Add 'gdomap -j path' option to specify the chroot jail path.

git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@38016 72102866-910b-0410-8b05-ffd578937521
2025-04-23 09:04:13 +00:00 · 2014-07-25 12:47:18 +00:00 · 2014-07-25 12:47:18 +00:00 · ea3c5330c4
commit ea3c5330c4
parent 56465e049b
3 changed files with 35 additions and 5 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+2014-07-25  Richard Frith-Macdonald <rfm@gnu.org>
+
+	* Source/Tools/gdomap.c: Unless running on windows, allow new -j
+	command-line argument to specify the path in which the process should
+	be jailed (chroot).  The default remains to jail the process in /tmp
+	since there doesn't seem to be a general, portable alternative.
+
 2014-07-25  Richard Frith-Macdonald <rfm@gnu.org>

 	* Source/GSSocketStream.m: Fix handling TLS handshake in the case
--- a/Tools/gdomap.8
+++ b/Tools/gdomap.8
@ -35,6 +35,8 @@ gdomap \- GNUstep Distributed Objects name server
 .RB [ -f ]
 .RB [-i 
 .IR seconds ]
+.RB [-j 
+.IR path ]
 .RB [ -p ]

 .SH DESCRIPTION
@ -137,6 +139,8 @@ extra debug logging (normally via syslog).
 avoid fork() to make debugging easy
 .IP "\fB-i \fIseconds"
 re-probe at this interval (roughly), min 60
+.IP "\fB-j \fIpath"
+place the process in a chroot jail at this path rather than in /tmp
 .IP "\fB-p"
 disable probing for other servers
 .PP
--- a/Tools/gdomap.c
+++ b/Tools/gdomap.c
@ -4372,6 +4372,10 @@ static void do_help(int argc, char **argv, char *options)
  printf("-d		extra debug logging (normally via syslog).\n");
  printf("-f		avoid fork() to make debugging easy\n");
  printf("-i seconds	re-probe at this interval (roughly), min 60\n");
+#if	!defined(__MINGW__)
+  printf("-j path		specify a jail directory the process is to\n");
+  printf("		run in (if omitted, /tmp is used).\n");
+#endif
  printf("-p		disable probing for other servers\n");
  printf("\n");
  printf("Kill with SIGUSR1 to obtain a dump of all known peers\n");
@ -4474,7 +4478,12 @@ int
 main(int argc, char** argv)
 {
  extern char	*optarg;
+#if	defined(__MINGW__)
  char	*options = "-CHI:L:M:NP:R:T:U:a:bc:dfi:p";
+#else
+  char	*options = "-CHI:L:M:NP:R:T:U:a:bc:dfi:j:p";
+  const char    *jail = 0;
+#endif
  int		c;
  int		ptype = GDO_TCP_GDO;
  int		port = 0;
@ -4793,6 +4802,12 @@ printf(
 	      }
 	    break;

+#if	!defined(__MINGW__)
+	  case 'j':
+	    jail = optarg;
+            break;
+#endif
+
 	  case 'p':
 	    noprobe++;
 	    break;
@ -5021,21 +5036,25 @@ printf(

 #if	!defined(__svr4__)
  /*
-   * As another level of paranoia - restrict this process to /tmp
+   * As another level of paranoia - jail this process to a directory
   */
 #ifndef __MINGW__
-  if (chdir("/tmp") < 0)
+  if (0 == jail)
    {
-      snprintf(ebuf, sizeof(ebuf), "Unable to change directory to /tmp");
+      jail = "/tmp";    /* Not great, but better than nothing */
+    }
+  if (chdir(jail) < 0)
+    {
+      snprintf(ebuf, sizeof(ebuf), "Unable to change directory to %s", jail);
      gdomap_log(LOG_CRIT);
      exit(EXIT_FAILURE);
    }

  if (geteuid() == 0)
    {
-      if (chroot("/tmp") < 0)
+      if (chroot(jail) < 0)
 	{
-	  snprintf(ebuf, sizeof(ebuf), "Unable to change root to /tmp");
+	  snprintf(ebuf, sizeof(ebuf), "Unable to change root to %s", jail);
 	  gdomap_log(LOG_CRIT);
 	  exit(EXIT_FAILURE);
 	}