aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2018-12-02 21:09:06 +0100
committerKarel Kočí <cynerd@email.cz>2018-12-02 21:09:06 +0100
commit08afc3a98b7385ea2439dec1aac0f41c4c14c408 (patch)
treea7bda6afb61a8d9da4ab0aff7ac993e823661578
parent5a7d5fa43536484508aad9d9553f64a33212311b (diff)
downloaduroot-0.1.tar.gz
uroot-0.1.tar.bz2
uroot-0.1.zip
Update to working versionv0.1
Still way off from something usable by someone else but it already works for me.
-rw-r--r--Makefile.am2
-rw-r--r--README.md51
-rw-r--r--child.c60
-rw-r--r--child.h37
-rw-r--r--conf.h25
-rw-r--r--main.c103
-rw-r--r--sigpipe.c46
-rw-r--r--sigpipe.h34
-rw-r--r--utils.c55
-rw-r--r--utils.h34
10 files changed, 392 insertions, 55 deletions
diff --git a/Makefile.am b/Makefile.am
index a451a6d..711f06a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,2 +1,2 @@
bin_PROGRAMS = uroot
-uroot_SOURCES = main.c utils.c
+uroot_SOURCES = main.c utils.c child.c sigpipe.c
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..b456289
--- /dev/null
+++ b/README.md
@@ -0,0 +1,51 @@
+uroot (User's root)
+===================
+Tool that uses Linux namespaces and resource separation to provide root like
+functionality even under unprivileged user on Linux systems. This is more commonly
+known as unprivileged containers. Difference between this project and full fledge
+containerization solution is that this tools tries to provide less separation to
+allow more versatile uses. See example usages if you are not sure what this can
+do. There is also section with limitations stating what you can't do with this
+tool.
+
+In general this tools allows you to imaginary become root. This has a lot of use
+cases outside of just creating full containers. You can use it to control some bad
+behaving program without fully separating it from host system.
+
+System setup
+------------
+TODO (describe shadow requirements)
+
+Limitations of this tools
+-------------------------
+This tool is not perfect as well as technology it uses is not perfect. There can
+be bugs and there are for sure unimplemented features. This section provides you
+with information about some known problems that we are unable to solve because of
+limitations of used technology. Please check this list before you report problem
+or even before you use tool it self.
+
+### Block devices are no go
+Unfortunately current implementation of namespaces, primarily mount points
+unshare, does not support usage of block devices subsystem. That is kernel
+subsystem handling access to storage devices. Most of kernel file system drivers
+are implemented on top of block devices and because of that non of those file
+systems can be used. This means that you can modify (mount) only already mounted
+file systems or system file systems such as tmpfs or procfs. Allowing user access
+to `/dev` device is not enough to fix this issue. This also means that you are not
+able to use FUSE file systems.
+
+Example usages
+--------------
+On top of making you look cool that you are able to get root on system you should
+not (those hacking skills) this tool also have some real live uses. Some of them
+can be clear cut but some usages might not be immediately clear. That is the main
+reason why this section exists. It also should give you hints to common traps.
+
+### chroot
+TODO
+
+### Single killable process
+TODO
+
+### Network isolation
+TODO
diff --git a/child.c b/child.c
new file mode 100644
index 0000000..d087064
--- /dev/null
+++ b/child.c
@@ -0,0 +1,60 @@
+/* uroot - User's root
+ * child.c Source file for child with unshared resources
+ *
+ * Copyright (C) 2018 Karel Kočí
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+#define _GNU_SOURCE
+#include "child.h"
+#include <stdlib.h>
+#include <sys/mount.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include "utils.h"
+
+int child_main(void *_args) {
+ struct child_args *args = _args;
+ sigpipe_wait(args->sigpipe);
+
+ // Change some mount points to private
+ mount("none", "/", NULL, MS_REC | MS_PRIVATE, NULL);
