git: 5cf705491727 - main - jail: only chdir to user's home directory when user is specified
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 12 Aug 2024 22:36:23 UTC
The branch main has been updated by jamie:
URL: https://cgit.FreeBSD.org/src/commit/?id=5cf705491727dd963485f9911ee3d52c3bf148db
commit 5cf705491727dd963485f9911ee3d52c3bf148db
Author: Jamie Gritton <jamie@FreeBSD.org>
AuthorDate: 2024-08-12 22:23:28 +0000
Commit: Jamie Gritton <jamie@FreeBSD.org>
CommitDate: 2024-08-12 22:23:28 +0000
jail: only chdir to user's home directory when user is specified
jail(8) with the "exec.clean" parameter not only cleans the enviromnent
variables before running commands, but also changes to the user's home
directory. While this makes sense when auser is specified (via one of
the exec.*_user parameters), it leads to all commands being run in the
jail's /root directory even in the absence of an explicitly specified
user. This can lead to problems when e.g. rc scripts are run from that
non-world-readable directory, and run counter to expectations that jail
startup is analogous to system startup.
Restrict this behvaiour to only users exlicitly specified, either via
the command line or jail parameters, but not the implicit root user.
While this changes long-stand practice, it's the more intuitive action.
jexec(8) has the same problem, and the same fix.
PR: 277210
Reported by: johannes.kunde at gmail
Differential Revision: https://reviews.freebsd.org/D46226
---
usr.sbin/jail/command.c | 2 +-
usr.sbin/jail/jail.8 | 7 ++++++-
usr.sbin/jexec/jexec.8 | 7 ++++++-
usr.sbin/jexec/jexec.c | 2 +-
4 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c
index 60893444e9de..fe6563230bde 100644
--- a/usr.sbin/jail/command.c
+++ b/usr.sbin/jail/command.c
@@ -788,7 +788,7 @@ run_command(struct cfjail *j)
setenv("HOME", pwd->pw_dir, 1);
setenv("SHELL",
*pwd->pw_shell ? pwd->pw_shell : _PATH_BSHELL, 1);
- if (clean && chdir(pwd->pw_dir) < 0) {
+ if (clean && username && chdir(pwd->pw_dir) < 0) {
jail_warnx(j, "chdir %s: %s",
pwd->pw_dir, strerror(errno));
exit(1);
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 2ecb711c971f..19e89ce661a9 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd June 24, 2024
+.Dd August 12, 2024
.Dt JAIL 8
.Os
.Sh NAME
@@ -873,8 +873,13 @@ are set to the target login's default values.
is set to the target login.
.Ev TERM
is imported from the current environment.
+.Ev PATH
+is set to "/bin:/usr/bin".
The environment variables from the login class capability database for the
target login are also set.
+If a user is specified (as with
+.Va exec.jail_user ) ,
+commands are run from that (possibly jailed) user's directory.
.It Va exec.jail_user
The user to run commands as, when running in the jail environment.
The default is to run the commands as the current user.
diff --git a/usr.sbin/jexec/jexec.8 b/usr.sbin/jexec/jexec.8
index 4400cbbe56a3..431978c4d0ae 100644
--- a/usr.sbin/jexec/jexec.8
+++ b/usr.sbin/jexec/jexec.8
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd October 7, 2023
+.Dd August 12, 2024
.Dt JEXEC 8
.Os
.Sh NAME
@@ -55,6 +55,11 @@ The environment is discarded except for
and anything from the login class capability database for the user.
.Ev PATH
is set to "/bin:/usr/bin".
+If a user is specified (via
+.Fl u
+or
+.Fl U ) ,
+commands are run from that (possibly jailed) user's directory.
.It Fl u Ar username
The user name from host environment as whom the
.Ar command
diff --git a/usr.sbin/jexec/jexec.c b/usr.sbin/jexec/jexec.c
index 7a32efa34031..35fd9c8d20e4 100644
--- a/usr.sbin/jexec/jexec.c
+++ b/usr.sbin/jexec/jexec.c
@@ -129,7 +129,7 @@ main(int argc, char *argv[])
setenv("HOME", pwd->pw_dir, 1);
setenv("SHELL",
*pwd->pw_shell ? pwd->pw_shell : _PATH_BSHELL, 1);
- if (clean && chdir(pwd->pw_dir) < 0)
+ if (clean && username && chdir(pwd->pw_dir) < 0)
err(1, "chdir: %s", pwd->pw_dir);
endpwent();
}