Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
chroot_safe
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
faemin
n00b
n00b


Joined: 16 Oct 2012
Posts: 22

PostPosted: Sun Dec 02, 2012 8:16 am    Post subject: chroot_safe Reply with quote

...

Last edited by faemin on Sun Dec 02, 2012 9:57 pm; edited 2 times in total
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21518

PostPosted: Sun Dec 02, 2012 6:10 pm    Post subject: Re: Is Chroot_safe safe? Reply with quote

faemin wrote:
I have took a look at the code and can't qutie figure out how it works, even though there is hardly anything to it.
The code looks a little strange (see below), but I see no obvious problems with it.
faemin wrote:
c++:

        static void failure(char *msg) {

This is not const-correct.
faemin wrote:
c++:

            char *error = strerror(errno);
            write(2, msg, strlen(msg));
            if (errno != 0) {

The value of errno may change across the call to write.
faemin wrote:
c++:

                write(2, ": ", 2);
                write(2, error, strlen(error));
            }
            write(2, "\n", 1);

This could be simplified via use of writev.
faemin wrote:
c++:

            struct passwd *pwd = getpwnam(user);
            if (pwd == NULL)
      struct passwd *pwd = getpwnam(user);
            if (pwd == NULL)
                failure("User not found in /etc/passwd");

This is wrong. The second getpwnam uses the same key as the first, and saves its result into an inner scope.
faemin wrote:
c++:

An instance is created, and the default constructor is being called, it is chdir to the directory, setuid and gid, and then it calls chroot without execurting a command... then the shell script exec forks the process?

No. The shell script runs first, then this constructor runs in the context of the loaded program, so that it is made to call those functions before its main begins to execute.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum