![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to spawn.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [MW Coherent from dump] / coherent / g / usr / lib / uucp / tay104 / unix|
Return to spawn.c CVS log | Up to [MW Coherent from dump] / coherent / g / usr / lib / uucp / tay104 / unix |
1.1 root 1: /* spawn.c
2: Spawn a program securely.
3:
4: Copyright (C) 1992 Ian Lance Taylor
5:
6: This file is part of the Taylor UUCP package.
7:
8: This program is free software; you can redistribute it and/or
9: modify it under the terms of the GNU General Public License as
10: published by the Free Software Foundation; either version 2 of the
11: License, or (at your option) any later version.
12:
13: This program is distributed in the hope that it will be useful, but
14: WITHOUT ANY WARRANTY; without even the implied warranty of
15: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16: General Public License for more details.
17:
18: You should have received a copy of the GNU General Public License
19: along with this program; if not, write to the Free Software
20: Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21:
22: The author of the program may be contacted at [email protected] or
23: c/o Infinity Development Systems, P.O. Box 520, Waltham, MA 02254.
24: */
25:
26: #include "uucp.h"
27:
28: #include "uudefs.h"
29: #include "sysdep.h"
30:
31: #include <errno.h>
32:
33: #if HAVE_FCNTL_H
34: #include <fcntl.h>
35: #else
36: #if HAVE_SYS_FILE_H
37: #include <sys/file.h>
38: #endif
39: #endif
40:
41: #ifndef O_RDONLY
42: #define O_RDONLY 0
43: #define O_WRONLY 1
44: #define O_RDWR 2
45: #endif
46:
47: #ifndef FD_CLOEXEC
48: #define FD_CLOEXEC 1
49: #endif
50:
51: #ifndef environ
52: extern char **environ;
53: #endif
54:
55: /* Spawn a child in a fairly secure fashion. This returns the process
56: ID of the child or -1 on error. It takes far too many arguments:
57:
58: pazargs -- arguments (element 0 is command)
59: aidescs -- file descriptors for stdin, stdout and stderr
60: fkeepuid -- TRUE if euid should be left unchanged
61: fkeepenv -- TRUE if environment should be left unmodified
62: zchdir -- directory to chdir to
63: fnosigs -- TRUE if child should ignore SIGHUP, SIGINT and SIGQUIT
64: fshell -- TRUE if should try /bin/sh if execve gets ENOEXEC
65: zpath -- value for environment variable PATH
66: zuu_machine -- value for environment variable UU_MACHINE
67: zuu_user -- value for environment variable UU_USER
68:
69: The aidescs array is three elements long. 0 is stdin, 1 is stdout
70: and 2 is stderr. The array may contain either file descriptor
71: numbers to dup appropriately, or one of the following:
72:
73: SPAWN_NULL -- set descriptor to /dev/null
74: SPAWN_READ_PIPE -- set aidescs element to pipe for parent to read
75: SPAWN_WRITE_PIPE -- set aidescs element to pipe for parent to write
76:
77: If fkeepenv is FALSE, a standard environment is created. The
78: environment arguments (zpath, zuu_machine and zuu_user) are only
79: used if fkeepenv is FALSE; any of them may be NULL.
