1 |
Tres Melton wrote: |
2 |
> the /tmp dirs and other things and I do this at boot. Further I have |
3 |
> written a program that will allow any user (approved by the sudoers file |
4 |
> in the chroot and the regular root) to run any program from wherever |
5 |
> they are without the headache of becoming root, etc.. Here ya go: |
6 |
|
7 |
I actually did the same thing, but I'm combined some code from chroot |
8 |
and linux32 and made my own "l32". |
9 |
|
10 |
install as: |
11 |
# install -o root -g root -m 4555 l32 $BIN_DIR |
12 |
|
13 |
invoke as: |
14 |
$ l32 $PROGRAM |
15 |
|
16 |
If it can't change into the CWD from the chroot (I use mount --bind for |
17 |
/home and /tmp), then it changes in to the chroot's "/" directory. |
18 |
|
19 |
Change "LOWDIR" to point to your own 32-bit chroot. |
20 |
|
21 |
---[snip]--- |
22 |
#include <linux/personality.h> |
23 |
#undef personality |
24 |
#include <stdlib.h> |
25 |
#include <stdio.h> |
26 |
#include <string.h> |
27 |
#include <unistd.h> |
28 |
#include <errno.h> |
29 |
#include <limits.h> |
30 |
|
31 |
/* Make --3gb the default for buggy Java */ |
32 |
#define STUPID_DEFAULT 1 |
33 |
#define PER_LINUX32_3GB (PER_LINUX32 | ADDR_LIMIT_32BIT) |
34 |
|
35 |
#ifdef STUPID_DEFAULT |
36 |
#define DFL_PER PER_LINUX32_3GB |
37 |
#else |
38 |
#define DFL_PER PER_LINUX32 |
39 |
#endif |
40 |
|
41 |
const char *LOWDIR="/home/32-bit"; |
42 |
#define malloc_Add 64 |
43 |
#define malloc_Max INT_MAX>>12 // If it's over 512 kb, then path is too big |
44 |
|
45 |
int main(int argc,char **argv,char **envp) |
46 |
{ |
47 |
int per=DFL_PER; |
48 |
char *PWD; |
49 |
size_t PWD_size=malloc_Add; |
50 |
|
51 |
if (personality(per) < 0) |
52 |
{ |
53 |
fprintf(stderr,"Can't set personality %x : %s\n",per,strerror(errno)); |
54 |
exit(-1); |
55 |
} |
56 |
if (argc<2) |
57 |
{ |
58 |
fprintf(stderr,"Usage: %s program (arg1 arg2 arg3 ...)\n",argv[0]); |
59 |
exit(-1); |
60 |
} |
61 |
PWD=malloc(PWD_size); |
62 |
while (NULL==getcwd(PWD,PWD_size)) |
63 |
{ |
64 |
if (errno==ERANGE) |
65 |
{ |
66 |
if (PWD_size+malloc_Add>malloc_Max) |
67 |
{ |
68 |
fprintf(stderr,"Path is too long: greater than %lu bytes\n",PWD_size); |
69 |
exit(-1); |
70 |
} |
71 |
PWD_size+=malloc_Add; |
72 |
PWD=realloc(PWD,PWD_size); |
73 |
} else { |
74 |
fprintf(stderr,"Unable to determine current working directory: |
75 |
%s\n",strerror(errno)); |
76 |
exit(-1); |
77 |
} |
78 |
} |
79 |
if (chroot(LOWDIR) < 0) |
80 |
{ |
81 |
fprintf(stderr,"Unable to chroot(%s): %s\n",LOWDIR,strerror(errno)); |
82 |
exit(-1); |
83 |
} |
84 |
if (seteuid(getuid()) < 0) |
85 |
{ |
86 |
fprintf(stderr,"Unable to suid(%d): %s\n",getuid(),strerror(errno)); |
87 |
exit(-1); |
88 |
} |
89 |
// now change into current working dir with no root privs |
90 |
if (chdir(PWD) && chdir("/")) |
91 |
{ |
92 |
fprintf(stderr,"Unable to set working directory: |
93 |
%s\n",strerror(errno)); |
94 |
exit(-1); |
95 |
} |
96 |
free(PWD); |
97 |
execvp(argv[1],argv+1); |
98 |
exit(-1); |
99 |
} |
100 |
// vim: sw=2:cindent: |
101 |
-- |
102 |
gentoo-amd64@g.o mailing list |