jexec-host/jexec-host.c at master · bsdci/jexec-host · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>

#include <sys/param.h>
#include <sys/jail.h>

#include <gelf.h>
#include <jail.h>
#include <libelf.h>

/*
 * Chek if the given executable is dynamic
 */
static int is_dynamic(const char *executable) {
    size_t phnum = 0;
    int index = 0;
    int ret = 0;
    GElf_Phdr program_header;
    Elf *elf = NULL;
    int fd = -1;

    if ((fd = open(executable, O_RDONLY)) < 0)
        err(-1, "could not open executable");

    // Initialize libelf
    (void) elf_version(EV_CURRENT);

    if ((elf = elf_begin(fd, ELF_C_READ, NULL)) == NULL) {
        warn("could not read ELF file");
        goto error;
    }

    if (elf_getphdrnum(elf, &phnum) != 0) {
        warn("could not read number of program headers");
        goto error;
    }

    for (index = 0; index < phnum; index ++) {
        if (gelf_getphdr(elf, index, &program_header) == NULL) {
            warn("could not get program header %i", index);
            goto error;
        }

        if (program_header.p_type == PT_DYNAMIC) {
            ret = 1;
            goto cleanup;
        }
    }

 cleanup:
    free(elf);
    close(fd);
    return ret;

 error:
    free(elf);
    close(fd);
    exit(-1);
}

static void jexec_static(int jid, char *const *argv, char *const *envp) {
    int fd = -1;

    if ((fd = open(argv[0], O_RDONLY | O_EXEC)) < 0)
        err(-1, "could not open static executable");

    if (jail_attach(jid) != 0)
        err(-1, "could not attach to jail");

    if (fexecve(fd, argv, envp) < 0)
        err(-1, "could not execute process");
}

static void jexec_dynamic(int jid, char *const *argv, char *const *envp) {
    errc(-1, ENOSYS, "Dynamic executables are not supported yet");
}

void jexec(int jid, char *const *argv, char *const *envp) {
    if (is_dynamic(argv[0]))
        jexec_dynamic(jid, argv, envp);
    else
        jexec_static(jid, argv, envp);
}

int main(int argc, char *const *argv, char *const *envp) {
    long jid = -1;

    if (argc < 3) {
        printf("usage: %s <jid> <command> <command arguments>\n", argv[0]);
        return -1;
    }

    if ((jid = jail_getid(argv[1])) == -1)
        errx(-1, "could not get JID (jail does not exist)");

    jexec(jid, &argv[2], envp);
}