80:
81: This routine expects that all file descriptors have been set to
82: close-on-exec, so it doesn't have to worry about closing them
83: explicitly. It sets the close-on-exec flag for the new pipe
84: descriptors it returns. */
85:
86: pid_t
87: ixsspawn (pazargs, aidescs, fkeepuid, fkeepenv, zchdir, fnosigs, fshell,
88: zpath, zuu_machine, zuu_user)
89: const char **pazargs;
90: int aidescs[3];
91: boolean fkeepuid;
92: boolean fkeepenv;
93: const char *zchdir;
94: boolean fnosigs;
95: boolean fshell;
96: const char *zpath;
97: const char *zuu_machine;
98: const char *zuu_user;
99: {
100: char *zshcmd;
101: int i;
102: char *azenv[9];
103: char **pazenv;
104: boolean ferr;
105: int ierr = 0;
106: int onull;
107: int aichild_descs[3];
108: int cpar_close;
109: int aipar_close[4];
110: int cchild_close;
111: int aichild_close[3];
112: pid_t iret = 0;
113: const char *zcmd;
114:
115: /* If we might have to use the shell, allocate enough space for the
116: quoted command before forking. Otherwise the allocation would
117: modify the data segment and we could not safely use vfork. */
118: zshcmd = NULL;
119: if (fshell)
120: {
121: size_t clen;
122:
123: clen = 0;
124: for (i = 0; pazargs[i] != NULL; i++)
125: clen += strlen (pazargs[i]);
126: zshcmd = zbufalc (2 * clen + i);
127: }
128:
129: /* Set up a standard environment. This is again done before forking
130: because it will modify the data segment. */
131: if (fkeepenv)
132: pazenv = environ;
133: else
134: {
135: const char *zterm, *ztz;
136: char *zspace;
137: int ienv;
138:
139: if (zpath == NULL)
140: zpath = CMDPATH;
141:
142: azenv[0] = zbufalc (sizeof "PATH=" + strlen (zpath));
143: sprintf (azenv[0], "PATH=%s", zpath);
144: zspace = azenv[0] + sizeof "PATH=" - 1;
145: while ((zspace = strchr (zspace, ' ')) != NULL)
146: *zspace = ':';
147:
148: azenv[1] = zbufalc (sizeof "HOME=" + strlen (zSspooldir));
149: sprintf (azenv[1], "HOME=%s", zSspooldir);
150:
151: zterm = getenv ("TERM");
152: if (zterm == NULL)
153: zterm = "unknown";
154: azenv[2] = zbufalc (sizeof "TERM=" + strlen (zterm));
155: sprintf (azenv[2], "TERM=%s", zterm);
156:
157: azenv[3] = zbufcpy ("SHELL=/bin/sh");
158:
159: azenv[4] = zbufalc (sizeof "USER=" + strlen (OWNER));
160: sprintf (azenv[4], "USER=%s", OWNER);
161:
162: ienv = 5;
163:
164: ztz = getenv ("TZ");
165: if (ztz != NULL)
166: {
167: azenv[ienv] = zbufalc (sizeof "TZ=" + strlen (ztz));
168: sprintf (azenv[ienv], "TZ=%s", ztz);
169: ++ienv;
170: }
171:
172: if (zuu_machine != NULL)
173: {
174: azenv[ienv] = zbufalc (sizeof "UU_MACHINE="
175: + strlen (zuu_machine));
176: sprintf (azenv[ienv], "UU_MACHINE=%s", zuu_machine);
177: ++ienv;
178: }
179:
180: if (zuu_user != NULL)
181: {
182: azenv[ienv] = zbufalc (sizeof "UU_USER="
183: + strlen (zuu_user));
184: sprintf (azenv[ienv], "UU_USER=%s", zuu_user);
185: ++ienv;
186: }
187:
188: azenv[ienv] = NULL;
189: pazenv = azenv;
190: }
191:
192: /* Set up any needed pipes. */
193:
194: ferr = FALSE;
195: onull = -1;
196: cpar_close = 0;
197: cchild_close = 0;
198:
199: for (i = 0; i < 3; i++)
200: {
201: if (aidescs[i] == SPAWN_NULL)
202: {
203: if (onull < 0)
204: {
205: onull = open ((char *) "/dev/null", O_RDWR);
206: if (onull < 0
207: || fcntl (onull, F_SETFD,
208: fcntl (onull, F_GETFD, 0) | FD_CLOEXEC) < 0)
209: {
210: ierr = errno;
211: (void) close (onull);
212: ferr = TRUE;
213: break;
214: }
215: aipar_close[cpar_close] = onull;
216: ++cpar_close;
217: }
218: aichild_descs[i] = onull;
219: }
220: else if (aidescs[i] != SPAWN_READ_PIPE
221: && aidescs[i] != SPAWN_WRITE_PIPE)
222: aichild_descs[i] = aidescs[i];
223: else
224: {
225: int aipipe[2];
226:
227: if (pipe (aipipe) < 0)
228: {
229: ierr = errno;
230: ferr = TRUE;
231: break;
232: }
233:
234: if (aidescs[i] == SPAWN_READ_PIPE)
235: {
