1 /* vi: set sw=4 ts=4: */
5 * Copyright (C) tons of folks. Tracking down who wrote what
6 * isn't something I'm going to worry about... If you wrote something
7 * here, please feel free to acknowledge your work.
9 * Based in part on code from sash, Copyright (c) 1999 by David I. Bell
10 * Permission has been granted to redistribute this code under the GPL.
12 * Licensed under GPLv2 or later, see file License in this tarball for details.
19 /* Apparently uclibc defines __GLIBC__ (compat trick?). Oh well. */
20 #if ENABLE_STATIC && defined(__GLIBC__) && !defined(__UCLIBC__)
21 #warning Static linking against glibc produces buggy executables
22 #warning (glibc does not cope well with ld --gc-sections).
23 #warning See sources.redhat.com/bugzilla/show_bug.cgi?id=3400
24 #warning Note that glibc is unsuitable for static linking anyway.
25 #warning If you still want to do it, remove -Wl,--gc-sections
26 #warning from top-level Makefile and remove this warning.
27 #error Aborting compilation.
31 const char *applet_name;
36 USE_FEATURE_SUID(static uid_t ruid;) /* real uid */
38 #if ENABLE_FEATURE_SUID_CONFIG
40 /* applets[] is const, so we have to define this "override" structure */
41 static struct BB_suid_config {
42 const struct bb_applet *m_applet;
46 struct BB_suid_config *m_next;
49 static bool suid_cfg_readable;
51 /* check if u is member of group g */
52 static int ingroup(uid_t u, gid_t g)
54 struct group *grp = getgrgid(g);
59 for (mem = grp->gr_mem; *mem; mem++) {
60 struct passwd *pwd = getpwnam(*mem);
62 if (pwd && (pwd->pw_uid == u))
69 /* This should probably be a libbb routine. In that case,
70 * I'd probably rename it to something like bb_trimmed_slice.
72 static char *get_trimmed_slice(char *s, char *e)
74 /* First, consider the value at e to be nul and back up until we
75 * reach a non-space char. Set the char after that (possibly at
76 * the original e) to nul. */
84 /* Next, advance past all leading space and return a ptr to the
85 * first non-space char; possibly the terminating nul. */
86 return skip_whitespace(s);
89 /* Don't depend on the tools to combine strings. */
90 static const char config_file[] ALIGN1 = "/etc/busybox.conf";
92 /* We don't supply a value for the nul, so an index adjustment is
93 * necessary below. Also, we use unsigned short here to save some
94 * space even though these are really mode_t values. */
95 static const unsigned short mode_mask[] ALIGN2 = {
97 S_ISUID, S_ISUID|S_IXUSR, S_IXUSR, 0, /* user */
98 S_ISGID, S_ISGID|S_IXGRP, S_IXGRP, 0, /* group */
99 0, S_IXOTH, S_IXOTH, 0 /* other */
102 #define parse_error(x) do { errmsg = x; goto pe_label; } while (0)
104 static void parse_config_file(void)
106 struct BB_suid_config *sct_head;
107 struct BB_suid_config *sct;
108 const struct bb_applet *applet;
119 assert(!suid_config); /* Should be set to NULL by bss init. */
122 if (ruid == 0) /* run by root - don't need to even read config file */
125 if ((stat(config_file, &st) != 0) /* No config file? */
126 || !S_ISREG(st.st_mode) /* Not a regular file? */
127 || (st.st_uid != 0) /* Not owned by root? */
128 || (st.st_mode & (S_IWGRP | S_IWOTH)) /* Writable by non-root? */
129 || !(f = fopen(config_file, "r")) /* Cannot open? */
134 suid_cfg_readable = 1;
141 if (!fgets(s, sizeof(buffer), f)) { /* Are we done? */
142 if (ferror(f)) { /* Make sure it wasn't a read error. */
143 parse_error("reading");
146 suid_config = sct_head; /* Success, so set the pointer. */
150 lc++; /* Got a (partial) line. */
152 /* If a line is too long for our buffer, we consider it an error.
153 * The following test does mistreat one corner case though.
154 * If the final line of the file does not end with a newline and
155 * yet exactly fills the buffer, it will be treated as too long
156 * even though there isn't really a problem. But it isn't really
157 * worth adding code to deal with such an unlikely situation, and
158 * we do err on the side of caution. Besides, the line would be
159 * too long if it did end with a newline. */
160 if (!strchr(s, '\n') && !feof(f)) {
161 parse_error("line too long");
164 /* Trim leading and trailing whitespace, ignoring comments, and
165 * check if the resulting string is empty. */
166 s = get_trimmed_slice(s, strchrnul(s, '#'));
171 /* Check for a section header. */
174 /* Unlike the old code, we ignore leading and trailing
175 * whitespace for the section name. We also require that
176 * there are no stray characters after the closing bracket. */
178 if (!e /* Missing right bracket? */
179 || e[1] /* Trailing characters? */
180 || !*(s = get_trimmed_slice(s+1, e)) /* Missing name? */
182 parse_error("section header");
184 /* Right now we only have one section so just check it.
185 * If more sections are added in the future, please don't
186 * resort to cascading ifs with multiple strcasecmp calls.
187 * That kind of bloated code is all too common. A loop
188 * and a string table would be a better choice unless the
189 * number of sections is very small. */
190 if (strcasecmp(s, "SUID") == 0) {
194 section = -1; /* Unknown section so set to skip. */
198 /* Process sections. */
200 if (section == 1) { /* SUID */
201 /* Since we trimmed leading and trailing space above, we're
202 * now looking for strings of the form
203 * <key>[::space::]*=[::space::]*<value>
204 * where both key and value could contain inner whitespace. */
206 /* First get the key (an applet name in our case). */
209 s = get_trimmed_slice(s, e);
211 if (!e || !*s) { /* Missing '=' or empty key. */
212 parse_error("keyword");
215 /* Ok, we have an applet name. Process the rhs if this
216 * applet is currently built in and ignore it otherwise.
217 * Note: this can hide config file bugs which only pop
218 * up when the busybox configuration is changed. */
219 applet = find_applet_by_name(s);
221 /* Note: We currently don't check for duplicates!
222 * The last config line for each applet will be the
223 * one used since we insert at the head of the list.
224 * I suppose this could be considered a feature. */
225 sct = xmalloc(sizeof(struct BB_suid_config));
226 sct->m_applet = applet;
228 sct->m_next = sct_head;
231 /* Get the specified mode. */
233 e = skip_whitespace(e+1);
235 for (i = 0; i < 3; i++) {
236 /* There are 4 chars + 1 nul for each of user/group/other. */
237 static const char mode_chars[] ALIGN1 = "Ssx-\0" "Ssx-\0" "Ttx-";
240 q = strchrnul(mode_chars + 5*i, *e++);
244 /* Adjust by -i to account for nul. */
245 sct->m_mode |= mode_mask[(q - mode_chars) - i];
248 /* Now get the the user/group info. */
250 s = skip_whitespace(e);
252 /* Note: we require whitespace between the mode and the
253 * user/group info. */
254 if ((s == e) || !(e = strchr(s, '.'))) {
255 parse_error("<uid>.<gid>");
259 /* We can't use get_ug_id here since it would exit()
260 * if a uid or gid was not found. Oh well... */
261 sct->m_uid = bb_strtoul(s, NULL, 10);
263 struct passwd *pwd = getpwnam(s);
267 sct->m_uid = pwd->pw_uid;
270 sct->m_gid = bb_strtoul(e, NULL, 10);
275 parse_error("group");
277 sct->m_gid = grp->gr_gid;
283 /* Unknown sections are ignored. */
285 /* Encountering configuration lines prior to seeing a
286 * section header is treated as an error. This is how
287 * the old code worked, but it may not be desirable.
288 * We may want to simply ignore such lines in case they
289 * are used in some future version of busybox. */
291 parse_error("keyword outside section");
297 fprintf(stderr, "Parse error in %s, line %d: %s\n",
298 config_file, lc, errmsg);
301 /* Release any allocated memory before returning. */
303 sct = sct_head->m_next;
309 static inline void parse_config_file(void)
311 USE_FEATURE_SUID(ruid = getuid();)
313 #endif /* FEATURE_SUID_CONFIG */
316 #if ENABLE_FEATURE_SUID
317 static void check_suid(const struct bb_applet *applet)
319 gid_t rgid; /* real gid */
321 if (ruid == 0) /* set by parse_config_file() */
322 return; /* run by root - no need to check more */
325 #if ENABLE_FEATURE_SUID_CONFIG
326 if (suid_cfg_readable) {
328 struct BB_suid_config *sct;
331 for (sct = suid_config; sct; sct = sct->m_next) {
332 if (sct->m_applet == applet)
335 /* default: drop all privileges */
341 if (sct->m_uid == ruid)
344 else if ((sct->m_gid == rgid) || ingroup(ruid, sct->m_gid))
345 /* same group / in group */
348 if (!(m & S_IXOTH)) /* is x bit not set ? */
349 bb_error_msg_and_die("you have no permission to run this applet!");
351 /* _both_ sgid and group_exec have to be set for setegid */
352 if ((sct->m_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
354 /* else (no setegid) we will set egid = rgid */
356 /* We set effective AND saved ids. If saved-id is not set
357 * like we do below, seteiud(0) can still later succeed! */
358 if (setresgid(-1, rgid, rgid))
359 bb_perror_msg_and_die("setresgid");
361 /* do we have to set effective uid? */
363 if (sct->m_mode & S_ISUID)
365 /* else (no seteuid) we will set euid = ruid */
