exec_script.c revision 1.66.18.1
1 1.66.18.1 tls /* $NetBSD: exec_script.c,v 1.66.18.1 2014/08/20 00:04:28 tls Exp $ */ 2 1.8 cgd 3 1.1 cgd /* 4 1.14 cgd * Copyright (c) 1993, 1994, 1996 Christopher G. Demetriou 5 1.1 cgd * All rights reserved. 6 1.1 cgd * 7 1.1 cgd * Redistribution and use in source and binary forms, with or without 8 1.1 cgd * modification, are permitted provided that the following conditions 9 1.1 cgd * are met: 10 1.1 cgd * 1. Redistributions of source code must retain the above copyright 11 1.1 cgd * notice, this list of conditions and the following disclaimer. 12 1.1 cgd * 2. Redistributions in binary form must reproduce the above copyright 13 1.1 cgd * notice, this list of conditions and the following disclaimer in the 14 1.1 cgd * documentation and/or other materials provided with the distribution. 15 1.1 cgd * 3. All advertising materials mentioning features or use of this software 16 1.1 cgd * must display the following acknowledgement: 17 1.1 cgd * This product includes software developed by Christopher G. Demetriou. 18 1.1 cgd * 4. The name of the author may not be used to endorse or promote products 19 1.3 jtc * derived from this software without specific prior written permission 20 1.1 cgd * 21 1.1 cgd * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 1.1 cgd * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 1.1 cgd * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 1.1 cgd * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 1.1 cgd * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 1.1 cgd * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 1.1 cgd * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 1.1 cgd * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 1.1 cgd * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 1.1 cgd * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 1.1 cgd */ 32 1.30 lukem 33 1.30 lukem #include <sys/cdefs.h> 34 1.66.18.1 tls __KERNEL_RCSID(0, "$NetBSD: exec_script.c,v 1.66.18.1 2014/08/20 00:04:28 tls Exp $"); 35 1.1 cgd 36 1.1 cgd #if defined(SETUIDSCRIPTS) && !defined(FDSCRIPTS) 37 1.1 cgd #define FDSCRIPTS /* Need this for safe set-id scripts. */ 38 1.1 cgd #endif 39 1.1 cgd 40 1.1 cgd #include <sys/param.h> 41 1.1 cgd #include <sys/systm.h> 42 1.1 cgd #include <sys/proc.h> 43 1.61 yamt #include <sys/kmem.h> 44 1.1 cgd #include <sys/vnode.h> 45 1.1 cgd #include <sys/namei.h> 46 1.1 cgd #include <sys/file.h> 47 1.18 christos #ifdef SETUIDSCRIPTS 48 1.18 christos #include <sys/stat.h> 49 1.18 christos #endif 50 1.1 cgd #include <sys/filedesc.h> 51 1.1 cgd #include <sys/exec.h> 52 1.1 cgd #include <sys/resourcevar.h> 53 1.63 ad #include <sys/module.h> 54 1.1 cgd #include <sys/exec_script.h> 55 1.38 matt #include <sys/exec_elf.h> 56 1.1 cgd 57 1.66.18.1 tls MODULE(MODULE_CLASS_EXEC, exec_script, NULL); 58 1.63 ad 59 