secret/postfix_src/chroot__uid_8c_source.html

 /*++

 /* NAME

 /*  chroot_uid 3

 /* SUMMARY

 /*  limit possible damage a process can do

 /* SYNOPSIS

 /*  #include <chroot_uid.h>

 /*

 /*  void    chroot_uid(root_dir, user_name)

 /*  const char *root_dir;

 /*  const char *user_name;

 /* DESCRIPTION

 /*  \fBchroot_uid\fR changes the process root to \fIroot_dir\fR and

 /*  changes process privileges to those of \fIuser_name\fR.

 /* DIAGNOSTICS

 /*  System call errors are reported via the msg(3) interface.

 /*  All errors are fatal.

 /* LICENSE

 /* .ad

 /* .fi

 /*  The Secure Mailer license must be distributed with this software.

 /* AUTHOR(S)

 /*  Wietse Venema

 /*  IBM T.J. Watson Research

 /*  P.O. Box 704

 /*  Yorktown Heights, NY 10598, USA

 /*--*/


 /* System library. */


 #include <sys_defs.h>

 #include <pwd.h>

 #include <unistd.h>

 #include <grp.h>


 /* Utility library. */


 #include "msg.h"

 #include "chroot_uid.h"


 /* chroot_uid - restrict the damage that this program can do */


 void    chroot_uid(const char *root_dir, const char *user_name)

 {

     struct passwd *pwd;

     uid_t   uid;

     gid_t   gid;


     /*

      * Look up the uid/gid before entering the jail, and save them so they

      * can't be clobbered. Set up the primary and secondary groups.

      */

     if (user_name != 0) {

     if ((pwd = getpwnam(user_name)) == 0)

         msg_fatal("unknown user: %s", user_name);

     uid = pwd->pw_uid;

     gid = pwd->pw_gid;

     if (setgid(gid) < 0)

         msg_fatal("setgid(%ld): %m", (long) gid);

     if (initgroups(user_name, gid) < 0)

         msg_fatal("initgroups: %m");

     }


     /*

      * Enter the jail.

      */

     if (root_dir) {

     if (chroot(root_dir))

         msg_fatal("chroot(%s): %m", root_dir);

     if (chdir("/"))

         msg_fatal("chdir(/): %m");

     }


     /*

      * Drop the user privileges.

      */

     if (user_name != 0)

     if (setuid(uid) < 0)

         msg_fatal("setuid(%ld): %m", (long) uid);


     /*

      * Give the desperate developer a clue of what is happening.

      */

     if (msg_verbose > 1)

     msg_info("chroot %s user %s",

          root_dir ? root_dir : "(none)",

          user_name ? user_name : "(none)");

 }

msg_verbose
int msg_verbose
Definition: msg.c:177

chroot_uid
void chroot_uid(const char *root_dir, const char *user_name)
Definition: chroot_uid.c:43

chroot_uid.h

msg.h

sys_defs.h

msg_fatal
NORETURN msg_fatal(const char *fmt,...)
Definition: msg.c:249

msg_info
void msg_info(const char *fmt,...)
Definition: msg.c:199