236: aidescs[i] = aipipe[0];
237: aichild_close[cchild_close] = aipipe[0];
238: aichild_descs[i] = aipipe[1];
239: aipar_close[cpar_close] = aipipe[1];
240: }
241: else
242: {
243: aidescs[i] = aipipe[1];
244: aichild_close[cchild_close] = aipipe[1];
245: aichild_descs[i] = aipipe[0];
246: aipar_close[cpar_close] = aipipe[0];
247: }
248:
249: ++cpar_close;
250: ++cchild_close;
251:
252: if (fcntl (aidescs[i], F_SETFD,
253: fcntl (aidescs[i], F_GETFD, 0) | FD_CLOEXEC) < 0)
254: {
255: ierr = errno;
256: ferr = TRUE;
257: break;
258: }
259: }
260: }
261:
262: #if DEBUG > 1
263: if (! ferr && FDEBUGGING (DEBUG_EXECUTE))
264: {
265: ulog (LOG_DEBUG_START, "Forking %s", pazargs[0]);
266: for (i = 1; pazargs[i] != NULL; i++)
267: ulog (LOG_DEBUG_CONTINUE, " %s", pazargs[i]);
268: ulog (LOG_DEBUG_END, "%s", "");
269: }
270: #endif
271:
272: if (! ferr)
273: {
274: /* This should really be vfork if available. */
275: iret = ixsfork ();
276: if (iret < 0)
277: {
278: ferr = TRUE;
279: ierr = errno;
280: }
281: }
282:
283: if (ferr)
284: {
285: for (i = 0; i < cchild_close; i++)
286: (void) close (aichild_close[i]);
287: iret = -1;
288: }
289:
290: if (iret != 0)
291: {
292: /* The parent. Close the child's ends of the pipes and return
293: the process ID, or an error. */
294: for (i = 0; i < cpar_close; i++)
295: (void) close (aipar_close[i]);
296: ubuffree (zshcmd);
297: if (! fkeepenv)
298: {
299: char **pz;
300:
301: for (pz = azenv; *pz != NULL; pz++)
302: ubuffree (*pz);
303: }
304: errno = ierr;
305: return iret;
306: }
307:
308: /* The child. */
309:
310: #ifdef STDIN_FILENO
311: #if STDIN_FILENO != 0 || STDOUT_FILENO != 1 || STDERR_FILENO != 2
312: #error The following code makes invalid assumptions
313: #endif
314: #endif
315:
316: for (i = 0; i < 3; i++)
317: {
318: if (aichild_descs[i] != i)
319: (void) dup2 (aichild_descs[i], i);
320: /* This should only be necessary if aichild_descs[i] == i, but
321: some systems copy the close-on-exec flag for a dupped
322: descriptor, which is wrong according to POSIX. */
323: (void) fcntl (i, F_SETFD, fcntl (i, F_GETFD, 0) &~ FD_CLOEXEC);
324: }
325:
326: zcmd = pazargs[0];
327: pazargs[0] = strrchr (zcmd, '/');
328: if (pazargs[0] == NULL)
329: pazargs[0] = zcmd;
330: else
331: ++pazargs[0];
332:
333: if (! fkeepuid)
334: {
335: (void) setuid (getuid ());
336: (void) setgid (getgid ());
337: }
338:
339: if (zchdir != NULL)
340: (void) chdir (zchdir);
341:
342: if (fnosigs)
343: {
344: #ifdef SIGHUP
345: (void) signal (SIGHUP, SIG_IGN);
346: #endif
347: #ifdef SIGINT
348: (void) signal (SIGINT, SIG_IGN);
349: #endif
350: #ifdef SIGQUIT
351: (void) signal (SIGQUIT, SIG_IGN);
352: #endif
353: }
354:
355: (void) execve ((char *) zcmd, (char **) pazargs, pazenv);
356:
357: /* The exec failed. If permitted, try using /bin/sh to execute a
358: shell script. */
359:
360: if (errno == ENOEXEC && fshell)
361: {
362: char *zto;
363: const char *azshargs[4];
364:
365: pazargs[0] = zcmd;
366: zto = zshcmd;
367: for (i = 0; pazargs[i] != NULL; i++)
368: {
369: const char *zfrom;
370:
371: for (zfrom = pazargs[i]; *zfrom != '\0'; zfrom++)
372: {
373: /* Some versions of /bin/sh appear to have a bug such
374: that quoting a '/' sometimes causes an error. I
375: don't know exactly when this happens (I can recreate
376: it on Ultrix 4.0), but in any case it is harmless to
377: not quote a '/'. */
378: if (*zfrom != '/')
379: *zto++ = '\\';
380: *zto++ = *zfrom;
381: }
382: *zto++ = ' ';
383: }
384: *(zto - 1) = '\0';
385:
386: azshargs[0] = "sh";
387: azshargs[1] = "-c";
388: azshargs[2] = zshcmd;
389: azshargs[3] = NULL;
390:
391: (void) execve ((char *) "/bin/sh", (char **) azshargs, pazenv);
392: }
393:
394: _exit (EXIT_FAILURE);
395:
396: /* Avoid compiler warning. */
397: return -1;
398: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.