Changeset fa028bb in rtems


Ignore:
Timestamp:
Nov 17, 2014, 10:55:27 AM (5 years ago)
Author:
Sebastian Huber <sebastian.huber@…>
Branches:
4.11, master
Children:
e02d5dd9
Parents:
373ccbb9
git-author:
Sebastian Huber <sebastian.huber@…> (11/17/14 10:55:27)
git-committer:
Sebastian Huber <sebastian.huber@…> (11/20/14 09:30:24)
Message:

shell: Do chroot() after successful login

Files:
4 edited

Legend:

Unmodified
Added
Removed
  • cpukit/libmisc/shell/login_check.c

    r373ccbb9 rfa028bb  
    6767  }
    6868
     69  if (ok && strcmp(pw.pw_dir, "") != 0) {
     70    ok = chroot(pw.pw_dir) == 0;
     71  }
     72
    6973  if (ok) {
    7074    rtems_shell_env_t *env = rtems_shell_get_current_env();
  • cpukit/libmisc/shell/shell.c

    r373ccbb9 rfa028bb  
    523523}
    524524
    525 /* ----------------------------------------------- *
    526  * - The shell TASK
    527  * Poor but enough..
    528  * TODO: Redirection. Tty Signals. ENVVARs. Shell language.
    529  * ----------------------------------------------- */
    530 
    531 static bool rtems_shell_login(FILE * in,FILE * out) {
    532   rtems_shell_env_t *env;
     525static bool rtems_shell_login(rtems_shell_env_t *env, FILE * in,FILE * out)
     526{
    533527  FILE              *fd;
    534528  int               c;
    535529  time_t            t;
    536 
    537   env = rtems_shell_get_current_env();
    538   assert(env != NULL);
    539 
    540   setuid(0);
    541   setgid(0);
    542   rtems_current_user_env->euid =
    543   rtems_current_user_env->egid =0;
    544530
    545531  if (out) {
     
    676662}
    677663
     664static bool rtems_shell_init_user_env(void)
     665{
     666  rtems_status_code sc;
     667
     668  /* Make sure we have a private user environment */
     669  sc = rtems_libio_set_private_env();
     670  if (sc != RTEMS_SUCCESSFUL) {
     671    rtems_error(sc, "rtems_libio_set_private_env():");
     672    return false;
     673  }
     674
     675  /* Make an effective root user */
     676  seteuid(0);
     677  setegid(0);
     678
     679  return chroot("/") == 0;
     680}
     681
    678682#define RTEMS_SHELL_MAXIMUM_ARGUMENTS (128)
    679683#define RTEMS_SHELL_CMD_SIZE          (128)
     
    687691  rtems_shell_env_t *shell_env;
    688692  rtems_shell_cmd_t *shell_cmd;
    689   rtems_status_code  sc;
    690693  int                eno;
    691694  struct termios     term;
     
    721724  }
    722725
    723   setuid(0);
    724   setgid(0);
    725 
    726   rtems_current_user_env->euid = rtems_current_user_env->egid = 0;
     726  if (!rtems_shell_init_user_env()) {
     727    rtems_error(0, "rtems_shell_init_user_env");
     728    return false;
     729  }
    727730
    728731  fileno(stdout);
     
    812815
    813816    do {
    814       /* Set again root user and root filesystem, side effect of set_priv..*/
    815       sc = rtems_libio_set_private_env();
    816       if (sc != RTEMS_SUCCESSFUL) {
    817         rtems_error(sc,"rtems_libio_set_private_env():");
    818         result = false;
    819         break;
    820       }
    821 
    822       /*
    823        *  By using result here, we can fall to the bottom of the
    824        *  loop when the connection is dropped during login and
    825        *  keep on trucking.
    826        */
    827       if (shell_env->login_check != NULL) {
    828         result = rtems_shell_login(stdin,stdout);
    829       } else {
    830         result = true;
     817      result = rtems_shell_init_user_env();
     818
     819      if (result) {
     820        /*
     821         *  By using result here, we can fall to the bottom of the
     822         *  loop when the connection is dropped during login and
     823         *  keep on trucking.
     824         */
     825        if (shell_env->login_check != NULL) {
     826          result = rtems_shell_login(shell_env, stdin,stdout);
     827        } else {
     828          result = true;
     829        }
    831830      }
    832831
  • testsuites/libtests/shell01/init.c

    r373ccbb9 rfa028bb  
    5050{
    5151  rtems_user_env_t *uenv;
     52  rtems_status_code sc;
     53  struct stat st_chroot;
     54  struct stat st_workdir;
    5255  bool ok;
    5356  int rv;
    5457
    5558  rv = mkdir("/etc", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
     59  rtems_test_assert(rv == 0);
     60
     61  rv = mkdir("/chroot", S_IRWXU | S_IRWXG | S_IRWXO);
     62  rtems_test_assert(rv == 0);
     63
     64  rv = lstat("/chroot", &st_chroot);
    5665  rtems_test_assert(rv == 0);
    5766
     
    6271    "zero::3:5::::\n"
    6372    "shadow:x:4:6::::\n"
     73    "invchroot::5:7:::/inv:\n"
     74    "chroot::6:8:::/chroot:\n"
    6475  );
    6576
     
    7586    "F::8:s,moop,t\n"
    7687  );
     88
     89  sc = rtems_libio_set_private_env();
     90  rtems_test_assert(sc == RTEMS_SUCCESSFUL);
    7791
    7892  uenv = rtems_current_user_env_get();
     
    94108
    95109  ok = rtems_shell_login_check("moop", "false");
     110  rtems_test_assert(!ok);
     111
     112  ok = rtems_shell_login_check("invchroot", NULL);
    96113  rtems_test_assert(!ok);
    97114
     
    123140  rtems_test_assert(uenv->groups[3] == 5);
    124141  rtems_test_assert(uenv->groups[4] == 8);
     142
     143  rv = setuid(0);
     144  rtems_test_assert(rv == 0);
     145
     146  rv = seteuid(0);
     147  rtems_test_assert(rv == 0);
     148
     149  ok = rtems_shell_login_check("chroot", NULL);
     150  rtems_test_assert(ok);
     151  rtems_test_assert(getuid() == 6);
     152  rtems_test_assert(geteuid() == 6);
     153  rtems_test_assert(getgid() == 8);
     154  rtems_test_assert(getegid() == 8);
     155
     156  rv = lstat(".", &st_workdir);
     157  rtems_test_assert(rv == 0);
     158  rtems_test_assert(memcmp(&st_chroot, &st_workdir, sizeof(st_chroot)) == 0);
     159
     160  rtems_libio_use_global_env();
    125161}
    126162
     
    144180#define CONFIGURE_MAXIMUM_TASKS 1
    145181#define CONFIGURE_MAXIMUM_POSIX_KEYS 1
    146 #define CONFIGURE_MAXIMUM_POSIX_KEY_VALUE_PAIRS 1
     182#define CONFIGURE_MAXIMUM_POSIX_KEY_VALUE_PAIRS 2
    147183
    148184#define CONFIGURE_INITIAL_EXTENSIONS RTEMS_TEST_INITIAL_EXTENSION
  • testsuites/samples/fileio/init.c

    r373ccbb9 rfa028bb  
    637637  }
    638638
     639  sc = mkdir("/chroot", 0777);
     640  if ( sc ) {
     641    printf( "mkdir /chroot: %s:\n", strerror(errno) );
     642  }
     643
    639644  printf(
    640645    "Creating /etc/passwd and group with three useable accounts\n"
    641     "root/pwd , test/pwd, rtems/NO PASSWORD"
     646    "root/pwd , test/pwd, rtems/NO PASSWORD, chroot/NO PASSWORD"
    642647  );
    643648
     
    650655    "test:$1$$oPu1Xt2Pw0ngIc7LyDHqu1:2:2:test account::/:/bin/sh\n"
    651656    "tty:*:3:3:tty owner::/:/bin/false\n"
     657    "chroot::4:2:chroot account::/chroot:/bin/sh\n"
    652658  );
    653659  writeFile(
Note: See TracChangeset for help on using the changeset viewer.