367 if (setresuid(-1, uid, uid))
368 bb_perror_msg_and_die("setresuid");
371 #if !ENABLE_FEATURE_SUID_CONFIG_QUIET
373 static bool onetime = 0;
377 fprintf(stderr, "Using fallback suid method\n");
383 if (applet->need_suid == _BB_SUID_ALWAYS) {
384 /* Real uid is not 0. If euid isn't 0 too, suid bit
385 * is most probably not set on our executable */
387 bb_error_msg_and_die("applet requires root privileges!");
388 } else if (applet->need_suid == _BB_SUID_NEVER) {
389 xsetgid(rgid); /* drop all privileges */
394 #define check_suid(x) ((void)0)
395 #endif /* FEATURE_SUID */
398 #if ENABLE_FEATURE_INSTALLER
399 /* create (sym)links for each applet */
400 static void install_links(const char *busybox, int use_symbolic_links)
403 * this should be consistent w/ the enum,
404 * busybox.h::bb_install_loc_t, or else... */
405 static const char usr_bin [] ALIGN1 = "/usr/bin";
406 static const char usr_sbin[] ALIGN1 = "/usr/sbin";
407 static const char *const install_dir[] = {
408 &usr_bin [8], /* "", equivalent to "/" for concat_path_file() */
409 &usr_bin [4], /* "/bin" */
410 &usr_sbin[4], /* "/sbin" */
415 int (*lf)(const char *, const char *) = link;
420 if (use_symbolic_links)
423 for (i = 0; applets[i].name != NULL; i++) {
424 fpc = concat_path_file(
425 install_dir[applets[i].install_loc],
427 rc = lf(busybox, fpc);
428 if (rc != 0 && errno != EEXIST) {
429 bb_simple_perror_msg(fpc);
435 #define install_links(x,y) ((void)0)
436 #endif /* FEATURE_INSTALLER */
439 /* If we were called as "busybox..." */
440 static int busybox_main(char **argv)
443 /* Called without arguments */
444 const struct bb_applet *a;
445 int col, output_width;
448 if (ENABLE_FEATURE_AUTOWIDTH) {
449 /* Obtain the terminal width */
450 get_terminal_width_height(0, &output_width, NULL);
452 /* leading tab and room to wrap */
453 output_width -= sizeof("start-stop-daemon, ") + 8;
455 printf("%s multi-call binary\n", bb_banner); /* reuse const string... */
456 printf("Copyright (C) 1998-2006 Erik Andersen, Rob Landley, and others.\n"
457 "Licensed under GPLv2. See source distribution for full notice.\n"
459 "Usage: busybox [function] [arguments]...\n"
460 " or: [function] [arguments]...\n"
462 "\tBusyBox is a multi-call binary that combines many common Unix\n"
463 "\tutilities into a single executable. Most people will create a\n"
464 "\tlink to busybox for each function they wish to use and BusyBox\n"
465 "\twill act like whatever it was invoked as!\n"
466 "\nCurrently defined functions:\n");
470 if (col > output_width) {
474 col += printf("%s%s", (col ? ", " : "\t"), a->name);
481 if (ENABLE_FEATURE_INSTALLER && strcmp(argv[1], "--install") == 0) {
483 busybox = xmalloc_readlink(bb_busybox_exec_path);
485 busybox = bb_busybox_exec_path;
486 /* -s makes symlinks */
487 install_links(busybox, argv[2] && strcmp(argv[2], "-s") == 0);
491 if (strcmp(argv[1], "--help") == 0) {
492 /* "busybox --help [<applet>]" */
495 /* convert to "<applet> --help" */
499 /* "busybox <applet> arg1 arg2 ..." */
502 /* We support "busybox /a/path/to/applet args..." too. Allows for
503 * "#!/bin/busybox"-style wrappers */
504 applet_name = bb_get_last_path_component_nostrip(argv[0]);
505 run_applet_and_exit(applet_name, argv);
506 bb_error_msg_and_die("applet not found");
509 void run_appletstruct_and_exit(const struct bb_applet *applet, char **argv)
516 /* Reinit some shared global data */
518 xfunc_error_retval = EXIT_FAILURE;
520 applet_name = applet->name;
521 if (argc == 2 && !strcmp(argv[1], "--help"))
523 if (ENABLE_FEATURE_SUID)
525 exit(applet->main(argc, argv));
528 void run_applet_and_exit(const char *name, char **argv)
530 const struct bb_applet *applet = find_applet_by_name(name);
532 run_appletstruct_and_exit(applet, argv);
533 if (!strncmp(name, "busybox", 7))
534 exit(busybox_main(argv));
538 int main(int argc, char **argv)
540 bbox_prepare_main(argv);
543 /* NOMMU re-exec trick sets high-order bit in first byte of name */
544 if (argv[0][0] & 0x80) {
549 applet_name = argv[0];
550 if (applet_name[0] == '-')
552 applet_name = bb_basename(applet_name);
554 parse_config_file(); /* ...maybe, if FEATURE_SUID_CONFIG */
556 run_applet_and_exit(applet_name, argv);
557 bb_error_msg_and_die("applet not found");