5 static unsigned option_mask;
6 // Must match constants in chpst_main!
7 #define OPT_verbose (option_mask & 0x2000)
8 #define OPT_pgrp (option_mask & 0x4000)
9 #define OPT_nostdin (option_mask & 0x8000)
10 #define OPT_nostdout (option_mask & 0x10000)
11 #define OPT_nostderr (option_mask & 0x20000)
13 static char *set_user;
14 static char *env_user;
15 static const char *env_dir;
16 static long limitd = -2;
17 static long limits = -2;
18 static long limitl = -2;
19 static long limita = -2;
20 static long limito = -2;
21 static long limitp = -2;
22 static long limitf = -2;
23 static long limitc = -2;
24 static long limitr = -2;
25 static long limitt = -2;
27 static const char *root;
29 static void suidgid(char *user)
31 struct bb_uidgid_t ugid;
33 if (!uidgid_get(&ugid, user)) {
34 bb_error_msg_and_die("unknown user/group: %s", user);
36 if (setgroups(1, &ugid.gid) == -1)
37 bb_perror_msg_and_die("setgroups");
42 static void euidgid(char *user)
44 struct bb_uidgid_t ugid;
46 if (!uidgid_get(&ugid, user)) {
47 bb_error_msg_and_die("unknown user/group: %s", user);
49 xsetenv("GID", utoa(ugid.gid));
50 xsetenv("UID", utoa(ugid.uid));
53 static void edir(const char *directory_name)
60 wdir = xopen(".", O_RDONLY | O_NDELAY);
61 xchdir(directory_name);
64 bb_perror_msg_and_die("opendir %s", directory_name);
69 if (errno) bb_perror_msg_and_die("readdir %s", directory_name);
72 if (d->d_name[0] == '.') continue;
73 fd = open(d->d_name, O_RDONLY | O_NDELAY);
75 if ((errno == EISDIR) && env_dir) {
77 bb_perror_msg("warning: %s/%s is a directory", directory_name,
81 bb_perror_msg_and_die("open %s/%s", directory_name, /* was exiting 111 */
89 size = safe_read(fd, buf, sizeof(buf)-1);
91 bb_perror_msg_and_die("read %s/%s", directory_name, /* was exiting 111 */
98 tail = memchr(buf, '\n', sizeof(buf));
99 /* skip trailing whitespace */;
101 if (tail[0]==' ') tail[0] = '\0';
102 if (tail[0]=='\t') tail[0] = '\0';
103 if (tail[0]=='\n') tail[0] = '\0';
104 if (tail == buf) break;
107 xsetenv(d->d_name, buf);
111 if (fchdir(wdir) == -1) bb_perror_msg_and_die("fchdir");
115 static void limit(int what, long l)
119 if (getrlimit(what, &r) == -1) bb_perror_msg_and_die("getrlimit");
120 if ((l < 0) || (l > r.rlim_max))
121 r.rlim_cur = r.rlim_max;
124 if (setrlimit(what, &r) == -1) bb_perror_msg_and_die("setrlimit");
127 static void slimit(void)
131 limit(RLIMIT_DATA, limitd);
133 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_DATA");
138 limit(RLIMIT_STACK, limits);
140 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_STACK");
144 #ifdef RLIMIT_MEMLOCK
145 limit(RLIMIT_MEMLOCK, limitl);
147 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_MEMLOCK");
152 limit(RLIMIT_VMEM, limita);
155 limit(RLIMIT_AS, limita);
158 bb_error_msg("system does not support %s", "RLIMIT_VMEM");
164 limit(RLIMIT_NOFILE, limito);
167 limit(RLIMIT_OFILE, limito);
170 bb_error_msg("system does not support %s", "RLIMIT_NOFILE");
176 limit(RLIMIT_NPROC, limitp);
178 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_NPROC");
183 limit(RLIMIT_FSIZE, limitf);
185 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_FSIZE");
190 limit(RLIMIT_CORE, limitc);
192 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_CORE");
197 limit(RLIMIT_RSS, limitr);
199 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_RSS");
204 limit(RLIMIT_CPU, limitt);
206 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_CPU");
212 static void setuidgid(int, char **);
213 static void envuidgid(int, char **);
214 static void envdir(int, char **);
215 static void softlimit(int, char **);
217 int chpst_main(int argc, char **argv)
219 if (applet_name[3] == 'd') envdir(argc, argv);
220 if (applet_name[1] == 'o') softlimit(argc, argv);
221 if (applet_name[0] == 's') setuidgid(argc, argv);
222 if (applet_name[0] == 'e') envuidgid(argc, argv);
223 // otherwise we are.......... chpst
226 char *m,*d,*o,*p,*f,*c,*r,*t,*n;
227 option_mask = getopt32(argc, argv, "u:U:e:m:d:o:p:f:c:r:t:/:n:vP012",
228 &set_user,&env_user,&env_dir,
229 &m,&d,&o,&p,&f,&c,&r,&t,&root,&n);
230 // if (option_mask & 0x1) // -u
231 // if (option_mask & 0x2) // -U
232 // if (option_mask & 0x4) // -e
233 if (option_mask & 0x8) limits = limitl = limita = limitd = bb_xgetularg10(m); // -m
234 if (option_mask & 0x10) limitd = bb_xgetularg10(d); // -d
235 if (option_mask & 0x20) limito = bb_xgetularg10(o); // -o
236 if (option_mask & 0x40) limitp = bb_xgetularg10(p); // -p
237 if (option_mask & 0x80) limitf = bb_xgetularg10(f); // -f
238 if (option_mask & 0x100) limitc = bb_xgetularg10(c); // -c
239 if (option_mask & 0x200) limitr = bb_xgetularg10(r); // -r
240 if (option_mask & 0x400) limitt = bb_xgetularg10(t); // -t
241 // if (option_mask & 0x800) // -/
242 if (option_mask & 0x1000) nicelvl = bb_xgetlarg_bnd_sfx(n, 10, -20, 20, NULL); // -n
243 // The below consts should match #defines at top!
