Rev 11128 | Rev 11529 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 11128 | Rev 11133 | ||
|---|---|---|---|
| Line 42... | Line 42... | ||
| 42 | #include <utime.h> |
42 | #include <utime.h> |
| 43 | #include <sys/time.h> |
43 | #include <sys/time.h> |
| 44 | #include <sys/stat.h> |
44 | #include <sys/stat.h> |
| 45 | #include <sys/types.h> |
45 | #include <sys/types.h> |
| 46 | #include <sys/resource.h> |
46 | #include <sys/resource.h> |
| 47 | #include <assert.h> |
- | |
| - | 47 | ||
| 48 | int execuid=15999; |
48 | int execuid=15999; |
| 49 | int execgid=15999; |
49 | int execgid=15999; |
| 50 | int must=0; |
50 | int must=0; |
| 51 | time_t now; |
51 | time_t now; |
| 52 | 52 | ||
| Line 76... | Line 76... | ||
| 76 | char *pre_perl="\ |
76 | char *pre_perl="\ |
| 77 | chdir($ENV{TMPDIR}) || exit;\n\ |
77 | chdir($ENV{TMPDIR}) || exit;\n\ |
| 78 | chdir(\"/\") && exit;\n\ |
78 | chdir(\"/\") && exit;\n\ |
| 79 | "; |
79 | "; |
| 80 | 80 | ||
| 81 | 81 | ||
| 82 | /* Remove a tree */ |
82 | /* Remove a tree */ |
| 83 | int remove_tree(char *dirname) |
83 | int remove_tree(char *dirname) |
| 84 | { |
84 | { |
| 85 | DIR *sdir; |
85 | DIR *sdir; |
| 86 | struct dirent *f; |
86 | struct dirent *f; |
| Line 112... | Line 112... | ||
| 112 | void cleantmp(void) |
112 | void cleantmp(void) |
| 113 | { |
113 | { |
| 114 | DIR *sdir_base; |
114 | DIR *sdir_base; |
| 115 | struct dirent *ses; |
115 | struct dirent *ses; |
| 116 | struct stat dst; |
116 | struct stat dst; |
| 117 | 117 | ||
| 118 | if(chdir("../chroot/tmp/sessions")<0) return; |
118 | if(chdir("../chroot/tmp/sessions")<0) return; |
| 119 | sdir_base=opendir("."); |
119 | sdir_base=opendir("."); |
| 120 | if(sdir_base==NULL) return; |
120 | if(sdir_base==NULL) return; |
| 121 | while((ses=readdir(sdir_base))!=NULL) { |
121 | while((ses=readdir(sdir_base))!=NULL) { |
| 122 | if(ses->d_name[0]=='.') continue; |
122 | if(ses->d_name[0]=='.') continue; |
| Line 156... | Line 156... | ||
| 156 | tmpdir: return; |
156 | tmpdir: return; |
| 157 | } |
157 | } |
| 158 | 158 | ||
| 159 | /* Test Must */ |
159 | /* Test Must */ |
| 160 | int test_must(void) |
160 | int test_must(void) |
| 161 | { |
161 | { |
| 162 | char *pc; |
162 | char *pc; |
| 163 | if(must) return 1; |
163 | if(must) return 1; |
| 164 | pc=getenv("chroot"); if(pc && strcmp(pc,"must")==0) return 1; |
164 | pc=getenv("chroot"); if(pc && strcmp(pc,"must")==0) return 1; |
| 165 | else return 0; |
165 | else return 0; |
| 166 | } |
166 | } |
| 167 | 167 | ||
| 168 | /* MAIN */ |
168 | /* MAIN */ |
| 169 | int main(int argc,char *argv[]) |
169 | int main(int argc,char *argv[]) |
| 170 | { |
170 | { |
| 171 | char *args[1024]; |
