f5f
|
||||
MD5 (chrootuid1.3.tar.gz) = 15510abadf5de189e1c22a1544dc926a
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
--- chrootuid.1.orig Wed Dec 8 20:52:03 1999
|
||||
+++ chrootuid.1 Wed Dec 8 20:53:13 1999
|
||||
--- chrootuid.1.orig Wed Jul 25 09:46:59 2001
|
||||
+++ chrootuid.1 Sun Jun 23 15:01:19 2002
|
||||
@@ -1,4 +1,4 @@
|
||||
-.TH CHROOTUID 1
|
||||
+.TH CHROOTUID 8
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
--- Makefile.orig Sat Jan 22 15:59:52 2000
|
||||
+++ Makefile Sat Jan 22 16:01:26 2000
|
||||
--- Makefile.orig Thu Aug 12 07:09:31 1993
|
||||
+++ Makefile Sun Jun 23 15:01:35 2002
|
||||
@@ -1,7 +1,7 @@
|
||||
# @(#) Makefile 1.2 93/08/12 16:09:29
|
||||
|
||||
|
||||
@ -1,86 +1,6 @@
|
||||
Message #30124 (162 lines)
|
||||
From phil@globnix.org Fri Mar 31 01:56:37 2000
|
||||
Date: Fri, 31 Mar 2000 11:56:07 +0200
|
||||
From: Phil Pennock <phil@globnix.org>
|
||||
To: truckman@FreeBSD.org, wietse@PORCUPINE.ORG
|
||||
Subject: chrootuid patch for *BSD
|
||||
Organisation: Organisation? Here? No, over there ---->
|
||||
X-NIC-Handles: COCO-149560 (ignore PP8185)
|
||||
X-Disclaimer: Any views expressed in this message, where not explicitly
|
||||
attributed otherwise, are mine and mine alone. Such views
|
||||
do not necessarily coincide with those of any organisation
|
||||
or company with which I am or have been affiliated.
|
||||
X-Phase-of-Moon: The Moon is Waning Crescent (20% of Full)
|
||||
X-No-HTML: <!-- TINC
|
||||
|
||||
|
||||
--ikeVEW9yuYc//A+q
|
||||
Content-Type: text/plain; charset=us-ascii
|
||||
|
||||
This has been tested on FreeBSD, and tries to make things simple. The
|
||||
'problem' with chrootuid as stands (version 1.2) is that it does not
|
||||
initialise supplementary groups.
|
||||
|
||||
The attached patch adds this functionality. To use properly under BSD,
|
||||
add -DUSE_SYSCTL to the cc command-line - I've tested with and without
|
||||
that option. Wietse, sorry for changing the declaration of main() - I'm
|
||||
an ANSI-C type person and since I was making the other changes anyway I
|
||||
decided that I might as well.
|
||||
|
||||
Oh, and the patch also ensures that a LOG_NOTICE syslog is always
|
||||
generated when the program is invoked with enough parameters to not be
|
||||
an obvious error.
|
||||
|
||||
HTH
|
||||
--
|
||||
HTML email - just say no --> Phil Pennock
|
||||
"We've got a patent on the conquering of a country through the use of force.
