xbps_file_exec: simplify and don't chroot when rootdir == /.

Before that change we were chroot(2)ing even when rootdir was set to /.
2012-05-30 17:44:39 +02:00 · 2012-05-30 17:44:39 +02:00 · 27aacf97f4
commit 27aacf97f4
parent a94dd5dbfa
3 changed files with 20 additions and 64 deletions
--- a/include/xbps_api.h
+++ b/include/xbps_api.h
@ -56,7 +56,7 @@
 */
 #define XBPS_PKGINDEX_VERSION	"1.4"
-#define XBPS_API_VERSION	"20120530-2"
+#define XBPS_API_VERSION	"20120530-4"
 #define XBPS_VERSION		"0.16"
 /**
--- a/include/xbps_api_impl.h
+++ b/include/xbps_api_impl.h
@ -60,7 +60,7 @@ __BEGIN_DECLS
 /**
 * @private
- * From lib/dewey.c
+ * From lib/external/dewey.c
 */
 int HIDDEN dewey_match(const char *, const char *);
@ -165,11 +165,9 @@ char HIDDEN *xbps_get_remote_repo_string(const char *);
 /**
 * @private
- * From lib/fexec.c
+ * From lib/external/fexec.c
 */
 int HIDDEN xbps_file_exec(const char *, ...);
 int HIDDEN xbps_file_exec_skipempty(const char *, ...);
 int HIDDEN xbps_file_chdir_exec(const char *, const char *, ...);
 /**
 * @private
--- a/lib/external/fexec.c
+++ b/lib/external/fexec.c
@ -38,43 +38,30 @@
 #include "xbps_api_impl.h"
 static int
-pfcexec(const char *path, const char *file, const char **argv)
+pfcexec(const char *file, const char **argv)
 {
-	pid_t			child;
+	struct xbps_handle *xhp;
-	int			status;
+	pid_t child;
-	bool			do_chroot = false;
+	int status;
 	child = vfork();
 	switch (child) {
 	case 0:
 		if (getuid() == 0 && access("./bin/sh", X_OK) == 0)
 			do_chroot = true;
 		/*
-		 * If uid==0 and /bin/sh exists, we can change root directory,
+		 * If rootdir != / and uid==0 and bin/sh exists,
-		 * fork and execute the command. Otherwise just change current
+		 * change root directory and exec command.
-		 * directory and fork/execute.
+		 *
 		 * It's assumed that cwd is the target rootdir.
 		 */
-		if (path && do_chroot) {
+		xhp = xbps_handle_get();
-			if (chroot(path) == -1)
+		if (strcmp(xhp->rootdir, "/")) {
-				_exit(127);
+			if (getuid() == 0 && access("bin/sh", X_OK) == 0) {
-			if (chdir("/") == -1)
+				if (chroot(xhp->rootdir) == -1)
-				_exit(127);
+					_exit(128);
 		} else if (path && !do_chroot) {
 			if (chdir(path) == -1)
 				_exit(127);
 		} else if (path == NULL && do_chroot) {
 			if (chroot(".") == -1) {
 				if (errno != EPERM)
 					_exit(127);
 				if (chdir(".") == -1)
 					_exit(127);
 			} else {
 				if (chdir("/") == -1)
-					_exit(127);
+					_exit(129);
 			}
 		}
 		(void)execv(file, __UNCONST(argv));
 		_exit(127);
 		/* NOTREACHED */
@ -94,7 +81,7 @@ pfcexec(const char *path, const char *file, const char **argv)
 }
 static int
-vfcexec(const char *path, int skipempty, const char *arg, va_list ap)
+vfcexec(const char *arg, va_list ap)
 {
 	const char **argv;
 	size_t argv_size, argc;
@ -120,14 +107,11 @@ vfcexec(const char *path, int skipempty, const char *arg, va_list ap)
 		}
 		arg = va_arg(ap, const char *);
 		if (skipempty && arg && strlen(arg) == 0)
 		    continue;
 		argv[argc++] = arg;
 	} while (arg != NULL);
-	retval = pfcexec(path, argv[0], argv);
+	retval = pfcexec(argv[0], argv);
 	free(argv);
 	return retval;
@ -140,33 +124,7 @@ xbps_file_exec(const char *arg, ...)
 	int	result;
 	va_start(ap, arg);
-	result = vfcexec(NULL, 0, arg, ap);
+	result = vfcexec(arg, ap);
 	va_end(ap);
 	return result;
 }
 int HIDDEN
 xbps_file_exec_skipempty(const char *arg, ...)
 {
 	va_list	ap;
 	int	result;
 	va_start(ap, arg);
 	result = vfcexec(NULL, 1, arg, ap);
 	va_end(ap);
 	return result;
 }
 int HIDDEN
 xbps_file_chdir_exec(const char *path, const char *arg, ...)
 {
 	va_list	ap;
 	int	result;
 	va_start(ap, arg);
 	result = vfcexec(path, 0, arg, ap);
 	va_end(ap);
 	return result;