244 //if (option_mask & 0x2000) OPT_verbose = 1; // -v
245 //if (option_mask & 0x4000) OPT_pgrp = 1; // -P
246 //if (option_mask & 0x8000) OPT_nostdin = 1; // -0
247 //if (option_mask & 0x10000) OPT_nostdout = 1; // -1
248 //if (option_mask & 0x20000) OPT_nostderr = 1; // -2
251 if (!argv || !*argv) bb_show_usage();
253 if (OPT_pgrp) setsid();
254 if (env_dir) edir(env_dir);
257 if (chroot(".") == -1)
258 bb_perror_msg_and_die("chroot");
263 if (nice(nicelvl) == -1)
264 bb_perror_msg_and_die("nice");
266 if (env_user) euidgid(env_user);
267 if (set_user) suidgid(set_user);
268 if (OPT_nostdin) close(0);
269 if (OPT_nostdout) close(1);
270 if (OPT_nostderr) close(2);
271 execvp(argv[0], argv);
272 bb_perror_msg_and_die("exec %s", argv[0]);
275 static void setuidgid(int argc, char **argv)
280 if (!account) bb_show_usage();
281 if (!*++argv) bb_show_usage();
282 suidgid((char*)account);
283 execvp(argv[0], argv);
284 bb_perror_msg_and_die("exec %s", argv[0]);
287 static void envuidgid(int argc, char **argv)
292 if (!account) bb_show_usage();
293 if (!*++argv) bb_show_usage();
294 euidgid((char*)account);
295 execvp(argv[0], argv);
296 bb_perror_msg_and_die("exec %s", argv[0]);
299 static void envdir(int argc, char **argv)
304 if (!dir) bb_show_usage();
305 if (!*++argv) bb_show_usage();
307 execvp(argv[0], argv);
308 bb_perror_msg_and_die("exec %s", argv[0]);
311 static void softlimit(int argc, char **argv)
313 char *a,*c,*d,*f,*l,*m,*o,*p,*r,*s,*t;
314 option_mask = getopt32(argc, argv, "a:c:d:f:l:m:o:p:r:s:t:",
315 &a,&c,&d,&f,&l,&m,&o,&p,&r,&s,&t);
316 if (option_mask & 0x001) limita = bb_xgetularg10(a); // -a
317 if (option_mask & 0x002) limitc = bb_xgetularg10(c); // -c
318 if (option_mask & 0x004) limitd = bb_xgetularg10(d); // -d
319 if (option_mask & 0x008) limitf = bb_xgetularg10(f); // -f
320 if (option_mask & 0x010) limitl = bb_xgetularg10(l); // -l
321 if (option_mask & 0x020) limits = limitl = limita = limitd = bb_xgetularg10(m); // -m
322 if (option_mask & 0x040) limito = bb_xgetularg10(o); // -o
323 if (option_mask & 0x080) limitp = bb_xgetularg10(p); // -p
324 if (option_mask & 0x100) limitr = bb_xgetularg10(r); // -r
325 if (option_mask & 0x200) limits = bb_xgetularg10(s); // -s
326 if (option_mask & 0x400) limitt = bb_xgetularg10(t); // -t
328 if (!argv[0]) bb_show_usage();
330 execvp(argv[0], argv);
331 bb_perror_msg_and_die("exec %s", argv[0]);