From b332803b6f0451b595306760d020eb0223fd6264 Mon Sep 17 00:00:00 2001 From: Ben Gras Date: Tue, 17 Apr 2012 14:02:14 +0200 Subject: [PATCH] release fixes . make ramdisk buildable without ../etc having pwd.db . add cat to release bootstrap cmds . support running dynamically linked executables for release bootstrap cmds . import netbsd chroot to help --- commands/Makefile | 2 +- commands/chroot/Makefile | 5 - commands/chroot/chroot.c | 28 ------ drivers/ramdisk/Makefile | 8 +- tools/nbsd_ports | 1 + tools/release.sh | 23 ++++- usr.sbin/Makefile | 2 +- usr.sbin/chroot/Makefile | 7 ++ usr.sbin/chroot/chroot.8 | 100 +++++++++++++++++++ usr.sbin/chroot/chroot.c | 205 +++++++++++++++++++++++++++++++++++++++ 10 files changed, 339 insertions(+), 42 deletions(-) delete mode 100644 commands/chroot/Makefile delete mode 100644 commands/chroot/chroot.c create mode 100644 usr.sbin/chroot/Makefile create mode 100644 usr.sbin/chroot/chroot.8 create mode 100644 usr.sbin/chroot/chroot.c diff --git a/commands/Makefile b/commands/Makefile index 747e07e90..5ce879f29 100644 --- a/commands/Makefile +++ b/commands/Makefile @@ -6,7 +6,7 @@ SUBDIR= add_route arp ash at awk \ backup badblocks banner basename \ btrace cal \ cawf cd cdprobe checkhier cpp \ - chmod chown chroot ci cksum cleantmp clear cmp co \ + chmod chown ci cksum cleantmp clear cmp co \ comm compress cp crc cron crontab cut \ dd decomp16 DESCRIBE dev2name devsize df dhcpd \ dhrystone diff dirname diskctl dumpcore \ diff --git a/commands/chroot/Makefile b/commands/chroot/Makefile deleted file mode 100644 index c1cdc5625..000000000 --- a/commands/chroot/Makefile +++ /dev/null @@ -1,5 +0,0 @@ -PROG= chroot -BINDIR= /bin -MAN= - -.include diff --git a/commands/chroot/chroot.c b/commands/chroot/chroot.c deleted file mode 100644 index f9758de4f..000000000 --- a/commands/chroot/chroot.c +++ /dev/null @@ -1,28 +0,0 @@ - -#include -#include -#include - -#include - -int -main(int argc, char *argv[]) -{ - int status; - - if(argc != 3) { - fprintf(stderr, "usage: %s \n", argv[0]); - return 1; - } - - if(chroot(argv[1]) < 0) { - perror("chroot"); - return 1; - } - - status = system(argv[2]); - if(WIFEXITED(status)) - return WEXITSTATUS(status); - return 1; -} - diff --git a/drivers/ramdisk/Makefile b/drivers/ramdisk/Makefile index 6a4400709..b67b1218c 100644 --- a/drivers/ramdisk/Makefile +++ b/drivers/ramdisk/Makefile @@ -8,7 +8,7 @@ PROG_COMMANDS=cdprobe dev2name loadramdisk mount fsck.mfs sysenv sh \ PROG_SERVERS=mfs procfs PROG_USRSBIN=pwd_mkdb PROGRAMS=$(PROG_DRIVERS) $(PROG_COMMANDS) $(PROG_SERVERS) $(PROG_USRSBIN) -EXTRA=system.conf master.passwd pwd.db spwd.db rs.single +EXTRA=system.conf master.passwd rs.single .if ${MKSMALL} != "yes" PROG_DRIVERS+= ahci @@ -24,13 +24,13 @@ PROG_DRIVERS+= acpi CPPFLAGS+= -I${MINIXSRCDIR}/servers -I${MINIXSRCDIR} CLEANFILES += $(PROGRAMS) $(SCRIPTS) $(EXTRA) image image.c t proto.gen -CLEANFILES += $(LIBRARIES) +CLEANFILES += $(LIBRARIES) pwd.db spwd.db install: all realall: image -image: proto.gen mtab rc $(EXTRA) passwd +image: proto.gen