stackoom
  简体   繁体   中英

How can I jail the user inside a directory

 原文  2017-04-25 07:54:05       c/ file/ io

Question

Lets say my I've the path /home/sn/stuff/ . And the user now enters ../secretStuff/secret.txt . Now the user is in /home/sn/secretStuff and can read everything inside of it.

How do I stop this from happening? Is it okay to just do not tolerate any .. in the path the user enters?

2 answers

solution1
 2 ACCPTED  2017-04-25 08:21:54

There are various ways to "break from jail":

  • Entering an absolute path not within the jail
  • Entering a relative path leading out of the jail
  • Somehow constructing a link (softlink, hardlink, mount, ...) inside the jail to something outside the jail (by exploiting some other vulnerability)
  • Whatever I didn't think of (see comment)

As you didn't really specify the scenario, it's hard to say what kind of potential exploits you are looking at, and how far you would want to go to avoid them.

You should, at the very least, sanity-check the user's inputs (eg using realpath , which is much more reliable than string-parsing the user input yourself and covers absolute, relative, and paths with softlinks in them in one go).

You might want to disallow access to hardlinks (using fstat and checking nlink_t ).

Depending on the level of security required, you might want to check chroot as well, which would allow you to cherry-pick what the user can even see of your system. But that requires quite some additional "plumbing".

solution2
 0  2017-04-25 08:21:19

If I understood correctly, you'd like the user to be jailed into a folder. You may want to use strncmp to check if the base folder matches your jail as such: 

#include <stdio.h>  /* printf, fprintf */
#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE */
#include <string.h> /* strncmp */

#define JAIL_FOLDER "/home/user"

int main(int argc, char **argv)
{
  if (argc < 2)
    return EXIT_FAILURE;
  if (strncmp(argv[1], JAIL_FOLDER, strlen(JAIL_FOLDER)) != 0)
    {
      fprintf(stderr, "Error, folder outside of jail\n");
      return EXIT_FAILURE;
    }
  printf("Access Granted to Folder\n");
  return EXIT_SUCCESS;
}

This method however requires a bit of parsing in case user is already in a folder and uses a relative path.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to execute shell command inside a chroot jail How to execute linux command in a chroot jail How can I programatically determine my Active Directory domain using just my User Principal Name in C? C - How can I store (from user-based input) various strings in an array inside a structure? How can I create directory tree in C? How can I specify the objects directory makefile? How can I serialize access to a directory in Linux? How do I create a file inside a hidden directory? how can I get the number of directories in a directory? How can I check if a directory exists?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM