2 Copyright (c) 2001-2006, Gerrit Pape
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright
11 notice, this list of conditions and the following disclaimer in the
12 documentation and/or other materials provided with the distribution.
13 3. The name of the author may not be used to endorse or promote products
14 derived from this software without specific prior written permission.
16 THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 /* Busyboxed by Denys Vlasenko <vda.linux@googlemail.com> */
31 //config: bool "chpst"
34 //config: chpst changes the process state according to the given options, and
35 //config: execs specified program.
37 //config:config SETUIDGID
38 //config: bool "setuidgid"
41 //config: Sets soft resource limits as specified by options
43 //config:config ENVUIDGID
44 //config: bool "envuidgid"
47 //config: Sets $UID to account's uid and $GID to account's gid
49 //config:config ENVDIR
50 //config: bool "envdir"
53 //config: Sets various environment variables as specified by files
54 //config: in the given directory
56 //config:config SOFTLIMIT
57 //config: bool "softlimit"
60 //config: Sets soft resource limits as specified by options
62 //applet:IF_CHPST(APPLET(chpst, BB_DIR_USR_BIN, BB_SUID_DROP))
63 //applet:IF_ENVDIR(APPLET_ODDNAME(envdir, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envdir))
64 //applet:IF_ENVUIDGID(APPLET_ODDNAME(envuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envuidgid))
65 //applet:IF_SETUIDGID(APPLET_ODDNAME(setuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, setuidgid))
66 //applet:IF_SOFTLIMIT(APPLET_ODDNAME(softlimit, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, softlimit))
68 //kbuild:lib-$(CONFIG_CHPST) += chpst.o
69 //kbuild:lib-$(CONFIG_ENVDIR) += chpst.o
70 //kbuild:lib-$(CONFIG_ENVUIDGID) += chpst.o
71 //kbuild:lib-$(CONFIG_SETUIDGID) += chpst.o
72 //kbuild:lib-$(CONFIG_SOFTLIMIT) += chpst.o
74 //usage:#define chpst_trivial_usage
75 //usage: "[-vP012] [-u USER[:GRP]] [-U USER[:GRP]] [-e DIR]\n"
76 //usage: " [-/ DIR] [-n NICE] [-m BYTES] [-d BYTES] [-o N]\n"
77 //usage: " [-p N] [-f BYTES] [-c BYTES] PROG ARGS"
78 //usage:#define chpst_full_usage "\n\n"
79 //usage: "Change the process state, run PROG\n"
80 //usage: "\n -u USER[:GRP] Set uid and gid"
81 //usage: "\n -U USER[:GRP] Set $UID and $GID in environment"
82 //usage: "\n -e DIR Set environment variables as specified by files"
83 //usage: "\n in DIR: file=1st_line_of_file"
84 //usage: "\n -/ DIR Chroot to DIR"
85 //usage: "\n -n NICE Add NICE to nice value"
86 //usage: "\n -m BYTES Same as -d BYTES -s BYTES -l BYTES"
87 //usage: "\n -d BYTES Limit data segment"
88 //usage: "\n -o N Limit number of open files per process"
89 //usage: "\n -p N Limit number of processes per uid"
90 //usage: "\n -f BYTES Limit output file sizes"
91 //usage: "\n -c BYTES Limit core file size"
92 //usage: "\n -v Verbose"
93 //usage: "\n -P Create new process group"
94 //usage: "\n -0 Close stdin"
95 //usage: "\n -1 Close stdout"
96 //usage: "\n -2 Close stderr"
98 //usage:#define envdir_trivial_usage
99 //usage: "DIR PROG ARGS"
100 //usage:#define envdir_full_usage "\n\n"
101 //usage: "Set various environment variables as specified by files\n"
102 //usage: "in the directory DIR, run PROG"
104 //usage:#define envuidgid_trivial_usage
105 //usage: "USER PROG ARGS"
106 //usage:#define envuidgid_full_usage "\n\n"
107 //usage: "Set $UID to USER's uid and $GID to USER's gid, run PROG"
109 //usage:#define setuidgid_trivial_usage
110 //usage: "USER PROG ARGS"
111 //usage:#define setuidgid_full_usage "\n\n"
112 //usage: "Set uid and gid to USER's uid and gid, drop supplementary group ids,\n"
115 //usage:#define softlimit_trivial_usage
116 //usage: "[-a BYTES] [-m BYTES] [-d BYTES] [-s BYTES] [-l BYTES]\n"
117 //usage: " [-f BYTES] [-c BYTES] [-r BYTES] [-o N] [-p N] [-t N]\n"
118 //usage: " PROG ARGS"
119 //usage:#define softlimit_full_usage "\n\n"
120 //usage: "Set soft resource limits, then run PROG\n"
121 //usage: "\n -a BYTES Limit total size of all segments"
122 //usage: "\n -m BYTES Same as -d BYTES -s BYTES -l BYTES -a BYTES"
123 //usage: "\n -d BYTES Limit data segment"
124 //usage: "\n -s BYTES Limit stack segment"
125 //usage: "\n -l BYTES Limit locked memory size"
126 //usage: "\n -o N Limit number of open files per process"
127 //usage: "\n -p N Limit number of processes per uid"
128 //usage: "\nOptions controlling file sizes:"
129 //usage: "\n -f BYTES Limit output file sizes"
130 //usage: "\n -c BYTES Limit core file size"
131 //usage: "\nEfficiency opts:"
132 //usage: "\n -r BYTES Limit resident set size"
133 //usage: "\n -t N Limit CPU time, process receives"
134 //usage: "\n a SIGXCPU after N seconds"
137 #include <sys/resource.h> /* getrlimit */
140 Five applets here: chpst, envdir, envuidgid, setuidgid, softlimit.
142 Only softlimit and chpst are taking options:
145 -o N Limit number of open files per process
146 -p N Limit number of processes per uid
147 -m BYTES Same as -d BYTES -s BYTES -l BYTES [-a BYTES]
148 -d BYTES Limit data segment
149 -f BYTES Limit output file sizes
150 -c BYTES Limit core file size
152 -a BYTES Limit total size of all segments
153 -s BYTES Limit stack segment
154 -l BYTES Limit locked memory size
155 -r BYTES Limit resident set size
158 -u USER[:GRP] Set uid and gid
159 -U USER[:GRP] Set $UID and $GID in environment
160 -e DIR Set environment variables as specified by files in DIR
162 -n NICE Add NICE to nice value
164 -P Create new process group
165 -0 -1 -2 Close fd 0,1,2
167 Even though we accept all these options for both softlimit and chpst,
168 they are not to be advertised on their help texts.
169 We have enough problems with feature creep in other people's
170 software, don't want to add our own.
172 envdir, envuidgid, setuidgid take no options, but they reuse code which
173 handles -e, -U and -u.
177 OPT_a = (1 << 0) * ENABLE_SOFTLIMIT,
178 OPT_c = (1 << 1) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
179 OPT_d = (1 << 2) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
180 OPT_f = (1 << 3) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
181 OPT_l = (1 << 4) * ENABLE_SOFTLIMIT,
182 OPT_m = (1 << 5) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
183 OPT_o = (1 << 6) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
184 OPT_p = (1 << 7) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
185 OPT_r = (1 << 8) * ENABLE_SOFTLIMIT,
186 OPT_s = (1 << 9) * ENABLE_SOFTLIMIT,
187 OPT_t = (1 << 10) * ENABLE_SOFTLIMIT,
188 OPT_u = (1 << 11) * (ENABLE_CHPST || ENABLE_SETUIDGID),
189 OPT_U = (1 << 12) * (ENABLE_CHPST || ENABLE_ENVUIDGID),
190 OPT_e = (1 << 13) * (ENABLE_CHPST || ENABLE_ENVDIR),
191 OPT_root = (1 << 14) * ENABLE_CHPST,
192 OPT_n = (1 << 15) * ENABLE_CHPST,
193 OPT_v = (1 << 16) * ENABLE_CHPST,
194 OPT_P = (1 << 17) * ENABLE_CHPST,
195 OPT_0 = (1 << 18) * ENABLE_CHPST,
196 OPT_1 = (1 << 19) * ENABLE_CHPST,
197 OPT_2 = (1 << 20) * ENABLE_CHPST,
200 /* TODO: use recursive_action? */
201 static NOINLINE void edir(const char *directory_name)
208 wdir = xopen(".", O_RDONLY | O_NDELAY);
209 xchdir(directory_name);
220 bb_perror_msg_and_die("readdir %s",
224 if (d->d_name[0] == '.')
226 fd = open(d->d_name, O_RDONLY | O_NDELAY);
228 if ((errno == EISDIR) && directory_name) {
229 if (option_mask32 & OPT_v)
230 bb_perror_msg("warning: %s/%s is a directory",
231 directory_name, d->d_name);
234 bb_perror_msg_and_die("open %s/%s",
235 directory_name, d->d_name);
237 size = full_read(fd, buf, sizeof(buf)-1);
240 bb_perror_msg_and_die("read %s/%s",
241 directory_name, d->d_name);
247 tail = strchr(buf, '\n');
248 /* skip trailing whitespace */
252 if (tail < buf || !isspace(*tail))
255 xsetenv(d->d_name, buf);
262 static void limit(int what, long l)
266 /* Never fails under Linux (except if you pass it bad arguments) */
268 if ((l < 0) || (l > r.rlim_max))
269 r.rlim_cur = r.rlim_max;
272 if (setrlimit(what, &r) == -1)
273 bb_perror_msg_and_die("setrlimit");
276 int chpst_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
277 int chpst_main(int argc UNUSED_PARAM, char **argv)
279 struct bb_uidgid_t ugid;
280 char *set_user = set_user; /* for compiler */
281 char *env_dir = env_dir;
297 if ((ENABLE_CHPST && applet_name[0] == 'c')
298 || (ENABLE_SOFTLIMIT && applet_name[1] == 'o')
300 // FIXME: can we live with int-sized limits?
301 // can we live with 40000 days?
302 // if yes -> getopt converts strings to numbers for us
303 opt_complementary = "-1";
304 opt = getopt32(argv, "+a:+c:+d:+f:+l:+m:+o:+p:+r:+s:+t:+u:U:e:"
305 IF_CHPST("/:n:vP012"),
306 &limita, &limitc, &limitd, &limitf, &limitl,
307 &limitm, &limito, &limitp, &limitr, &limits, &limitt,
308 &set_user, &set_user, &env_dir
309 IF_CHPST(, &root, &nicestr));
311 if (opt & OPT_m) { // -m means -asld
312 limita = limits = limitl = limitd = limitm;
313 opt |= (OPT_s | OPT_l | OPT_a | OPT_d);
316 option_mask32 = opt = 0;
323 if (ENABLE_ENVDIR && applet_name[3] == 'd') {
329 if (ENABLE_SETUIDGID && applet_name[1] == 'e') {
335 if (ENABLE_ENVUIDGID && applet_name[0] == 'e' && applet_name[3] == 'u') {
340 // we must have PROG [ARGS]
347 limit(RLIMIT_DATA, limitd);
350 bb_error_msg("system does not support RLIMIT_%s",
356 limit(RLIMIT_STACK, limits);
359 bb_error_msg("system does not support RLIMIT_%s",
364 #ifdef RLIMIT_MEMLOCK
365 limit(RLIMIT_MEMLOCK, limitl);
368 bb_error_msg("system does not support RLIMIT_%s",
374 limit(RLIMIT_VMEM, limita);
377 limit(RLIMIT_AS, limita);
380 bb_error_msg("system does not support RLIMIT_%s",
387 limit(RLIMIT_NOFILE, limito);
390 limit(RLIMIT_OFILE, limito);
393 bb_error_msg("system does not support RLIMIT_%s",
400 limit(RLIMIT_NPROC, limitp);
403 bb_error_msg("system does not support RLIMIT_%s",
409 limit(RLIMIT_FSIZE, limitf);
412 bb_error_msg("system does not support RLIMIT_%s",
418 limit(RLIMIT_CORE, limitc);
421 bb_error_msg("system does not support RLIMIT_%s",
427 limit(RLIMIT_RSS, limitr);
430 bb_error_msg("system does not support RLIMIT_%s",
436 limit(RLIMIT_CPU, limitt);
439 bb_error_msg("system does not support RLIMIT_%s",
450 if (opt & (OPT_u|OPT_U))
451 xget_uidgid(&ugid, set_user);
453 // chrooted jail must have /etc/passwd if we move this after chroot.
454 // OTOH chroot fails for non-roots.
455 // Solution: cache uid/gid before chroot, apply uid/gid after.
457 xsetenv("GID", utoa(ugid.gid));
458 xsetenv("UID", utoa(ugid.uid));
461 if (opt & OPT_root) {
466 if (setgroups(1, &ugid.gid) == -1)
467 bb_perror_msg_and_die("setgroups");
474 if (nice(xatoi(nicestr)) == -1)
475 bb_perror_msg_and_die("nice");
481 close(STDOUT_FILENO);
483 close(STDERR_FILENO);
485 BB_EXECVP_or_die(argv);
projects / oweals / busybox.git / blob