From b730474bda4a964930e8013301ace7b49a0c5726 Mon Sep 17 00:00:00 2001 From: Denis Vlasenko Date: Mon, 20 Oct 2008 08:15:51 +0000 Subject: [PATCH] ash: fix NOEXEC mode - we were forgetting to pass environment! env: promote to NOEXEC hd: promote to NOEXEC, as hexdump is NOEXEC already --- coreutils/env.c | 4 ++-- include/applets.h | 4 ++-- shell/ash.c | 7 +++++-- shell/ash_test/ash-standalone/noexec_gets_no_env.right | 2 ++ shell/ash_test/ash-standalone/noexec_gets_no_env.tests | 3 +++ 5 files changed, 14 insertions(+), 6 deletions(-) create mode 100644 shell/ash_test/ash-standalone/noexec_gets_no_env.right create mode 100755 shell/ash_test/ash-standalone/noexec_gets_no_env.tests diff --git a/coreutils/env.c b/coreutils/env.c index 66199e8d6..2f8c8b71d 100644 --- a/coreutils/env.c +++ b/coreutils/env.c @@ -29,6 +29,8 @@ * - use xfunc_error_retval */ +/* This is a NOEXEC applet. Be very careful! */ + #include "libbb.h" #if ENABLE_FEATURE_ENV_LONG_OPTIONS @@ -119,5 +121,3 @@ int env_main(int argc UNUSED_PARAM, char **argv) * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ - - diff --git a/include/applets.h b/include/applets.h index 828900e46..9c16c5dc2 100644 --- a/include/applets.h +++ b/include/applets.h @@ -137,7 +137,7 @@ USE_ECHO(APPLET_NOFORK(echo, echo, _BB_DIR_BIN, _BB_SUID_NEVER, echo)) USE_ED(APPLET(ed, _BB_DIR_BIN, _BB_SUID_NEVER)) USE_FEATURE_GREP_EGREP_ALIAS(APPLET_ODDNAME(egrep, grep, _BB_DIR_BIN, _BB_SUID_NEVER, egrep)) USE_EJECT(APPLET(eject, _BB_DIR_USR_BIN, _BB_SUID_NEVER)) -USE_ENV(APPLET(env, _BB_DIR_USR_BIN, _BB_SUID_NEVER)) +USE_ENV(APPLET_NOEXEC(env, env, _BB_DIR_USR_BIN, _BB_SUID_NEVER, env)) USE_ENVDIR(APPLET_ODDNAME(envdir, chpst, _BB_DIR_USR_BIN, _BB_SUID_NEVER, envdir)) USE_ENVUIDGID(APPLET_ODDNAME(envuidgid, chpst, _BB_DIR_USR_BIN, _BB_SUID_NEVER, envuidgid)) USE_ETHER_WAKE(APPLET_ODDNAME(ether-wake, ether_wake, _BB_DIR_USR_BIN, _BB_SUID_NEVER, ether_wake)) @@ -172,7 +172,7 @@ USE_GREP(APPLET(grep, _BB_DIR_BIN, _BB_SUID_NEVER)) USE_GUNZIP(APPLET(gunzip, _BB_DIR_BIN, _BB_SUID_NEVER)) USE_GZIP(APPLET(gzip, _BB_DIR_BIN, _BB_SUID_NEVER)) USE_HALT(APPLET(halt, _BB_DIR_SBIN, _BB_SUID_NEVER)) -USE_HD(APPLET_ODDNAME(hd, hexdump, _BB_DIR_USR_BIN, _BB_SUID_NEVER, hd)) +USE_HD(APPLET_NOEXEC(hd, hexdump, _BB_DIR_USR_BIN, _BB_SUID_NEVER, hd)) USE_HDPARM(APPLET(hdparm, _BB_DIR_SBIN, _BB_SUID_NEVER)) USE_HEAD(APPLET(head, _BB_DIR_USR_BIN, _BB_SUID_NEVER)) USE_HEXDUMP(APPLET_NOEXEC(hexdump, hexdump, _BB_DIR_USR_BIN, _BB_SUID_NEVER, hexdump)) diff --git a/shell/ash.c b/shell/ash.c index 70b7ae32a..81ac563fb 100644 --- a/shell/ash.c +++ b/shell/ash.c @@ -7008,8 +7008,11 @@ tryexec(USE_FEATURE_SH_STANDALONE(int applet_no,) char *cmd, char **argv, char * #if ENABLE_FEATURE_SH_STANDALONE if (applet_no >= 0) { - if (APPLET_IS_NOEXEC(applet_no)) + if (APPLET_IS_NOEXEC(applet_no)) { + while (*envp) + putenv(*envp++); run_applet_no_and_exit(applet_no, argv); + } /* re-exec ourselves with the new arguments */ execve(bb_busybox_exec_path, argv, envp); /* If they called chroot or otherwise made the binary no longer @@ -12094,7 +12097,7 @@ exportcmd(int argc UNUSED_PARAM, char **argv) char *name; const char *p; char **aptr; - int flag = argv[0][0] == 'r'? VREADONLY : VEXPORT; + int flag = argv[0][0] == 'r' ? VREADONLY : VEXPORT; if (nextopt("p") != 'p') { aptr = argptr; diff --git a/shell/ash_test/ash-standalone/noexec_gets_no_env.right b/shell/ash_test/ash-standalone/noexec_gets_no_env.right new file mode 100644 index 000000000..3d55d73b8 --- /dev/null +++ b/shell/ash_test/ash-standalone/noexec_gets_no_env.right @@ -0,0 +1,2 @@ +VAR7=VAL +0 diff --git a/shell/ash_test/ash-standalone/noexec_gets_no_env.tests b/shell/ash_test/ash-standalone/noexec_gets_no_env.tests new file mode 100755 index 000000000..5e12e5a25 --- /dev/null +++ b/shell/ash_test/ash-standalone/noexec_gets_no_env.tests @@ -0,0 +1,3 @@ +export VAR7=VAL +env | grep ^VAR7= +echo $?