+ assert_perror(errno);
+ /*
+ mount("none", "/proc", NULL, MS_REC | MS_PRIVATE, NULL);
+ assert_perror(errno);
+ mount("none", "/sys", NULL, MS_REC | MS_PRIVATE, NULL);
+ assert_perror(errno);
+ */
+ // Mount new proc filesystem for this namespace
+ mount("proc", "/proc", "proc", MS_NOSUID | MS_NODEV | MS_NOEXEC, NULL);
+ assert_perror(errno);
+ //mount("binfmt_misc", "/proc/sys/fs/binfmt_misc", "binfmt_misc", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL);
+ //assert_perror(errno);
+
+ if (args->argc <= 1) {
+ const char *shell = get_shell();
+ execl(shell, shell, NULL);
+ } else {
+ char *new_argv[args->argc + 1];
+ memcpy(new_argv, args->argv + 1, args->argc * sizeof *new_argv);
+ new_argv[args->argc] = NULL;
+ execvp(args->argv[1], new_argv);
+ assert_perror(errno);
+ }
+ return 1;
+}
diff --git a/child.h b/child.h
new file mode 100644
index 0000000..18909e4
--- /dev/null
+++ b/child.h
@@ -0,0 +1,37 @@
+/* uroot - User's root
+ * child.h Header file for child with unshared resources
+ *
+ * Copyright (C) 2018 Karel Kočí
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+#ifndef _UROOT_CHILD_H_
+#define _UROOT_CHILD_H_
+
+#include <sys/types.h>
+#include "sigpipe.h"
+
+// Arguments passed to child_main function
+struct child_args {
+ pid_t ppid; // Paret pid
+ int argc;
+ char **argv;
+ sigpipe_t sigpipe;
+};
+
+// Function used as a main for child process
+int child_main(void *_args);
+
+#endif
diff --git a/conf.h b/conf.h
new file mode 100644
index 0000000..eb18439
--- /dev/null
+++ b/conf.h
@@ -0,0 +1,25 @@
+/* uroot - User's root
+ * conf.h Header file with various configuration values
+ *
+ * Copyright (C) 2018 Karel Kočí
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+// Default shell used if SHELL variable is not set
+#define DEFAULT_SHELL "/bin/sh"
+
+// Size of stack used by child process (at least untill exec is called)
+#define STACK_SIZE ( 1024 * 1024 )
diff --git a/main.c b/main.c
index a20f6ff..7957be3 100644
--- a/main.c
+++ b/main.c
@@ -1,58 +1,63 @@
+/* uroot - User's root
+ * main.c Source file with main function
+ *
+ * Copyright (C) 2018 Karel Kočí
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
#define _GNU_SOURCE
#include <stdio.h>
-#include <stdlib.h>
-#include <stdbool.h>
-#include <unistd.h>
#include <sys/types.h>
-#include <sched.h>
-#include <errno.h>
-#include <assert.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <sys/mount.h>
#include <sys/wait.h>
+#include <sched.h>
+#include <unistd.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include "child.h"
#include "utils.h"
+#include "sigpipe.h"
+#include "conf.h"
-void sigint_handler(int sig) { }
int main(int argc, char **argv) {
- pid_t ppid = getpid();
-
- if (!fork()) {
- system(aprintf("newuidmap %d 0 %d 1 1 65537 65536", ppid, getuid()));
- system(aprintf("newgidmap %d 0 %d 1 1 65537 65536", ppid, getgid()));
- kill(ppid, SIGINT);
- return 0;
- }
-
- unshare(CLONE_NEWNS | CLONE_NEWUSER | CLONE_NEWPID);
-
- signal(SIGINT, sigint_handler);
- pause();
- errno = 0; // Just clear error from pause()
-
- pid_t chpid = fork();
- if (chpid) {
- int stat;
- waitpid(chpid, &stat, 0);
- return stat;
- }
-
- // mount /sys and /proc
- mount("none", "/", NULL, MS_REC | MS_PRIVATE, NULL);
- assert_perror(errno);
- mount("none", "/proc", NULL, MS_REC | MS_PRIVATE, NULL);
- assert_perror(errno);
- mount("none", "/sys", NULL, MS_REC | MS_PRIVATE, NULL);
- assert_perror(errno);
- mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL);
- assert_perror(errno);
-
- // mount proc to root
- // rbind mount dev and sys to root
-
- // TODO verify that all upper directories have +rx rights
- // TODO chroot
- execv("/bin/sh", NULL);
+ // TODO arguments parsing
+
+ struct child_args chargs = (struct child_args) {
+ .ppid = getpid(),
+ .argc = argc,
+ .argv = argv,
+ .sigpipe = sigpipe_new()
+ };
+
+ uint8_t stack[STACK_SIZE];
+ pid_t chpid = clone(child_main, stack + STACK_SIZE,
+ SIGCHLD | CLONE_NEWNS | CLONE_NEWUSER | CLONE_NEWPID,
+ &chargs);