1.66.18.1 tls static struct execsw exec_script_execsw = { 60 1.66.18.1 tls .es_hdrsz = SCRIPT_HDR_SIZE, 61 1.66.18.1 tls .es_makecmds = exec_script_makecmds, 62 1.66.18.1 tls .u = { 63 1.66.18.1 tls .elf_probe_func = NULL, 64 1.66.18.1 tls }, 65 1.66.18.1 tls .es_emul = NULL, 66 1.66.18.1 tls .es_prio = EXECSW_PRIO_ANY, 67 1.66.18.1 tls .es_arglen = 0, 68 1.66.18.1 tls .es_copyargs = NULL, 69 1.66.18.1 tls .es_setregs = NULL, 70 1.66.18.1 tls .es_coredump = NULL, 71 1.66.18.1 tls .es_setup_stack = exec_setup_stack, 72 1.63 ad }; 73 1.63 ad 74 1.63 ad static int 75 1.63 ad exec_script_modcmd(modcmd_t cmd, void *arg) 76 1.63 ad { 77 1.63 ad 78 1.63 ad switch (cmd) { 79 1.63 ad case MODULE_CMD_INIT: 80 1.66.18.1 tls return exec_add(&exec_script_execsw, 1); 81 1.63 ad 82 1.63 ad case MODULE_CMD_FINI: 83 1.66.18.1 tls return exec_remove(&exec_script_execsw, 1); 84 1.63 ad 85 1.63 ad case MODULE_CMD_AUTOUNLOAD: 86 1.63 ad /* 87 1.63 ad * We don't want to be autounloaded because our use is 88 1.63 ad * transient: no executables with p_execsw equal to 89 1.63 ad * exec_script_execsw will exist, so FINI will never 90 1.63 ad * return EBUSY. However, the system will run scripts 91 1.63 ad * often. Return EBUSY here to prevent this module from 92 1.63 ad * ping-ponging in and out of the kernel. 93 1.63 ad */ 94 1.63 ad return EBUSY; 95 1.63 ad 96 1.63 ad default: 97 1.63 ad return ENOTTY; 98 1.66.18.1 tls } 99 1.63 ad } 100 1.63 ad 101 1.1 cgd /* 102 1.1 cgd * exec_script_makecmds(): Check if it's an executable shell script. 103 1.1 cgd * 104 1.1 cgd * Given a proc pointer and an exec package pointer, see if the referent 105 1.1 cgd * of the epp is in shell script. If it is, then set thing up so that 106 1.1 cgd * the script can be run. This involves preparing the address space 107 1.1 cgd * and arguments for the shell which will run the script. 108 1.1 cgd * 109 1.1 cgd * This function is ultimately responsible for creating a set of vmcmds 110 1.1 cgd * which can be used to build the process's vm space and inserting them 111 1.1 cgd * into the exec package. 112 1.1 cgd */ 113 1.1 cgd int 114 1.45 christos exec_script_makecmds(struct lwp *l, struct exec_package *epp) 115 1.1 cgd { 116 1.1 cgd int error, hdrlinelen, shellnamelen, shellarglen; 117 1.1 cgd char *hdrstr = epp->ep_hdr; 118 1.64 dholland char *cp, *shellname, *shellarg; 119 1.61 yamt size_t shellargp_len; 120 1.61 yamt struct exec_fakearg *shellargp; 121 1.61 yamt struct exec_fakearg *tmpsap; 122 1.66 dholland struct pathbuf *shell_pathbuf; 123 1.1 cgd struct vnode *scriptvp; 124 1.1 cgd #ifdef SETUIDSCRIPTS 125 1.18 christos /* Gcc needs those initialized for spurious uninitialized warning */ 126 1.18 christos uid_t script_uid = (uid_t) -1; 127 1.18 christos gid_t script_gid = NOGROUP; 128 1.1 cgd u_short script_sbits; 129 1.1 cgd #endif 130 1.1 cgd 131 1.1 cgd /* 