-
-
-#define parse_error(x) do { errmsg = x; goto pe_label; } while(0)
-
-/* Don't depend on the tools to combine strings. */
-static const char config_file[] = "/etc/busybox.conf";
-
-/* There are 4 chars + 1 nul for each of user/group/other. */
-static const char mode_chars[] = "Ssx-\0Ssx-\0Ttx-";
-
-/* We don't supply a value for the nul, so an index adjustment is
- * necessary below. Also, we use unsigned short here to save some
- * space even though these are really mode_t values. */
-static const unsigned short mode_mask[] = {
- /* SST sst xxx --- */
- S_ISUID, S_ISUID|S_IXUSR, S_IXUSR, 0, /* user */
- S_ISGID, S_ISGID|S_IXGRP, S_IXGRP, 0, /* group */
- 0, S_IXOTH, S_IXOTH, 0 /* other */
-};
-
-static void parse_config_file(void)
-{
- struct BB_suid_config *sct_head;
- struct BB_suid_config *sct;
- struct BB_applet *applet;
- FILE *f;
- const char *errmsg;
- char *s;
- char *e;
- int i, lc, section;
- char buffer[256];
- struct stat st;
-
- assert(!suid_config); /* Should be set to NULL by bss init. */
-
- if ((stat(config_file, &st) != 0) /* No config file? */
- || !S_ISREG(st.st_mode) /* Not a regular file? */
- || (st.st_uid != 0) /* Not owned by root? */
- || (st.st_mode & (S_IWGRP | S_IWOTH)) /* Writable by non-root? */
- || !(f = fopen(config_file, "r")) /* Cannot open? */
- ) {
- return;
- }
-
- suid_cfg_readable = 1;
- sct_head = NULL;
- section = lc = 0;
-
- do {
- s = buffer;
-
- if (!fgets(s, sizeof(buffer), f)) { /* Are we done? */
- if (ferror(f)) { /* Make sure it wasn't a read error. */
- parse_error("reading");
- }
- fclose(f);
- suid_config = sct_head; /* Success, so set the pointer. */
- return;
- }
-
- lc++; /* Got a (partial) line. */
-
- /* If a line is too long for our buffer, we consider it an error.
- * The following test does mistreat one corner case though.
- * If the final line of the file does not end with a newline and
- * yet exactly fills the buffer, it will be treated as too long
- * even though there isn't really a problem. But it isn't really
- * worth adding code to deal with such an unlikely situation, and
- * we do err on the side of caution. Besides, the line would be
- * too long if it did end with a newline. */
- if (!strchr(s, '\n') && !feof(f)) {
- parse_error("line too long");
- }
-
- /* Trim leading and trailing whitespace, ignoring comments, and
- * check if the resulting string is empty. */
- s = get_trimmed_slice(s, strchrnul(s, '#'));
- if (!*s) {
- continue;
- }
-
- /* Check for a section header. */
-
- if (*s == '[') {
- /* Unlike the old code, we ignore leading and trailing
- * whitespace for the section name. We also require that
- * there are no stray characters after the closing bracket. */
- e = strchr(s, ']');
- if (!e /* Missing right bracket? */
- || e[1] /* Trailing characters? */
- || !*(s = get_trimmed_slice(s+1, e)) /* Missing name? */
- ) {
- parse_error("section header");
- }
- /* Right now we only have one section so just check it.
- * If more sections are added in the future, please don't
- * resort to cascading ifs with multiple strcasecmp calls.
- * That kind of bloated code is all too common. A loop
- * and a string table would be a better choice unless the
- * number of sections is very small. */
- if (strcasecmp(s, "SUID") == 0) {
- section = 1;
- continue;
- }
- section = -1; /* Unknown section so set to skip. */
- continue;
- }
-
- /* Process sections. */
-
- if (section == 1) { /* SUID */
- /* Since we trimmed leading and trailing space above, we're
- * now looking for strings of the form
- * <key>[::space::]*=[::space::]*<value>
- * where both key and value could contain inner whitespace. */
-
- /* First get the key (an applet name in our case). */
- e = strchr(s, '=');
- if (e) {
- s = get_trimmed_slice(s, e);
- }
- if (!e || !*s) { /* Missing '=' or empty key. */
- parse_error("keyword");
- }
-
- /* Ok, we have an applet name. Process the rhs if this
- * applet is currently built in and ignore it otherwise.