mtab rc $(EXTRA) pwd.db spwd.db passwd mkfs.mfs image proto.gen || { rm -f image; false; } if fsck.mfs -s image | grep -q CLEAN; \ then : ; \ @@ -81,7 +81,7 @@ $(server): ../../servers/$(server)/$(server) $(MAKE) -C ../../servers/$(server) $(server) .endfor -passwd: ../../etc/master.passwd ../../usr.sbin/pwd_mkdb/pwd_mkdb +pwd.db spwd.db passwd: ../../etc/master.passwd ../../usr.sbin/pwd_mkdb/pwd_mkdb rm -f ../../etc/master.passwd.orig ../../etc/passwd.orig rm -f ../../etc/pwd.db.tmp ../../etc/spwd.db.tmp ../../usr.sbin/pwd_mkdb/pwd_mkdb -V 0 -p -d ../../ ../../etc/master.passwd diff --git a/tools/nbsd_ports b/tools/nbsd_ports index ba1063a8d..eb6bb6871 100644 --- a/tools/nbsd_ports +++ b/tools/nbsd_ports @@ -2,6 +2,7 @@ # Timestamp in UTC,minixpath,netbsdpath # minixpath: path in Minix source tree (starting from /usr/src/) # netbsdpath: path in BSD source tree (starting from src/) +2012/02/10 16:16:12,usr.sbin/chroot 2011/01/17 18:11:10,usr.bin/ldd 2011/01/17 18:11:10,external/bsd/file 2011/01/17 18:11:10,lib/csu diff --git a/tools/release.sh b/tools/release.sh index 13f8b1ed6..521883370 100755 --- a/tools/release.sh +++ b/tools/release.sh @@ -9,10 +9,15 @@ version="`echo $version_pretty | tr . _`" PACKAGEDIR=/usr/pkgsrc/packages/$version_pretty/`uname -m` XBIN=usr/xbin +XLIB=xlib SRC=src REPO=git://git.minix3.org/minix GITBRANCH=master +LD_LIB="LD_LIBRARY_PATH=/lib:/usr/lib:/$XLIB" +BUILDPATH="PATH=/$XBIN:/usr/pkg/bin" +BUILDENV="$BUILDPATH $LD_LIB" + # List of packages included on installation media PACKAGELIST=packages.install secs=`expr 32 '*' 64` @@ -183,17 +188,28 @@ mkdir -m 1777 $RELEASEDIR/tmp mkdir -p $RELEASEDIR/tmp mkdir -p $RELEASEDIR/usr/tmp mkdir -p $RELEASEDIR/$XBIN +mkdir -p $RELEASEDIR/$XLIB +mkdir -p $RELEASEDIR/libexec mkdir -p $RELEASEDIR/usr/bin mkdir -p $RELEASEDIR/bin mkdir -p $RELEASEPACKAGE echo " * Transfering bootstrap dirs to $RELEASEDIR" + +# Actual binaries cp -p /bin/* /usr/bin/* /usr/sbin/* /sbin/* $RELEASEDIR/$XBIN -cp -rp /bin/sh /bin/echo /bin/install /bin/rm \ +cp -rp /bin/cat /bin/sh /bin/echo /bin/install /bin/rm \ /bin/date /bin/ls $RELEASEDIR/bin cp -rp /usr/bin/make /usr/bin/yacc /usr/bin/lex \ /usr/bin/grep /usr/bin/egrep /usr/bin/awk /usr/bin/sed $RELEASEDIR/usr/bin +# For dynamically linked binaries: put interpreter there the +# system's current crop of shared libraries so they'll run; +# once they're rebuilt they can be thrown out in favour of the +# new ones like $XBIN +cp -p /libexec/ld.elf_so $RELEASEDIR/libexec/ +cp -p /lib/*.so* /usr/lib/*.so* $RELEASEDIR/$XLIB/ + CONFIGHEADER=$RELEASEDIR/usr/src/include/minix/sys_config.h copy_local_packages @@ -249,7 +265,7 @@ rm -f $RELEASEDIR/usr/$SRC/tools/revision cp chrootmake.sh $RELEASEDIR/usr/$SRC/tools/chrootmake.sh echo " * Make hierarchy" -chroot $RELEASEDIR "PATH=/$XBIN:/usr/pkg/bin sh -x /usr/$SRC/tools/chrootmake.sh etcfiles" || exit 1 +sh -c "$LD_LIB chroot $RELEASEDIR sh -c \"$BUILDENV sh -x /usr/$SRC/tools/chrootmake.sh etcfiles\"" || exit 1 for p in $PREINSTALLED_PACKAGES do echo " * Pre-installing: $p from $PKG_ADD_URL" @@ -263,10 +279,11 @@ fi echo " * Resetting timestamps" find $RELEASEDIR | xargs touch echo " * Chroot build" -chroot $RELEASEDIR "PATH=/$XBIN:/usr/pkg/bin MAKEMAP=$MAKEMAP sh -x /usr/$SRC/tools/chrootmake.sh" || exit 1 +sh -c "$LD_LIB MAKEMAP=$MAKEMAP chroot $RELEASEDIR sh -c \"$BUILDENV sh -x /usr/$SRC/tools/chrootmake.sh\"" || exit 1 echo " * Chroot build done" echo " * Removing bootstrap files" rm -rf $RELEASEDIR/$XBIN +rm -rf $RELEASEDIR/$XLIB # The build process leaves some file in $SRC as bin. chown -R root $RELEASEDIR/usr/src* cp issue.install $RELEASEDIR/etc/issue diff --git a/usr.sbin/Makefile b/usr.sbin/Makefile index b805b1b8e..0a7b8133b 100644 --- a/usr.sbin/Makefile +++ b/usr.sbin/Makefile @@ -3,6 +3,6 @@ .include # NetBSD imports -SUBDIR= installboot pwd_mkdb user vipw zic +SUBDIR= installboot pwd_mkdb user vipw zic chroot .include diff --git a/usr.sbin/chroot/Makefile b/usr.sbin/chroot/Makefile new file mode 100644 index 000000000..9e995d846 --- /dev/null +++ b/usr.sbin/chroot/Makefile @@ -0,0 +1,7 @@ +# from: @(#)Makefile 8.1 (Berkeley) 6/6/93 +# $NetBSD: Makefile,v 1.6 2009/04/22 15:23:02 lukem Exp $ + +PROG= chroot +MAN= chroot.8 + +.include diff --git a/usr.sbin/chroot/chroot.8 b/usr.sbin/chroot/chroot.8 new file mode 100644 index 000000000..1125a7dff --- /dev/null +++ b/usr.sbin/chroot/chroot.8 @@ -0,0 +1,100 @@ +.\" $NetBSD: chroot.8,v 1.14 2011/08/15 14:43:17 wiz Exp $ +.\" +.\" Copyright (c) 1988, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)chroot.8 8.1 (Berkeley) 6/9/93 +.\" +.Dd August 13, 2011 +.Dt CHROOT 8 +.Os +.Sh NAME +.Nm chroot +.Nd change root directory +.Sh SYNOPSIS +.Nm +.Op Fl G Ar group,group,... +.Op Fl g Ar group +.Op Fl u Ar user +.Ar newroot +.Op Ar command +.Sh DESCRIPTION +The +.Nm +command changes its root directory to the supplied directory +.Ar newroot +and exec's +.Ar command , +or, if not supplied, an interactive copy of your shell. +.Pp +If the +.Fl u , +.Fl g , +or +.Fl G +options are given, the user, group, and group list of the process are +set to these values after the chroot has taken place; see +.Xr setgid 2 , +.Xr setgroups 2 , +.Xr setuid 2 , +.Xr getgrnam 3 , +and +.Xr getpwnam 3 . +.Pp +Note: +.Ar command +or the shell are run as your real-user-id. +.Sh ENVIRONMENT +The following environment variable is referenced by +.Nm : +.Bl -tag -width SHELL +.It Ev SHELL +If set, +the string specified by +.Ev SHELL +is interpreted as the name of +the shell to exec. +If the variable +.Ev SHELL +is not set, +.Pa /bin/sh +is used. +.El +.Sh SEE ALSO +.Xr ldd 1 , +.Xr chdir 2 , +.Xr chroot 2 , +.Xr environ 7 +.Sh HISTORY +The +.Nm +utility first appeared in +.Bx 4.4 . +.Sh SECURITY CONSIDERATIONS +.Nm +should never be installed setuid root, as it would then be possible +to exploit the program to gain root privileges. diff --git a/usr.sbin/chroot/chroot.c b/usr.sbin/chroot/chroot.c new file mode 100644 index 000000000..acd1e6764 --- /dev/null +++ b/usr.sbin/chroot/chroot.c @@ -0,0 +1,205 @@ +/* $NetBSD: chroot.c,v 1.19 2011/09/20 