+
+#define FAIL(MSG) do { fputs(MSG, stderr); kill(chpid, SIGKILL); return 1; } while (false);
+ if (new_map_id("uid", chpid, getuid()))
+ FAIL("Mapping of uid failed!\n");
+ if (new_map_id("gid", chpid, getgid()))
+ FAIL("Mapping of gid failed!\n");
+
+ sigpipe_signal(chargs.sigpipe);
+
+ int stat;
+ waitpid(chpid, &stat, 0);
+ if (WIFEXITED(stat))
+ return WEXITSTATUS(stat);
+ else
+ return WIFSIGNALED(stat) || WCOREDUMP(stat);
}
diff --git a/sigpipe.c b/sigpipe.c
new file mode 100644
index 0000000..d653cbe
--- /dev/null
+++ b/sigpipe.c
@@ -0,0 +1,46 @@
+/* uroot - User's root
+ * sigpipe.c Source file for signaling pipe implementation
+ *
+ * Copyright (C) 2018 Karel Kočí
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+#define _GNU_SOURCE
+#include "sigpipe.h"
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <assert.h>
+
+sigpipe_t sigpipe_new() {
+ sigpipe_t sp = malloc(2 * sizeof(int));
+ if (!pipe(sp))
+ assert_perror(errno);
+ return sp;
+}
+
+void sigpipe_wait(sigpipe_t sp) {
+ close(sp[1]);
+ char ch;
+ while (read(sp[0], &ch, 1) > 0);
+ assert_perror(errno);
+ free(sp);
+}
+
+void sigpipe_signal(sigpipe_t sp) {
+ close(sp[0]);
+ close(sp[1]);
+ free(sp);
+}
diff --git a/sigpipe.h b/sigpipe.h
new file mode 100644
index 0000000..9152b69
--- /dev/null
+++ b/sigpipe.h
@@ -0,0 +1,34 @@
+/* uroot - User's root
+ * sigpipe.h Header file for signaling pipe implementation
+ *
+ * Copyright (C) 2018 Karel Kočí
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+#ifndef _UROOT_SIGPIPE_H_
+#define _UROOT_SIGPIPE_H_
+
+
+typedef int* sigpipe_t;
+
+// Create new sigpipe
+sigpipe_t sigpipe_new();
+// Wait until other end calls sigpipe_signal.
+// It returns immediately in case it already happened.
+void sigpipe_wait(sigpipe_t);
+// Notify waiting end that it can continue execution.
+void sigpipe_signal(sigpipe_t);
+
+#endif
diff --git a/utils.c b/utils.c
index 04806dd..e4f771d 100644
--- a/utils.c
+++ b/utils.c
@@ -1,4 +1,31 @@
+/* uroot - User's root
+ * utils.c Source file with various utility functions
+ *
+ * Copyright (C) 2018 Karel Kočí
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <sys/wait.h>
#include "utils.h"
+#include "conf.h"
// Compute the size needed (including \0) to format given message
size_t printf_len(const char *msg, ...) {
@@ -17,3 +44,31 @@ char *printf_into(char *dst, const char *msg, ...) {
va_end(args);
return dst;
}
+
+const char *get_shell() {
+ const char *ret;
+ ret = secure_getenv("SHELL");
+ if (!ret)
+ ret = DEFAULT_SHELL;
+ return ret;
+}
+
+int new_map_id(const char *idtp, pid_t pid, int id) {
+ // TODO check /etc/sub* for current user subids and map them
+ pid_t chld = fork();
+ if (!chld) {
+ char *tool = aprintf("new%smap", idtp);
+ char *const args[] = {
+ tool, aprintf("%d", pid),
+ "0", aprintf("%d", id), "1",
+ "1", "65537", "65536",
+ NULL
+ };
+ execvp(tool, args);
+ abort();
+ }
+ int stat;
+ waitpid(chld, &stat, 0);
+ return stat;
+}
+
diff --git a/utils.h b/utils.h
index 9e5984d..b9c943f 100644
--- a/utils.h
+++ b/utils.h
@@ -1,10 +1,28 @@
-#ifndef _UTILS_H_
-#define _UTILS_H_
+/* uroot - User's root
+ * utils.h Header file with various utility functions
+ *
+ * Copyright (C) 2018 Karel Kočí
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+#ifndef _UROOT_UTILS_H_
+#define _UROOT_UTILS_H_
#define _GNU_SOURCE
-#include <stdio.h>
-#include <stdarg.h>
#include <alloca.h>
+#include <sys/types.h>
// Compute the size needed (including \0) to format given message
size_t printf_len(const char *msg, ...) __attribute__((format(printf, 1, 2)));
@@ -14,4 +32,10 @@ char *printf_into(char *dst, const char *msg, ...) __attribute__((format(printf,
// uses the arguments multiple times, so beware of side effects.
#define aprintf(...) printf_into(alloca(printf_len(__VA_ARGS__)), __VA_ARGS__)
-#endif /* _UTILS_H_ */
+// returns path to shell interpreter
+const char *get_shell();
+
+// call newuidmap and newgidmap for process of given pid
+int new_map_id(const char *idtp, pid_t pid, int id);
+
+#endif