OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ted Goodridge, Jr (tedgoodridgejr_at_acm.org)
Date: Mon Feb 03 2003 - 00:16:11 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hrm, it stripped my attachment. Here it is inline.

    /* This quick C program wraps around any program or daemon and allows it
      to run in a chroot'ed enviornment with reduced priveledges of any gid
      uid of choice from the command line.
      The excel() function call could use some work for more flexibility.
      This code was based on a howto at
      http://www.sans.org/rr/linux/daemons.php
      The syntax for this command is:
      "chrootwrap <chroot dir> <gid> <uid> <command> <single argument -
    optional>'

       This program must be executed as root.

    Ted Goodridge
    tedgoodridgejracm.org

    */

    #include <unistd.h>
    #include <sys/types.h>
    #include <errno.h>

    /* function prototypes */
    int main (int argc, char *argv[]);
    int printError(int error);
    /* ------------------------------- */

    int printError(int error) {
    /* This function produces the error output based on error. */
    switch (error) {
            case EPERM : printf ("Operation not permitted\n");
                            break;
            case EACCES: printf("You do not have permission to that path\n");
                            break;
            case ENOTDIR: printf("That is not a directory\n");
                            break;
            case ENOENT: printf("That directory does not exist\n");
                            break;
            case EIO: printf("I/O error!\n");
                            break;
            default:
                     printf("Unknown error!\n");
            } //switch (error)
    return 0;
    } //printErroR

    int main (int argc, char *argv[]) {
      int gidlist[] = {atoi(argv[2])};
      if(chroot(argv[1])){
     printError(errno);
     printf("Unable to change the root, exiting.\n");
       exit(1);
      }//end if
      chdir("/");

      if(setgid(atoi(argv[2]))) {
     printf("unable to setgid!\n");
      exit(1);
      }

      if(setgroups(1,gidlist)) { // also, could use initgroups
     printf("unable to set groups!\n");
     exit(1);
      }
      if(setuid(atoi(argv[3]))) {
     printf("unable to setuid!\n");
     exit(1);
      }
      if(execl(argv[4],argv[4],argv[5],NULL)){

      printError(errno);
     exit(1);
      } //if execl
    return 0;
    }