- * Note: This can hide config file bugs which only pop
- * up when the busybox configuration is changed. */
- applet = find_applet_by_name(s);
- if (applet) {
- /* Note: We currently don't check for duplicates!
- * The last config line for each applet will be the
- * one used since we insert at the head of the list.
- * I suppose this could be considered a feature. */
- sct = xmalloc(sizeof(struct BB_suid_config));
- sct->m_applet = applet;
- sct->m_mode = 0;
- sct->m_next = sct_head;
- sct_head = sct;
-
- /* Get the specified mode. */
-
- e = skip_whitespace(e+1);
-
- for (i = 0; i < 3; i++) {
- const char *q;
- q = strchrnul(mode_chars + 5*i, *e++);
- if (!*q) {
- parse_error("mode");
- }
- /* Adjust by -i to account for nul. */
- sct->m_mode |= mode_mask[(q - mode_chars) - i];
- }
-
- /* Now get the the user/group info. */
-
- s = skip_whitespace(e);
-
- /* Note: We require whitespace between the mode and the
- * user/group info. */
- if ((s == e) || !(e = strchr(s, '.'))) {
- parse_error("<uid>.<gid>");
- }
- *e++ = '\0';
-
- /* We can't use get_ug_id here since it would exit()
- * if a uid or gid was not found. Oh well... */
- sct->m_uid = bb_strtoul(s, NULL, 10);
- if (errno) {
- struct passwd *pwd = getpwnam(s);
- if (!pwd) {
- parse_error("user");
- }
- sct->m_uid = pwd->pw_uid;
- }
-
- sct->m_gid = bb_strtoul(e, NULL, 10);
- if (errno) {
- struct group *grp;
- grp = getgrnam(e);
- if (!grp) {
- parse_error("group");
- }
- sct->m_gid = grp->gr_gid;
- }
- }
- continue;
- }
-
- /* Unknown sections are ignored. */
-
- /* Encountering configuration lines prior to seeing a
- * section header is treated as an error. This is how
- * the old code worked, but it may not be desirable.
- * We may want to simply ignore such lines in case they
- * are used in some future version of busybox. */
- if (!section) {
- parse_error("keyword outside section");
- }
-
- } while (1);
-
- pe_label:
- fprintf(stderr, "Parse error in %s, line %d: %s\n",
- config_file, lc, errmsg);
-
- fclose(f);
- /* Release any allocated memory before returning. */
- while (sct_head) {
- sct = sct_head->m_next;
- free(sct_head);
- sct_head = sct;
- }
-}
-
-#else
-#define parse_config_file() ((void)0)
-#endif /* CONFIG_FEATURE_SUID_CONFIG */
-
-#if ENABLE_FEATURE_SUID
-static void check_suid(struct BB_applet *applet)
-{
- uid_t ruid = getuid(); /* real [ug]id */
- uid_t rgid = getgid();
-
-#if ENABLE_FEATURE_SUID_CONFIG
- if (suid_cfg_readable) {
- struct BB_suid_config *sct;
- mode_t m;
-
- for (sct = suid_config; sct; sct = sct->m_next) {
- if (sct->m_applet == applet)
- goto found;
- }
- /* default: drop all privileges */
- xsetgid(rgid);
- xsetuid(ruid);
- return;
- found:
- m = sct->m_mode;
- if (sct->m_uid == ruid)
- /* same uid */
- m >>= 6;
- else if ((sct->m_gid == rgid) || ingroup(ruid, sct->m_gid))
- /* same group / in group */
- m >>= 3;
-
- if (!(m & S_IXOTH)) /* is x bit not set ? */
- bb_error_msg_and_die("you have no permission to run this applet!");
-
- if (sct->m_gid != 0) {
- /* _both_ have to be set for sgid */
- if ((sct->m_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
- xsetgid(sct->m_gid);
- } else xsetgid(rgid); /* no sgid -> drop */
- }
- if (sct->m_uid != 0) {
- if (sct->m_mode & S_ISUID) xsetuid(sct->m_uid);
- else xsetuid(ruid); /* no suid -> drop */
- }
- return;
- }
-#if !ENABLE_FEATURE_SUID_CONFIG_QUIET
- {
- static smallint onetime = 0;
-
- if (!onetime) {
- onetime = 1;
- fprintf(stderr, "Using fallback suid method\n");
- }
- }
-#endif