4 #include <sys/resource.h>
12 static unsigned option_mask;
13 // Must meatch constants in chpst_main!
14 #define OPT_verbose (option_mask & 0x2000)
15 #define OPT_pgrp (option_mask & 0x4000)
16 #define OPT_nostdin (option_mask & 0x8000)
17 #define OPT_nostdout (option_mask & 0x10000)
18 #define OPT_nostderr (option_mask & 0x20000)
20 static char *set_user;
21 static char *env_user;
22 static const char *env_dir;
23 static long limitd = -2;
24 static long limits = -2;
25 static long limitl = -2;
26 static long limita = -2;
27 static long limito = -2;
28 static long limitp = -2;
29 static long limitf = -2;
30 static long limitc = -2;
31 static long limitr = -2;
32 static long limitt = -2;
34 static const char *root;
36 static void suidgid(char *user, unsigned dogrp)
40 if (!uidgid_get(&ugid, user, dogrp)) {
42 bb_error_msg_and_die("unknown user/group: %s", user);
44 bb_error_msg_and_die("unknown account: %s", user);
46 if (setgroups(ugid.gids, ugid.gid) == -1)
47 bb_perror_msg_and_die("setgroups");
52 static void euidgid(char *user, unsigned dogrp)
56 if (!uidgid_get(&ugid, user, dogrp)) {
58 bb_error_msg_and_die("unknown user/group: %s", user);
60 bb_error_msg_and_die("unknown account: %s", user);
62 //FIXME: ultoa needed here!
63 xsetenv("GID", utoa(*ugid.gid));
64 xsetenv("UID", utoa(ugid.uid));
67 static void edir(const char *directory_name)
74 wdir = xopen(".", O_RDONLY | O_NDELAY);
75 xchdir(directory_name);
78 bb_perror_msg_and_die("opendir %s", directory_name);
83 if (errno) bb_perror_msg_and_die("readdir %s", directory_name);
86 if (d->d_name[0] == '.') continue;
87 fd = open(d->d_name, O_RDONLY | O_NDELAY);
89 if ((errno == EISDIR) && env_dir) {
91 bb_perror_msg("warning: %s/%s is a directory", directory_name,
95 bb_perror_msg_and_die("open %s/%s", directory_name, /* was exiting 111 */
103 size = safe_read(fd, buf, sizeof(buf)-1);
105 bb_perror_msg_and_die("read %s/%s", directory_name, /* was exiting 111 */
108 xsetenv(d->d_name, "");
112 tail = memchr(buf, '\n', sizeof(buf));
113 /* skip trailing whitespace */;
115 if (tail[0]==' ') tail[0] = '\0';
116 if (tail[0]=='\t') tail[0] = '\0';
117 if (tail[0]=='\n') tail[0] = '\0';
118 if (tail == buf) break;
121 xsetenv(d->d_name, buf);
125 if (fchdir(wdir) == -1) bb_perror_msg_and_die("fchdir");
129 static void limit(int what, long l)
133 if (getrlimit(what, &r) == -1) bb_perror_msg_and_die("getrlimit");
134 if ((l < 0) || (l > r.rlim_max))
135 r.rlim_cur = r.rlim_max;
138 if (setrlimit(what, &r) == -1) bb_perror_msg_and_die("setrlimit");
141 static void slimit(void)
145 limit(RLIMIT_DATA, limitd);
147 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_DATA");
152 limit(RLIMIT_STACK, limits);
154 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_STACK");
158 #ifdef RLIMIT_MEMLOCK
159 limit(RLIMIT_MEMLOCK, limitl);
161 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_MEMLOCK");
166 limit(RLIMIT_VMEM, limita);
169 limit(RLIMIT_AS, limita);
172 bb_error_msg("system does not support %s", "RLIMIT_VMEM");
178 limit(RLIMIT_NOFILE, limito);
181 limit(RLIMIT_OFILE, limito);
184 bb_error_msg("system does not support %s", "RLIMIT_NOFILE");
190 limit(RLIMIT_NPROC, limitp);
192 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_NPROC");
197 limit(RLIMIT_FSIZE, limitf);
199 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_FSIZE");
204 limit(RLIMIT_CORE, limitc);
206 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_CORE");
211 limit(RLIMIT_RSS, limitr);
213 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_RSS");
218 limit(RLIMIT_CPU, limitt);
220 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_CPU");
226 static void setuidgid(int, char **);
227 static void envuidgid(int, char **);
228 static void envdir(int, char **);
