| 1 |
Tres Melton wrote: |
| 2 |
> the /tmp dirs and other things and I do this at boot. Further I have |
| 3 |
> written a program that will allow any user (approved by the sudoers file |
| 4 |
> in the chroot and the regular root) to run any program from wherever |
| 5 |
> they are without the headache of becoming root, etc.. Here ya go: |
| 6 |
|
| 7 |
I actually did the same thing, but I'm combined some code from chroot |
| 8 |
and linux32 and made my own "l32". |
| 9 |
|
| 10 |
install as: |
| 11 |
# install -o root -g root -m 4555 l32 $BIN_DIR |
| 12 |
|
| 13 |
invoke as: |
| 14 |
$ l32 $PROGRAM |
| 15 |
|
| 16 |
If it can't change into the CWD from the chroot (I use mount --bind for |
| 17 |
/home and /tmp), then it changes in to the chroot's "/" directory. |
| 18 |
|
| 19 |
Change "LOWDIR" to point to your own 32-bit chroot. |
| 20 |
|
| 21 |
---[snip]--- |
| 22 |
#include <linux/personality.h> |
| 23 |
#undef personality |
| 24 |
#include <stdlib.h> |
| 25 |
#include <stdio.h> |
| 26 |
#include <string.h> |
| 27 |
#include <unistd.h> |
| 28 |
#include <errno.h> |
| 29 |
#include <limits.h> |
| 30 |
|
| 31 |
/* Make --3gb the default for buggy Java */ |
| 32 |
#define STUPID_DEFAULT 1 |
| 33 |
#define PER_LINUX32_3GB (PER_LINUX32 | ADDR_LIMIT_32BIT) |
| 34 |
|
| 35 |
#ifdef STUPID_DEFAULT |
| 36 |
#define DFL_PER PER_LINUX32_3GB |
| 37 |
#else |
| 38 |
#define DFL_PER PER_LINUX32 |
| 39 |
#endif |
| 40 |
|
| 41 |
const char *LOWDIR="/home/32-bit"; |
| 42 |
#define malloc_Add 64 |
| 43 |
#define malloc_Max INT_MAX>>12 // If it's over 512 kb, then path is too big |
| 44 |
|
| 45 |
int main(int argc,char **argv,char **envp) |
| 46 |
{ |
| 47 |
int per=DFL_PER; |
| 48 |
char *PWD; |
| 49 |
size_t PWD_size=malloc_Add; |
| 50 |
|
| 51 |
if (personality(per) < 0) |
| 52 |
{ |
| 53 |
fprintf(stderr,"Can't set personality %x : %s\n",per,strerror(errno)); |
| 54 |
exit(-1); |
| 55 |
} |
| 56 |
if (argc<2) |
| 57 |
{ |
| 58 |
fprintf(stderr,"Usage: %s program (arg1 arg2 arg3 ...)\n",argv[0]); |
| 59 |
exit(-1); |
| 60 |
} |
| 61 |
PWD=malloc(PWD_size); |
| 62 |
while (NULL==getcwd(PWD,PWD_size)) |
| 63 |
{ |
| 64 |
if (errno==ERANGE) |
| 65 |
{ |
| 66 |
if (PWD_size+malloc_Add>malloc_Max) |
| 67 |
{ |
| 68 |
fprintf(stderr,"Path is too long: greater than %lu bytes\n",PWD_size); |
| 69 |
exit(-1); |
| 70 |
} |
| 71 |
PWD_size+=malloc_Add; |
| 72 |
PWD=realloc(PWD,PWD_size); |
| 73 |
} else { |
| 74 |
fprintf(stderr,"Unable to determine current working directory: |
| 75 |
%s\n",strerror(errno)); |
| 76 |
exit(-1); |
| 77 |
} |
| 78 |
} |
| 79 |
if (chroot(LOWDIR) < 0) |
| 80 |
{ |
| 81 |
fprintf(stderr,"Unable to chroot(%s): %s\n",LOWDIR,strerror(errno)); |
| 82 |
exit(-1); |
| 83 |
} |
| 84 |
if (seteuid(getuid()) < 0) |
| 85 |
{ |
| 86 |
fprintf(stderr,"Unable to suid(%d): %s\n",getuid(),strerror(errno)); |
| 87 |
exit(-1); |
| 88 |
} |
| 89 |
// now change into current working dir with no root privs |
| 90 |
if (chdir(PWD) && chdir("/")) |
| 91 |
{ |
| 92 |
fprintf(stderr,"Unable to set working directory: |
| 93 |
%s\n",strerror(errno)); |
| 94 |
exit(-1); |
| 95 |
} |
| 96 |
free(PWD); |
| 97 |
execvp(argv[1],argv+1); |
| 98 |
exit(-1); |
| 99 |
} |
| 100 |
// vim: sw=2:cindent: |
| 101 |
-- |
| 102 |
gentoo-amd64@g.o mailing list |
Archives