Commit graph

14 commits

Author SHA1 Message Date
12e4cd391a Don't use printf in signal handler 2021-01-15 20:22:22 +01:00
5fbd7abd26 More explanation 2021-01-15 20:22:22 +01:00
9ef65e0f4c Drop group rights first
We might not be able to drop group rights after dropping user rights
so do group rights first.
2021-01-15 20:22:22 +01:00
ab8ef29376 Fix error message for setresgid 2021-01-15 20:22:22 +01:00
1ab32c39d0 Merge all the various definitions of the err variable 2021-01-15 20:22:22 +01:00
b94fa5bfcf Clean up code style 2021-01-15 20:22:22 +01:00
6bd03ad564 Add sanity check
As a sanity check whether we're able to regain root after dropping
it. If we are able to, then something went wrong.
2021-01-15 20:22:22 +01:00
650a576c56 Make dropped root privileges permanent
seteuid sets the effective uid but at the same time retains the old
effective uid as a so called saved uid, which allows the process to go
back to root at a later point in time. As we don't want that, we use
the function setresuid and setresgid instead, allowing to set the
real, effective and saved uid/gid. We keep the real uid/gid unchanged,
but set the effective and saved uid/gid to the value of the real uid.
This forbids us to not regain root priviliges.
2021-01-15 20:22:22 +01:00
5fe9ba36a2 Add signal handler for SIGTERM
When the head process receives a SIGTERM we have to forward that to the init
process, which in turn has to forward it to the executed process which is
jailed. That process can then decide to exit, which also terminates the init and
head process through SIGCHILD/wait means.
2021-01-12 19:51:05 +01:00
1f5e1a9c1f Drop root privileges earlier
We don't need the root privileges after we unshare and the first fork. Therefor
we can drop those for safety reasons.
2021-01-12 19:50:07 +01:00
f3cd63c137 Use execvp instead execv
execvp resolves the executable location using PATH
2021-01-12 13:24:08 +01:00
8ac3b8afe3 Add install target to Makefile 2021-01-07 21:13:59 +01:00
2c397da373 Initial version 2021-01-06 04:42:04 +01:00
3f5f72f940 Initial empty commit. 2021-01-06 04:37:43 +01:00