171 | char *args[1024]; |
| 172 | char parm[MAX_PARMLEN]; |
172 | char parm[MAX_PARMLEN]; |
| 173 | char tmpbuf[256]; |
173 | char tmpbuf[256]; |
| 174 | int i,k,uid,t; |
174 | int i,k,uid,t; |
| 175 | struct stat st; |
175 | struct stat st; |
| 176 | struct rlimit lim; |
176 | struct rlimit lim; |
| 177 | char *p, *pp; |
177 | char *p, *pp; |
| 178 | 178 | ||
| 179 | if(argc<2) return 0; |
179 | if(argc<2) return 0; |
| 180 | now=time(NULL); |
180 | now=time(NULL); |
| 181 | uid=geteuid(); |
181 | uid=geteuid(); |
| 182 | t=stat("../chroot/tmp/sessions/.chroot",&st); |
182 | t=stat("../chroot/tmp/sessions/.chroot",&st); |
| 183 | if(uid!=0 || t!=0) { |
183 | if(uid!=0 || t!=0) { |
| Line 231... | Line 231... | ||
| 231 | stat("bin",&st); execuid=execgid=st.st_uid; |
231 | stat("bin",&st); execuid=execgid=st.st_uid; |
| 232 | if(test_must()) goto abandon; |
232 | if(test_must()) goto abandon; |
| 233 | goto ex; |
233 | goto ex; |
| 234 | } |
234 | } |
| 235 | if(chroot("../chroot")==0) { |
235 | if(chroot("../chroot")==0) { |
| 236 |
|
236 | (void)chdir("/tmp"); |
| 237 | lim.rlim_cur=lim.rlim_max=PROC_QUOTA; |
237 | lim.rlim_cur=lim.rlim_max=PROC_QUOTA; |
| 238 | setrlimit(RLIMIT_NPROC,&lim); |
238 | setrlimit(RLIMIT_NPROC,&lim); |
| 239 | setenv("PATH",chroot_path,1); |
239 | setenv("PATH",chroot_path,1); |
| 240 | p=getenv("w_wims_session"); |
240 | p=getenv("w_wims_session"); |
| 241 | if(p && *p) { |
241 | if(p && *p) { |
| Line 243... | Line 243... | ||
| 243 | p=strchr(tmpbuf,'_'); if(p) *p=0; |
243 | p=strchr(tmpbuf,'_'); if(p) *p=0; |
| 244 | setenv("TMPDIR",tmpbuf,1); |
244 | setenv("TMPDIR",tmpbuf,1); |
| 245 | setenv("tmp_dir",tmpbuf,1); |
245 | setenv("tmp_dir",tmpbuf,1); |
| 246 | p=getenv("w_wims_priv_chroot"); |
246 | p=getenv("w_wims_priv_chroot"); |
| 247 | if(p && strstr(p,"tmpdir")!=NULL) |
247 | if(p && strstr(p,"tmpdir")!=NULL) |
| 248 |
|
248 | (void)chdir(tmpbuf); |
| 249 | } |
249 | } |
| 250 | } |
250 | } |
| 251 | else if(test_must()) goto abandon; |
251 | else if(test_must()) goto abandon; |
| 252 | ex: |
252 | ex: |
| 253 | if(setregid(execgid,execgid)<0) goto abandon; |
253 | if(setregid(execgid,execgid)<0) goto abandon; |
| 254 | if(setreuid(execuid,execuid)<0) goto abandon; |
254 | if(setreuid(execuid,execuid)<0) goto abandon; |
| 255 | ex2: |
255 | ex2: |
| 256 | for(i=0;i<env_rm_cnt;i++) unsetenv(env_rm[i]); |
256 | for(i=0;i<env_rm_cnt;i++) unsetenv(env_rm[i]); |
| 257 | if(strchr(args[0],'/')) execv(args[0],args); else execvp(args[0],args); |
257 | if(strchr(args[0],'/')) execv(args[0],args); else execvp(args[0],args); |
| 258 | abandon: return 127; |
258 | abandon: return 127; |
| 259 | } |
259 | } |