blob: 3769af25ef04eaaa5fbdade1284372a7ff1ca9e1
1 | /* |
2 | Copyright (c) 2001-2006, Gerrit Pape |
3 | All rights reserved. |
4 | |
5 | Redistribution and use in source and binary forms, with or without |
6 | modification, are permitted provided that the following conditions are met: |
7 | |
8 | 1. Redistributions of source code must retain the above copyright notice, |
9 | this list of conditions and the following disclaimer. |
10 | 2. Redistributions in binary form must reproduce the above copyright |
11 | notice, this list of conditions and the following disclaimer in the |
12 | documentation and/or other materials provided with the distribution. |
13 | 3. The name of the author may not be used to endorse or promote products |
14 | derived from this software without specific prior written permission. |
15 | |
16 | THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED |
17 | WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
18 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO |
19 | EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
20 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
21 | PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
22 | OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
23 | WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
24 | OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
25 | ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
26 | */ |
27 | |
28 | /* Busyboxed by Denys Vlasenko <vda.linux@googlemail.com> */ |
29 | |
30 | //config:config CHPST |
31 | //config: bool "chpst" |
32 | //config: default y |
33 | //config: help |
34 | //config: chpst changes the process state according to the given options, and |
35 | //config: execs specified program. |
36 | //config: |
37 | //config:config SETUIDGID |
38 | //config: bool "setuidgid" |
39 | //config: default y |
40 | //config: help |
41 | //config: Sets soft resource limits as specified by options |
42 | //config: |
43 | //config:config ENVUIDGID |
44 | //config: bool "envuidgid" |
45 | //config: default y |
46 | //config: help |
47 | //config: Sets $UID to account's uid and $GID to account's gid |
48 | //config: |
49 | //config:config ENVDIR |
50 | //config: bool "envdir" |
51 | //config: default y |
52 | //config: help |
53 | //config: Sets various environment variables as specified by files |
54 | //config: in the given directory |
55 | //config: |
56 | //config:config SOFTLIMIT |
57 | //config: bool "softlimit" |
58 | //config: default y |
59 | //config: help |
60 | //config: Sets soft resource limits as specified by options |
61 | |
62 | //applet:IF_CHPST(APPLET(chpst, BB_DIR_USR_BIN, BB_SUID_DROP)) |
63 | //applet:IF_ENVDIR(APPLET_ODDNAME(envdir, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envdir)) |
64 | //applet:IF_ENVUIDGID(APPLET_ODDNAME(envuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envuidgid)) |
65 | //applet:IF_SETUIDGID(APPLET_ODDNAME(setuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, setuidgid)) |
66 | //applet:IF_SOFTLIMIT(APPLET_ODDNAME(softlimit, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, softlimit)) |
67 | |
68 | //kbuild:lib-$(CONFIG_CHPST) += chpst.o |
69 | //kbuild:lib-$(CONFIG_ENVDIR) += chpst.o |
70 | //kbuild:lib-$(CONFIG_ENVUIDGID) += chpst.o |
71 | //kbuild:lib-$(CONFIG_SETUIDGID) += chpst.o |
72 | //kbuild:lib-$(CONFIG_SOFTLIMIT) += chpst.o |
73 | |
74 | //usage:#define chpst_trivial_usage |
75 | //usage: "[-vP012] [-u USER[:GRP]] [-U USER[:GRP]] [-e DIR]\n" |
76 | //usage: " [-/ DIR] [-n NICE] [-m BYTES] [-d BYTES] [-o N]\n" |
77 | //usage: " [-p N] [-f BYTES] [-c BYTES] PROG ARGS" |
78 | //usage:#define chpst_full_usage "\n\n" |
79 | //usage: "Change the process state, run PROG\n" |
80 | //usage: "\n -u USER[:GRP] Set uid and gid" |
