From nobody Mon Aug 12 22:36:23 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WjTrl4D1cz5TKBb; Mon, 12 Aug 2024 22:36:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WjTrl1sHwz4cXf; Mon, 12 Aug 2024 22:36:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723502183; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6Tg1g79avV+S396q6e+7i5vP/FWbBo+Bn/GGKdAZcvY=; b=d1lhM8bSZnBXrnQvIAdJCd5X12+LZvWkrLPIIfFKvmGKSXA9VqvSJpMk5QLjeBrJF6TnBd 0Iw8hm8eh1fRHlmm/g6FVVh66FavY9huKBerPNq/G8muNrq3Sr5S/sjx73Iib0tMQzSrnx oy3m9XuoDMoX+bfUAtoJ6AuuM3lGwuPRZ6TcQtb7peTeRj6utH6JrvvL3TA8tS+pjL7Y7L HcJbSVlemBRB21iiCBR6pxkDcsY2Lwv4VN5DOemiabuTx9J9qhARhTvSKR5TS7o4b9qWcD fA8pfuuo69Rx0bzDxRENRK/mi8Ei2z0kDhCtYHs7iL54eAAuUb3xdFS65nIQbQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723502183; a=rsa-sha256; cv=none; b=iS0d/RUI2pGIu9dWSLFAdx4QR5iCaYyO23/eMVqqeYfNTQBnij8o9DeNi7we3Gw/mGEEd2 C27yafCceOsMrAw09uHP2idEi3l5IeQNgeXtcNMvBqYtKLPfDn2nCCP7wqi1imWHV6bEmY njl1mcDx0Gpm16SRllpg9f5KCwCE0wLvBiYGN6gC6dF7g0+6T0VZWy0ApFssjfMnyUmq1r sNuokMXNIuWbbEo2iGqmfl31nILTVw3trhO7QZIvZUyFGJEMhNsIAgYzjdNfGG7kS1laj8 D3nGROxqynYleRh4leye/YDaWq1SVELXehkyOP3LbfPJbg4wbrUwuG050wJyDA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723502183; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6Tg1g79avV+S396q6e+7i5vP/FWbBo+Bn/GGKdAZcvY=; b=dPLByRnAxROwd8KajgxuUdALkWFiem/WrMgzkmJI5GJ7+ZVsDe5MfpPDRZmDUs7VpsrjMn a4tFtFWx/CR6lVtcEfQ0HK9EEYWwKL0H3kr+FiRqtNACDSqPt5BvJadaOw3UxQfK4qWn/2 VTm8RUFRVuzR4j8jF4jA2SnQdnZVOm1fu+izadlZW6wskzhA1/ylZz1tPzrVTa412t491C P+DhG9B7A1GhCidRDbbRMMpI6DcsfFyiu3tMeNRC1InB50ITX1w5aZjnJu0lGLcIO9ev1R 2Nxzbqm8woqYFfeGEESEOH+5i4fW/lD+aNEb1hO/b1De+fq974FrUn5bWGxJvA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WjTrl1NYGzlgV; Mon, 12 Aug 2024 22:36:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 47CMaNfm020730; Mon, 12 Aug 2024 22:36:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 47CMaNlK020727; Mon, 12 Aug 2024 22:36:23 GMT (envelope-from git) Date: Mon, 12 Aug 2024 22:36:23 GMT Message-Id: <202408122236.47CMaNlK020727@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Jamie Gritton Subject: git: 5cf705491727 - main - jail: only chdir to user's home directory when user is specified List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jamie X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5cf705491727dd963485f9911ee3d52c3bf148db Auto-Submitted: auto-generated The branch main has been updated by jamie: URL: https://cgit.FreeBSD.org/src/commit/?id=5cf705491727dd963485f9911ee3d52c3bf148db commit 5cf705491727dd963485f9911ee3d52c3bf148db Author: Jamie Gritton AuthorDate: 2024-08-12 22:23:28 +0000 Commit: Jamie Gritton CommitDate: 2024-08-12 22:23:28 +0000 jail: only chdir to user's home directory when user is specified jail(8) with the "exec.clean" parameter not only cleans the enviromnent variables before running commands, but also changes to the user's home directory. While this makes sense when auser is specified (via one of the exec.*_user parameters), it leads to all commands being run in the jail's /root directory even in the absence of an explicitly specified user. This can lead to problems when e.g. rc scripts are run from that non-world-readable directory, and run counter to expectations that jail startup is analogous to system startup. Restrict this behvaiour to only users exlicitly specified, either via the command line or jail parameters, but not the implicit root user. While this changes long-stand practice, it's the more intuitive action. jexec(8) has the same problem, and the same fix. PR: 277210 Reported by: johannes.kunde at gmail Differential Revision: https://reviews.freebsd.org/D46226 --- usr.sbin/jail/command.c | 2 +- usr.sbin/jail/jail.8 | 7 ++++++- usr.sbin/jexec/jexec.8 | 7 ++++++- usr.sbin/jexec/jexec.c | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c index 60893444e9de..fe6563230bde 100644 --- a/usr.sbin/jail/command.c +++ b/usr.sbin/jail/command.c @@ -788,7 +788,7 @@ run_command(struct cfjail *j) setenv("HOME", pwd->pw_dir, 1); setenv("SHELL", *pwd->pw_shell ? pwd->pw_shell : _PATH_BSHELL, 1); - if (clean && chdir(pwd->pw_dir) < 0) { + if (clean && username && chdir(pwd->pw_dir) < 0) { jail_warnx(j, "chdir %s: %s", pwd->pw_dir, strerror(errno)); exit(1); diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index 2ecb711c971f..19e89ce661a9 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd June 24, 2024 +.Dd August 12, 2024 .Dt JAIL 8 .Os .Sh NAME @@ -873,8 +873,13 @@ are set to the target login's default values. is set to the target login. .Ev TERM is imported from the current environment. +.Ev PATH +is set to "/bin:/usr/bin". The environment variables from the login class capability database for the target login are also set. +If a user is specified (as with +.Va exec.jail_user ) , +commands are run from that (possibly jailed) user's directory. .It Va exec.jail_user The user to run commands as, when running in the jail environment. The default is to run the commands as the current user. diff --git a/usr.sbin/jexec/jexec.8 b/usr.sbin/jexec/jexec.8 index 4400cbbe56a3..431978c4d0ae 100644 --- a/usr.sbin/jexec/jexec.8 +++ b/usr.sbin/jexec/jexec.8 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd October 7, 2023 +.Dd August 12, 2024 .Dt JEXEC 8 .Os .Sh NAME @@ -55,6 +55,11 @@ The environment is discarded except for and anything from the login class capability database for the user. .Ev PATH is set to "/bin:/usr/bin". +If a user is specified (via +.Fl u +or +.Fl U ) , +commands are run from that (possibly jailed) user's directory. .It Fl u Ar username The user name from host environment as whom the .Ar command diff --git a/usr.sbin/jexec/jexec.c b/usr.sbin/jexec/jexec.c index 7a32efa34031..35fd9c8d20e4 100644 --- a/usr.sbin/jexec/jexec.c +++ b/usr.sbin/jexec/jexec.c @@ -129,7 +129,7 @@ main(int argc, char *argv[]) setenv("HOME", pwd->pw_dir, 1); setenv("SHELL", *pwd->pw_shell ? pwd->pw_shell : _PATH_BSHELL, 1); - if (clean && chdir(pwd->pw_dir) < 0) + if (clean && username && chdir(pwd->pw_dir) < 0) err(1, "chdir: %s", pwd->pw_dir); endpwent(); }