14:28:52 christos Exp $ */ + +/* + * Copyright (c) 1988, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#ifndef lint +__COPYRIGHT("@(#) Copyright (c) 1988, 1993\ + The Regents of the University of California. All rights reserved."); +#endif /* not lint */ + +#ifndef lint +#if 0 +static char sccsid[] = "@(#)chroot.c 8.1 (Berkeley) 6/9/93"; +#else +__RCSID("$NetBSD: chroot.c,v 1.19 2011/09/20 14:28:52 christos Exp $"); +#endif +#endif /* not lint */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static void usage(void) __dead; + +static int +getnum(const char *str, uintmax_t *num) +{ + char *ep; + + errno = 0; + + *num = strtoumax(str, &ep, 0); + if (str[0] == '\0' || *ep != '\0') { + errno = EINVAL; + return -1; + } + + if (errno == ERANGE && *num == UINTMAX_MAX) + return -1; + + return 0; +} + + +static gid_t +getgroup(const char *group) +{ + uintmax_t num; + struct group *gp; + + if ((gp = getgrnam(group)) != NULL) + return gp->gr_gid; + + if (getnum(group, &num) == -1) + errx(1, "no such group `%s'", group); + + return (gid_t)num; +} + +static uid_t +getuser(const char *user) +{ + uintmax_t num; + struct passwd *pw; + + if ((pw = getpwnam(user)) != NULL) + return pw->pw_uid; + + if (getnum(user, &num) == -1) + errx(1, "no such user `%s'", user); + + return (uid_t)num; +} + +int +main(int argc, char *argv[]) +{ + char *user; /* user to switch to before running program */ + char *group; /* group to switch to ... */ + char *grouplist; /* group list to switch to ... */ + char *p; + const char *shell; + gid_t gid, gidlist[NGROUPS_MAX]; + uid_t uid; + int ch, gids; + + user = NULL; + group = NULL; + grouplist = NULL; + gid = 0; + uid = 0; + gids = 0; + while ((ch = getopt(argc, argv, "G:g:u:")) != -1) { + switch(ch) { + case 'u': + user = optarg; + if (*user == '\0') + usage(); + break; + case 'g': + group = optarg; + if (*group == '\0') + usage(); + break; + case 'G': + grouplist = optarg; + if (*grouplist == '\0') + usage(); + break; + case '?': + default: + usage(); + } + } + argc -= optind; + argv += optind; + + if (argc < 1) + usage(); + + if (user != NULL) + uid = getuser(user); + + if (group != NULL) + gid = getgroup(group); + + if (grouplist != NULL) { + while ((p = strsep(&grouplist, ",")) != NULL) { + if (*p == '\0') + continue; + + if (gids == NGROUPS_MAX) + errx(1, + "too many supplementary groups provided"); + + gidlist[gids++] = getgroup(p); + } + } + + if (chdir(argv[0]) == -1 || chroot(".") == -1) + err(1, "%s", argv[0]); + + if (gids && setgroups(gids, gidlist) == -1) + err(1, "setgroups"); + if (group && setgid(gid) == -1) + err(1, "setgid"); + if (user && setuid(uid) == -1) + err(1, "setuid"); + + if (argv[1]) { + execvp(argv[1], &argv[1]); + err(1, "%s", argv[1]); + } + + if ((shell = getenv("SHELL")) == NULL) + shell = _PATH_BSHELL; + execlp(shell, shell, "-i", NULL); + err(1, "%s", shell); + /* NOTREACHED */ +} + +static void +usage(void) +{ + + (void)fprintf(stderr, "Usage: %s [-G group,group,...] [-g group] " + "[-u user] newroot [command]\n", getprogname()); + exit(1); +}