commit 3ed956cf71a15015b443dd7ab36299c242acd1af
parent 405a6206fe77dbdfd2be75960658fc383d7ad808
Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Fri, 30 Jun 2017 15:12:14 +0200
add flag -c: chroot(2) support
Signed-off-by: Christoph Lohmann <20h@r-36.net>
Diffstat:
2 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/geomyidae.8 b/geomyidae.8
@@ -13,6 +13,7 @@
.Bk -words
.Op Fl 4
.Op Fl 6
+.Op Fl c
.Op Fl d
.Op Fl l Ar logfile
.Op Fl v Ar loglevel
@@ -85,6 +86,13 @@ Only use IPv4.
.It Fl 6
Only use IPv6.
.
+.It Fl c
+Use
+.Xr chroot 2
+for the
+.Ar base
+directory (by default off).
+.
.It Fl d
Don't fork into background. If no log file is given, this implies logging to
the standard output.
diff --git a/main.c b/main.c
@@ -328,7 +328,7 @@ main(int argc, char *argv[])
struct addrinfo hints;
struct sockaddr_storage clt;
socklen_t cltlen;
- int sock, dofork, v4, v6;
+ int sock, dofork, v4, v6, usechroot = 0;
char *port, *base, clienth[NI_MAXHOST], clientp[NI_MAXSERV];
char *user, *group, *bindip, *ohost, *sport;
struct passwd *us;
@@ -357,6 +357,9 @@ main(int argc, char *argv[])
case 'b':
base = EARGF(usage());
break;
+ case 'c':
+ usechroot = 1;
+ break;
case 'p':
port = EARGF(usage());
break;
@@ -460,6 +463,18 @@ main(int argc, char *argv[])
return 1;
}
+ if(usechroot) {
+ if(chdir(base) < 0) {
+ perror("chdir");
+ return 1;
+ }
+ base = "";
+ if(chroot(".") < 0) {
+ perror("chroot");
+ return 1;
+ }
+ }
+
if(dropprivileges(gr, us) < 0) {
perror("dropprivileges");
close(listfd);