132 1.1 cgd * if the magic isn't that of a shell script, or we've already 133 1.1 cgd * done shell script processing for this exec, punt on it. 134 1.1 cgd */ 135 1.1 cgd if ((epp->ep_flags & EXEC_INDIR) != 0 || 136 1.1 cgd epp->ep_hdrvalid < EXEC_SCRIPT_MAGICLEN || 137 1.1 cgd strncmp(hdrstr, EXEC_SCRIPT_MAGIC, EXEC_SCRIPT_MAGICLEN)) 138 1.1 cgd return ENOEXEC; 139 1.1 cgd 140 1.1 cgd /* 141 1.66.18.1 tls * Check that the shell spec is terminated by a newline, and that 142 1.66.18.1 tls * it isn't too large. 143 1.1 cgd */ 144 1.33 perry hdrlinelen = min(epp->ep_hdrvalid, SCRIPT_HDR_SIZE); 145 1.1 cgd for (cp = hdrstr + EXEC_SCRIPT_MAGICLEN; cp < hdrstr + hdrlinelen; 146 1.1 cgd cp++) { 147 1.1 cgd if (*cp == '\n') { 148 1.1 cgd *cp = '\0'; 149 1.1 cgd break; 150 1.1 cgd } 151 1.1 cgd } 152 1.1 cgd if (cp >= hdrstr + hdrlinelen) 153 1.1 cgd return ENOEXEC; 154 1.1 cgd 155 1.1 cgd /* strip spaces before the shell name */ 156 1.1 cgd for (cp = hdrstr + EXEC_SCRIPT_MAGICLEN; *cp == ' ' || *cp == '\t'; 157 1.1 cgd cp++) 158 1.1 cgd ; 159 1.66.18.1 tls if (*cp == '\0') 160 1.66.18.1 tls return ENOEXEC; 161 1.1 cgd 162 1.66.18.1 tls shellarg = NULL; 163 1.66.18.1 tls shellarglen = 0; 164 1.66.18.1 tls 165 1.66.18.1 tls /* collect the shell name; remember its length for later */ 166 1.1 cgd shellname = cp; 167 1.1 cgd shellnamelen = 0; 168 1.1 cgd for ( /* cp = cp */ ; *cp != '\0' && *cp != ' ' && *cp != '\t'; cp++) 169 1.1 cgd shellnamelen++; 170 1.1 cgd if (*cp == '\0') 171 1.1 cgd goto check_shell; 172 1.1 cgd *cp++ = '\0'; 173 1.1 cgd 174 1.1 cgd /* skip spaces before any argument */ 175 1.1 cgd for ( /* cp = cp */ ; *cp == ' ' || *cp == '\t'; cp++) 176 1.1 cgd ; 177 1.1 cgd if (*cp == '\0') 178 1.1 cgd goto check_shell; 179 1.1 cgd 180 1.1 cgd /* 181 1.1 cgd * collect the shell argument. everything after the shell name 182 1.1 cgd * is passed as ONE argument; that's the correct (historical) 183 1.1 cgd * behaviour. 184 1.1 cgd */ 185 1.1 cgd shellarg = cp; 186 1.1 cgd for ( /* cp = cp */ ; *cp != '\0'; cp++) 187 1.1 cgd shellarglen++; 188 1.1 cgd *cp++ = '\0'; 189 1.1 cgd 190 1.1 cgd check_shell: 191 1.1 cgd #ifdef SETUIDSCRIPTS 192 1.1 cgd /* 193 1.29 thorpej * MNT_NOSUID has already taken care of by check_exec, 194 1.29 thorpej * so we don't need to worry about it now or later. We 195 1.54 ad * will need to check PSL_TRACED later, however. 196 1.1 cgd */ 197 1.17 mycroft script_sbits = epp->ep_vap->va_mode & (S_ISUID | S_ISGID); 198 1.1 cgd if (script_sbits != 0) { 199 1.1 cgd script_uid = epp->ep_vap->va_uid; 200 1.1 cgd script_gid = epp->ep_vap->va_gid; 201 1.1 cgd } 202 1.1 cgd #endif 203 1.1 cgd #ifdef FDSCRIPTS 204 1.1 cgd /* 205 1.1 cgd * if the script isn't readable, or it's set-id, then we've 206 1.1 cgd * gotta supply a "/dev/fd/..." for the shell to read. 207 1.1 cgd * Note that stupid shells (csh) do the wrong thing, and 208 1.1 cgd * close all open fd's when the start. That kills this 209 1.1 cgd * method of implementing "safe" set-id and x-only scripts. 