1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
Index: util-vserver-0.30.210/ensc_wrappers/wrappers-unistd.hc
===================================================================
--- util-vserver-0.30.210.orig/ensc_wrappers/wrappers-unistd.hc
+++ util-vserver-0.30.210/ensc_wrappers/wrappers-unistd.hc
@@ -156,6 +156,12 @@ Esetgroups(size_t size, const gid_t *lis
{
FatalErrnoError(setgroups(size, list)==-1, "setgroups()");
}
+
+inline static void
+Einitgroups(const char *user, gid_t group)
+{
+ FatalErrnoError(initgroups(user, group)==-1, "initgroups()");
+}
#endif
inline static WRAPPER_DECL int
Index: util-vserver-0.30.210/scripts/vserver
===================================================================
--- util-vserver-0.30.210.orig/scripts/vserver
+++ util-vserver-0.30.210/scripts/vserver
@@ -212,15 +212,15 @@ case "$2" in
;;
(exec)
shift 2
- suexec root "$@"
+ suexec 0 "$@"
;;
(chkconfig)
shift 2
- suexec root chkconfig "$@"
+ suexec 0 chkconfig "$@"
;;
(enter)
getEnterShell "$VSERVER_DIR"
- suexec root "${ENTER_SHELL[@]}"
+ suexec 0 "${ENTER_SHELL[@]}"
;;
(running)
isVserverRunning "$VSERVER_DIR"
Index: util-vserver-0.30.210/src/vcontext.c
===================================================================
--- util-vserver-0.30.210.orig/src/vcontext.c
+++ util-vserver-0.30.210/src/vcontext.c
@@ -1,6 +1,6 @@
// $Id: vcontext.c,v 1.18 2005/04/28 18:08:12 ensc Exp $ --*- c -*--
-// Copyright (C) 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
+// Copyright (C) 2004-2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
@@ -33,6 +33,9 @@
#include <sys/un.h>
#include <assert.h>
#include <signal.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
#include <linux/personality.h>
@@ -104,7 +107,7 @@ struct Arguments {
uint_least32_t personality_type;
int verbosity;
bool do_chroot;
- uid_t uid;
+ char const * uid;
xid_t xid;
char const * sync_sock;
char const * sync_msg;
@@ -159,7 +162,7 @@ showVersion()
WRITE_MSG(1,
"vcontext " VERSION " -- manages the creation of security contexts\n"
"This program is part of " PACKAGE_STRING "\n\n"
- "Copyright (C) 2004 Enrico Scholz\n"
+ "Copyright (C) 2004-2006 Enrico Scholz\n"
VERSION_COPYRIGHT_DISCLAIMER);
exit(0);
}
@@ -275,9 +278,35 @@ doit(struct Arguments const *args, char
if (args->do_migrate && !args->do_migrateself)
Evc_ctx_migrate(xid);
- if (args->uid!=(uid_t)(-1) && getuid()!=args->uid) {
- Esetuid(args->uid);
- if (getuid()!=args->uid) {
+ if (args->uid != NULL) {
+ uid_t uid = 0;
+ unsigned long tmp;
+
+ if (!isNumberUnsigned(args->uid, &tmp, false)) {
+#ifdef __dietlibc__
+ struct passwd *pw;
+ pw = getpwnam(args->uid);
+ if (pw == NULL) {
+ WRITE_MSG(2, ENSC_WRAPPERS_PREFIX "Username '");
+ WRITE_STR(2, args->uid);
+ WRITE_MSG(2, "' does not exist\n");
+ return wrapper_exit_code;
+ }
+ uid = pw->pw_uid;
+ Einitgroups(args->uid, pw->pw_gid);
+ Esetgid(pw->pw_gid);
+#else
+ WRITE_MSG(2, ENSC_WRAPPERS_PREFIX "Uid '");
+ WRITE_STR(2, args->uid);
+ WRITE_MSG(2, "' is not a number\n");
+ return wrapper_exit_code;
+#endif
+ }
+ else
+ uid = (uid_t) tmp;
+
+ Esetuid((uid_t) uid);
+ if (getuid()!=uid) {
WRITE_MSG(2, ENSC_WRAPPERS_PREFIX "Something went wrong while changing the UID\n");
exit(wrapper_exit_code);
}
@@ -345,7 +374,7 @@ int main (int argc, char *argv[])
.is_silentexist = false,
.set_namespace = false,
.verbosity = 1,
- .uid = -1,
+ .uid = NULL,
.xid = VC_DYNAMIC_XID,
.personality_type = VC_BAD_PERSONALITY,
.personality_flags = 0,
@@ -369,7 +398,7 @@ int main (int argc, char *argv[])
case CMD_SILENTEXIST : args.is_silentexist = true; break;
case CMD_SYNCSOCK : args.sync_sock = optarg; break;
case CMD_SYNCMSG : args.sync_msg = optarg; break;
- case CMD_UID : args.uid = atol(optarg); break;
+ case CMD_UID : args.uid = optarg; break;
case CMD_XID : args.xid = Evc_xidopt2xid(optarg,true); break;
case CMD_SILENT : --args.verbosity; break;
case CMD_PERSTYPE :
|