mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-12-01 20:10:28 +00:00
1682f0b760
SPDX License Identifiers are a more compact / standardized way of representing file license information. See: https://spdx.dev/resources/use/#identifiers This was done with the `ambr` search and replace tool. ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
108 lines
3.2 KiB
C++
108 lines
3.2 KiB
C++
/*
|
|
* Copyright (c) 2020, Sergey Bugaev <bugaevc@serenityos.org>
|
|
*
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
|
*/
|
|
|
|
#include <AK/StringView.h>
|
|
#include <LibCore/ArgsParser.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
|
|
int main(int argc, char** argv)
|
|
{
|
|
int flags = -1;
|
|
uid_t chroot_user = 0;
|
|
gid_t chroot_group = 0;
|
|
const char* path = nullptr;
|
|
const char* program = "/bin/Shell";
|
|
const char* userspec = "0:0";
|
|
|
|
Core::ArgsParser args_parser;
|
|
args_parser.set_general_help(
|
|
"Run a program in a chroot sandbox. During execution, the program "
|
|
"sees the given path as '/', and cannot access files outside of it.");
|
|
args_parser.add_positional_argument(path, "New root directory", "path");
|
|
args_parser.add_positional_argument(program, "Program to run", "program", Core::ArgsParser::Required::No);
|
|
|
|
Core::ArgsParser::Option userspec_option {
|
|
true,
|
|
"The uid:gid to use",
|
|
"userspec",
|
|
'u',
|
|
"userpec",
|
|
[&userspec](const char* s) {
|
|
Vector<StringView> parts = StringView(s).split_view(':', true);
|
|
if (parts.size() != 2)
|
|
return false;
|
|
userspec = s;
|
|
return true;
|
|
}
|
|
};
|
|
args_parser.add_option(move(userspec_option));
|
|
|
|
Core::ArgsParser::Option mount_options {
|
|
true,
|
|
"Mount options",
|
|
"options",
|
|
'o',
|
|
"options",
|
|
[&flags](const char* s) {
|
|
flags = 0;
|
|
Vector<StringView> parts = StringView(s).split_view(',');
|
|
for (auto& part : parts) {
|
|
if (part == "defaults")
|
|
continue;
|
|
else if (part == "nodev")
|
|
flags |= MS_NODEV;
|
|
else if (part == "noexec")
|
|
flags |= MS_NOEXEC;
|
|
else if (part == "nosuid")
|
|
flags |= MS_NOSUID;
|
|
else if (part == "ro")
|
|
flags |= MS_RDONLY;
|
|
else if (part == "remount")
|
|
flags |= MS_REMOUNT;
|
|
else if (part == "bind")
|
|
fprintf(stderr, "Ignoring -o bind, as it doesn't make sense for chroot\n");
|
|
else
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
};
|
|
args_parser.add_option(move(mount_options));
|
|
args_parser.parse(argc, argv);
|
|
|
|
if (chroot_with_mount_flags(path, flags) < 0) {
|
|
perror("chroot");
|
|
return 1;
|
|
}
|
|
|
|
if (chdir("/") < 0) {
|
|
perror("chdir(/)");
|
|
return 1;
|
|
}
|
|
|
|
// Failed parsing will silently fail open (uid=0; gid=0);
|
|
// 0:0 is also the default when no --userspec argument is provided.
|
|
auto parts = String(userspec).split(':', true);
|
|
chroot_user = (uid_t)strtol(parts[0].characters(), nullptr, 10);
|
|
chroot_group = (uid_t)strtol(parts[1].characters(), nullptr, 10);
|
|
|
|
if (setresgid(chroot_group, chroot_group, chroot_group)) {
|
|
perror("setgid");
|
|
return 1;
|
|
}
|
|
|
|
if (setresuid(chroot_user, chroot_user, chroot_user)) {
|
|
perror("setuid");
|
|
return 1;
|
|
}
|
|
|
|
execl(program, program, nullptr);
|
|
perror("execl");
|
|
return 1;
|
|
}
|