210 1.1 cgd */ 211 1.19 fvdl vn_lock(epp->ep_vp, LK_EXCLUSIVE | LK_RETRY); 212 1.59 pooka error = VOP_ACCESS(epp->ep_vp, VREAD, l->l_cred); 213 1.65 hannken VOP_UNLOCK(epp->ep_vp); 214 1.14 cgd if (error == EACCES 215 1.9 cgd #ifdef SETUIDSCRIPTS 216 1.9 cgd || script_sbits 217 1.9 cgd #endif 218 1.9 cgd ) { 219 1.1 cgd struct file *fp; 220 1.1 cgd 221 1.66.18.1 tls KASSERT(!(epp->ep_flags & EXEC_HASFD)); 222 1.1 cgd 223 1.62 ad if ((error = fd_allocfile(&fp, &epp->ep_fd)) != 0) { 224 1.18 christos scriptvp = NULL; 225 1.18 christos shellargp = NULL; 226 1.4 cgd goto fail; 227 1.18 christos } 228 1.1 cgd epp->ep_flags |= EXEC_HASFD; 229 1.1 cgd fp->f_type = DTYPE_VNODE; 230 1.1 cgd fp->f_ops = &vnops; 231 1.56 christos fp->f_data = (void *) epp->ep_vp; 232 1.1 cgd fp->f_flag = FREAD; 233 1.62 ad fd_affix(curproc, fp, epp->ep_fd); 234 1.1 cgd } 235 1.1 cgd #endif 236 1.1 cgd 237 1.64 dholland /* set up the fake args list */ 238 1.61 yamt shellargp_len = 4 * sizeof(*shellargp); 239 1.61 yamt shellargp = kmem_alloc(shellargp_len, KM_SLEEP); 240 1.1 cgd tmpsap = shellargp; 241 1.61 yamt tmpsap->fa_len = shellnamelen + 1; 242 1.61 yamt tmpsap->fa_arg = kmem_alloc(tmpsap->fa_len, KM_SLEEP); 243 1.61 yamt strlcpy(tmpsap->fa_arg, shellname, tmpsap->fa_len); 244 1.61 yamt tmpsap++; 245 1.1 cgd if (shellarg != NULL) { 246 1.61 yamt tmpsap->fa_len = shellarglen + 1; 247 1.61 yamt tmpsap->fa_arg = kmem_alloc(tmpsap->fa_len, KM_SLEEP); 248 1.61 yamt strlcpy(tmpsap->fa_arg, shellarg, tmpsap->fa_len); 249 1.61 yamt tmpsap++; 250 1.1 cgd } 251 1.61 yamt tmpsap->fa_len = MAXPATHLEN; 252 1.61 yamt tmpsap->fa_arg = kmem_alloc(tmpsap->fa_len, KM_SLEEP); 253 1.1 cgd #ifdef FDSCRIPTS 254 1.1 cgd if ((epp->ep_flags & EXEC_HASFD) == 0) { 255 1.1 cgd #endif 256 1.1 cgd /* normally can't fail, but check for it if diagnostic */ 257 1.64 dholland error = copystr(epp->ep_kname, tmpsap->fa_arg, MAXPATHLEN, 258 1.66.18.1 tls NULL); 259 1.66.18.1 tls KASSERT(error == 0); 260 1.61 yamt tmpsap++; 261 1.1 cgd #ifdef FDSCRIPTS 262 1.61 yamt } else { 263 1.61 yamt snprintf(tmpsap->fa_arg, MAXPATHLEN, "/dev/fd/%d", epp->ep_fd); 264 1.61 yamt tmpsap++; 265 1.61 yamt } 266 1.1 cgd #endif 267 1.61 yamt tmpsap->fa_arg = NULL; 268 1.1 cgd 269 1.64 dholland /* Save the old vnode so we can clean it up later. */ 270 1.64 dholland scriptvp = epp->ep_vp; 271 1.64 dholland epp->ep_vp = NULL; 272 1.64 dholland 273 1.64 dholland /* Note that we're trying recursively. */ 274 1.64 dholland epp->ep_flags |= EXEC_INDIR; 275 1.64 dholland 276 1.1 cgd /* 277 1.1 cgd * mark the header we have as invalid; check_exec will read 278 1.1 cgd * the header from the new executable 279 1.1 cgd */ 280 1.1 cgd epp->ep_hdrvalid = 0; 281 1.1 cgd 282 1.64 dholland /* try loading the interpreter */ 283 1.66 dholland shell_pathbuf = pathbuf_create(shellname); 284 1.66 dholland if (shell_pathbuf == NULL) { 285 1.66 dholland error = ENOMEM; 286 1.66 dholland } else { 287 1.66 dholland error = check_exec(l, epp, shell_pathbuf); 288 1.66 dholland pathbuf_destroy(shell_pathbuf); 289 1.66 dholland } 290 1.1 cgd 291 1.57 dsl /* note that we've clobbered the header */ 292 1.57 dsl epp->ep_flags |= EXEC_DESTR; 293 1.64 dholland 294 1.57 dsl if (error == 0) { 295 1.1 cgd /* 296 1.1 cgd * It succeeded. Unlock the script and 297 1.1 cgd * close it if we aren't using it any more. 298 1.4 cgd * Also, set things up so that the fake args 299 1.1 cgd * list will be used. 300 1.1 cgd */ 301 1.14 cgd if ((epp->ep_flags & EXEC_HASFD) == 0) { 302 1.20 wrstuden vn_lock(scriptvp, LK_EXCLUSIVE | LK_RETRY); 303 1.58 pooka VOP_CLOSE(scriptvp, FREAD, l->l_cred); 304 1.20 wrstuden vput(scriptvp); 305 1.14 cgd } 306 1.2 cgd 307 1.1 cgd epp->ep_flags |= (EXEC_HASARGL | EXEC_SKIPARG); 308 1.1 cgd epp->ep_fa = shellargp; 309 1.61 yamt epp->ep_fa_len = shellargp_len; 310 1.1 cgd #ifdef SETUIDSCRIPTS 311 1.1 cgd /* 312 1.1 cgd * set thing up so that set-id scripts will be 313 1.54 ad * handled appropriately. PSL_TRACED will be 314 1.29 thorpej * checked later when the shell is actually 315 1.29 thorpej * exec'd. 316 1.1 cgd */ 317 1.1 cgd epp->ep_vap->va_mode |= script_sbits; 318 1.17 mycroft if (script_sbits & S_ISUID) 319 1.1 cgd epp->ep_vap->va_uid = script_uid; 320 1.17 mycroft if (script_sbits & S_ISGID) 321 1.1 cgd epp->ep_vap->va_gid = script_gid; 322 1.1 cgd #endif 323 1.4 cgd return (0); 324 1.4 cgd } 325 1.4 cgd 326 1.13 christos #ifdef FDSCRIPTS 327 1.4 cgd fail: 328 1.13 christos #endif 329 1.4 cgd 330 1.4 cgd /* kill the opened file descriptor, else close the file */ 331 1.66.18.1 tls if (epp->ep_flags & EXEC_HASFD) { 332 1.66.18.1 tls epp->ep_flags &= ~EXEC_HASFD; 333 1.66.18.1 tls fd_close(epp->ep_fd); 334 1.66.18.1 tls } else if (scriptvp) { 335 1.20 wrstuden vn_lock(scriptvp, LK_EXCLUSIVE | LK_RETRY); 336 1.58 pooka VOP_CLOSE(scriptvp, FREAD, l->l_cred); 337 1.20 wrstuden vput(scriptvp); 338 1.14 cgd } 339 1.4 cgd 340 1.4 cgd /* free the fake arg list, because we're not returning it */ 341 1.18 christos if ((tmpsap = shellargp) != NULL) { 342 1.61 yamt while (tmpsap->fa_arg != NULL) { 343 1.61 yamt kmem_free(tmpsap->fa_arg, tmpsap->fa_len); 344 1.18 christos tmpsap++; 345 1.18 christos } 346 1.61 yamt kmem_free(shellargp, shellargp_len); 347 1.1 cgd } 348 1.4 cgd 349 1.66.18.1 tls /* 350 1.66.18.1 tls * free any vmspace-creation commands, 351 1.66.18.1 tls * and release their references 352 1.66.18.1 tls */ 353 1.66.18.1 tls kill_vmcmds(&epp->ep_vmcmds); 354 1.1 cgd 355 1.66.18.1 tls return error; 356 1.1 cgd } 357
Indexes created Fri Oct 03 17:10:05 GMT 2025