229 static void softlimit(int, char **);
231 int chpst_main(int argc, char **argv)
233 if (bb_applet_name[3] == 'd') envdir(argc, argv);
234 if (bb_applet_name[1] == 'o') softlimit(argc, argv);
235 if (bb_applet_name[0] == 's') setuidgid(argc, argv);
236 if (bb_applet_name[0] == 'e') envuidgid(argc, argv);
237 // otherwise we are.......... chpst
240 char *m,*d,*o,*p,*f,*c,*r,*t,*n;
241 option_mask = getopt32(argc, argv, "u:U:e:m:d:o:p:f:c:r:t:/:n:vP012",
242 &set_user,&env_user,&env_dir,
243 &m,&d,&o,&p,&f,&c,&r,&t,&root,&n);
244 // if (option_mask & 0x1) // -u
245 // if (option_mask & 0x2) // -U
246 // if (option_mask & 0x4) // -e
247 if (option_mask & 0x8) limits = limitl = limita = limitd = bb_xgetularg10(m); // -m
248 if (option_mask & 0x10) limitd = bb_xgetularg10(d); // -d
249 if (option_mask & 0x20) limito = bb_xgetularg10(o); // -o
250 if (option_mask & 0x40) limitp = bb_xgetularg10(p); // -p
251 if (option_mask & 0x80) limitf = bb_xgetularg10(f); // -f
252 if (option_mask & 0x100) limitc = bb_xgetularg10(c); // -c
253 if (option_mask & 0x200) limitr = bb_xgetularg10(r); // -r
254 if (option_mask & 0x400) limitt = bb_xgetularg10(t); // -t
255 // if (option_mask & 0x800) // -/
256 if (option_mask & 0x1000) nicelvl = bb_xgetlarg_bnd_sfx(n, 10, -20, 20, NULL); // -n
257 // The below consts should match #defines at top!
258 //if (option_mask & 0x2000) OPT_verbose = 1; // -v
259 //if (option_mask & 0x4000) OPT_pgrp = 1; // -P
260 //if (option_mask & 0x8000) OPT_nostdin = 1; // -0
261 //if (option_mask & 0x10000) OPT_nostdout = 1; // -1
262 //if (option_mask & 0x20000) OPT_nostderr = 1; // -2
264 if (!argv || !*argv) bb_show_usage();
266 if (OPT_pgrp) setsid();
267 if (env_dir) edir(env_dir);
270 if (chroot(".") == -1)
271 bb_perror_msg_and_die("chroot");
276 if (nice(nicelvl) == -1)
277 bb_perror_msg_and_die("nice");
279 if (env_user) euidgid(env_user, 1);
280 if (set_user) suidgid(set_user, 1);
281 if (OPT_nostdin) close(0);
282 if (OPT_nostdout) close(1);
283 if (OPT_nostderr) close(2);
284 execvp(argv[0], argv);
285 bb_perror_msg_and_die("exec %s", argv[0]);
288 static void setuidgid(int argc, char **argv)
293 if (!account) bb_show_usage();
294 if (!*++argv) bb_show_usage();
295 suidgid((char*)account, 0);
296 execvp(argv[0], argv);
297 bb_perror_msg_and_die("exec %s", argv[0]);
300 static void envuidgid(int argc, char **argv)
305 if (!account) bb_show_usage();
306 if (!*++argv) bb_show_usage();
307 euidgid((char*)account, 0);
308 execvp(argv[0], argv);
309 bb_perror_msg_and_die("exec %s", argv[0]);
312 static void envdir(int argc, char **argv)
317 if (!dir) bb_show_usage();
318 if (!*++argv) bb_show_usage();
320 execvp(argv[0], argv);
321 bb_perror_msg_and_die("exec %s", argv[0]);
324 static void softlimit(int argc, char **argv)
326 char *a,*c,*d,*f,*l,*m,*o,*p,*r,*s,*t;
327 option_mask = getopt32(argc, argv, "a:c:d:f:l:m:o:p:r:s:t:",
328 &a,&c,&d,&f,&l,&m,&o,&p,&r,&s,&t);
329 if (option_mask & 0x001) limita = bb_xgetularg10(a); // -a
330 if (option_mask & 0x002) limitc = bb_xgetularg10(c); // -c
331 if (option_mask & 0x004) limitd = bb_xgetularg10(d); // -d
332 if (option_mask & 0x008) limitf = bb_xgetularg10(f); // -f
333 if (option_mask & 0x010) limitl = bb_xgetularg10(l); // -l
334 if (option_mask & 0x020) limits = limitl = limita = limitd = bb_xgetularg10(m); // -m
335 if (option_mask & 0x040) limito = bb_xgetularg10(o); // -o
336 if (option_mask & 0x080) limitp = bb_xgetularg10(p); // -p
337 if (option_mask & 0x100) limitr = bb_xgetularg10(r); // -r
338 if (option_mask & 0x200) limits = bb_xgetularg10(s); // -s
339 if (option_mask & 0x400) limitt = bb_xgetularg10(t); // -t
341 if (!argv[0]) bb_show_usage();
343 execvp(argv[0], argv);
344 bb_perror_msg_and_die("exec %s", argv[0]);
projects / oweals / busybox.git / blob