|
||||
We believe in world peace through extortionate license fees." -Bluemeat
|
||||
|
||||
--ikeVEW9yuYc//A+q
|
||||
Content-Type: text/plain; charset=us-ascii
|
||||
Content-Disposition: attachment; filename="chrootuid.patch"
|
||||
|
||||
--- chrootuid.c.orig Fri Mar 31 10:56:38 2000
|
||||
+++ chrootuid.c Fri Mar 31 11:47:31 2000
|
||||
@@ -34,6 +34,7 @@
|
||||
/* VERSION/RELEASE
|
||||
/* 1.2
|
||||
/*--*/
|
||||
+/* MODIFIED FROM ORIGINAL SOURCE! <phil@globnix.org> */
|
||||
|
||||
#ifndef lint
|
||||
static char sccsid[] = "@(#) chrootuid.c 1.2 93/08/15 22:19:27";
|
||||
@@ -41,14 +42,25 @@
|
||||
|
||||
/* System libraries. */
|
||||
|
||||
+#include <stdlib.h>
|
||||
#include <pwd.h>
|
||||
#include <syslog.h>
|
||||
+#include <sys/param.h>
|
||||
+#ifdef USE_SYSCTL
|
||||
+# include <sys/types.h>
|
||||
+# include <sys/sysctl.h>
|
||||
+#else
|
||||
+# ifndef NGROUPS
|
||||
+# define NGROUPS 16
|
||||
+# endif
|
||||
+#endif
|
||||
|
||||
-main(argc, argv)
|
||||
-int argc;
|
||||
-char **argv;
|
||||
+int
|
||||
+main(int argc, char *argv[])
|
||||
{
|
||||
struct passwd *pwd;
|
||||
+ int *groups;
|
||||
+ int ngroups;
|
||||
|
||||
/*
|
||||
* Open a channel to the syslog daemon. Older versions of openlog()
|
||||
@@ -71,6 +83,10 @@
|
||||
--- chrootuid.c.orig Wed Jul 25 09:47:44 2001
|
||||
+++ chrootuid.c Sun Jun 23 15:06:10 2002
|
||||
@@ -81,6 +81,10 @@
|
||||
syslog(LOG_ERR, "usage: %s path user command", argv[0]);
|
||||
return (0);
|
||||
}
|
||||
@ -91,47 +11,3 @@ Content-Disposition: attachment; filename="chrootuid.patch"
|
||||
/* Must step into the new subtree. */
|
||||
|
||||
if (chdir(argv[1])) {
|
||||
@@ -83,6 +99,30 @@
|
||||
syslog(LOG_ERR, "%s: user unknown", argv[2]);
|
||||
return (0);
|
||||
}
|
||||
+#ifdef USE_SYSCTL
|
||||
+ {
|
||||
+ int mib[2];
|
||||
+ size_t len;
|
||||
+
|
||||
+ mib[0] = CTL_KERN;
|
||||
+ mib[1] = KERN_NGROUPS;
|
||||
+ len = sizeof(ngroups);
|
||||
+ if (sysctl(mib, 2, &ngroups, &len, NULL, 0)) {
|
||||
+ syslog(LOG_ERR, "failed to get kern.ngroups: %m");
|
||||
+ return (0);
|
||||
+ }
|
||||
+ }
|
||||
+#else
|
||||
+ ngroups = NGROUPS;
|
||||
+#endif
|
||||
+ if (!(groups = calloc(ngroups, sizeof(int)))) {
|
||||
+ syslog(LOG_ERR, "failed to allocate memory: %m");
|
||||
+ return (0);
|
||||
+ }
|
||||
+ if (getgrouplist(argv[2], pwd->pw_gid, groups, &ngroups) == -1) {
|
||||
+ syslog(LOG_WARNING, "failed to get all groups for user '%s': %m",
|
||||
+ argv[2]);
|
||||
+ }
|
||||
/* Do the chroot() before giving away root privileges. */
|
||||
|
||||
if (chroot(argv[1])) {
|
||||
@@ -94,6 +134,9 @@
|
||||
if (setgid(pwd->pw_gid)) {
|
||||
syslog(LOG_ERR, "setgid(%d): %m", pwd->pw_gid);
|
||||
return (0);
|
||||
+ }
|
||||
+ if (setgroups(ngroups, (const gid_t *)groups)) {
|
||||
+ syslog(LOG_WARNING, "setgroups failed: %m");
|
||||
}
|
||||
if (setuid(pwd->pw_uid)) {
|
||||
syslog(LOG_ERR, "setuid(%d): %m", pwd->pw_uid);
|
||||
|
||||
--ikeVEW9yuYc//A+q--
|
||||
|
||||
|
||||
@ -1,11 +0,0 @@
|
||||
--- Makefile.orig Wed Jun 21 03:47:29 2000
|
||||
+++ Makefile Wed Jun 21 03:48:17 2000
|
||||
@@ -6,7 +6,7 @@
|
||||
all: chrootuid chrootuid.1
|
||||
|
||||
chrootuid: chrootuid.c
|
||||
- $(CC) $(CFLAGS) -o $@ $?
|
||||
+ $(CC) $(CFLAGS) -DUSE_SYSCTL -o $@ $?
|
||||
|
||||
#chrootuid.1: chrootuid.c
|
||||
# srctoman $? >$@
|
||||
@ -1,3 +1,4 @@
|
||||
sbin/chrootuid
|
||||
share/doc/chrootuid/README
|
||||
share/doc/chrootuid/chrootuid_license
|
||||
@dirrm share/doc/chrootuid
|
||||
|
||||
Loading…
Reference in New Issue
Block a user