81 | //usage: "\n -U USER[:GRP] Set $UID and $GID in environment" |
82 | //usage: "\n -e DIR Set environment variables as specified by files" |
83 | //usage: "\n in DIR: file=1st_line_of_file" |
84 | //usage: "\n -/ DIR Chroot to DIR" |
85 | //usage: "\n -n NICE Add NICE to nice value" |
86 | //usage: "\n -m BYTES Same as -d BYTES -s BYTES -l BYTES" |
87 | //usage: "\n -d BYTES Limit data segment" |
88 | //usage: "\n -o N Limit number of open files per process" |
89 | //usage: "\n -p N Limit number of processes per uid" |
90 | //usage: "\n -f BYTES Limit output file sizes" |
91 | //usage: "\n -c BYTES Limit core file size" |
92 | //usage: "\n -v Verbose" |
93 | //usage: "\n -P Create new process group" |
94 | //usage: "\n -0 Close stdin" |
95 | //usage: "\n -1 Close stdout" |
96 | //usage: "\n -2 Close stderr" |
97 | //usage: |
98 | //usage:#define envdir_trivial_usage |
99 | //usage: "DIR PROG ARGS" |
100 | //usage:#define envdir_full_usage "\n\n" |
101 | //usage: "Set various environment variables as specified by files\n" |
102 | //usage: "in the directory DIR, run PROG" |
103 | //usage: |
104 | //usage:#define envuidgid_trivial_usage |
105 | //usage: "USER PROG ARGS" |
106 | //usage:#define envuidgid_full_usage "\n\n" |
107 | //usage: "Set $UID to USER's uid and $GID to USER's gid, run PROG" |
108 | //usage: |
109 | //usage:#define setuidgid_trivial_usage |
110 | //usage: "USER PROG ARGS" |
111 | //usage:#define setuidgid_full_usage "\n\n" |
112 | //usage: "Set uid and gid to USER's uid and gid, drop supplementary group ids,\n" |
113 | //usage: "run PROG" |
114 | //usage: |
115 | //usage:#define softlimit_trivial_usage |
116 | //usage: "[-a BYTES] [-m BYTES] [-d BYTES] [-s BYTES] [-l BYTES]\n" |
117 | //usage: " [-f BYTES] [-c BYTES] [-r BYTES] [-o N] [-p N] [-t N]\n" |
118 | //usage: " PROG ARGS" |
119 | //usage:#define softlimit_full_usage "\n\n" |
120 | //usage: "Set soft resource limits, then run PROG\n" |
121 | //usage: "\n -a BYTES Limit total size of all segments" |
122 | //usage: "\n -m BYTES Same as -d BYTES -s BYTES -l BYTES -a BYTES" |
123 | //usage: "\n -d BYTES Limit data segment" |
124 | //usage: "\n -s BYTES Limit stack segment" |
125 | //usage: "\n -l BYTES Limit locked memory size" |
126 | //usage: "\n -o N Limit number of open files per process" |
127 | //usage: "\n -p N Limit number of processes per uid" |
128 | //usage: "\nOptions controlling file sizes:" |
129 | //usage: "\n -f BYTES Limit output file sizes" |
130 | //usage: "\n -c BYTES Limit core file size" |
131 | //usage: "\nEfficiency opts:" |
132 | //usage: "\n -r BYTES Limit resident set size" |
133 | //usage: "\n -t N Limit CPU time, process receives" |
134 | //usage: "\n a SIGXCPU after N seconds" |
135 | |
136 | #include "libbb.h" |
137 | #include <sys/resource.h> /* getrlimit */ |
138 | |
139 | /* |
140 | Five applets here: chpst, envdir, envuidgid, setuidgid, softlimit. |
141 | |
142 | Only softlimit and chpst are taking options: |
143 | |
144 | # common |
145 | -o N Limit number of open files per process |
146 | -p N Limit number of processes per uid |
147 | -m BYTES Same as -d BYTES -s BYTES -l BYTES [-a BYTES] |
148 | -d BYTES Limit data segment |
149 | -f BYTES Limit output file sizes |
150 | -c BYTES Limit core file size |
151 | # softlimit |
152 | -a BYTES Limit total size of all segments |
153 | -s BYTES Limit stack segment |
154 | -l BYTES Limit locked memory size |
155 | -r BYTES Limit resident set size |
156 | -t N Limit CPU time |
157 | # chpst |
158 | -u USER[:GRP] Set uid and gid |
159 | -U USER[:GRP] Set $UID and $GID in environment |
160 | -e DIR Set environment variables as specified by files in DIR |
161 | -/ DIR Chroot to DIR |
162 | -n NICE Add NICE to nice value |
163 | -v Verbose |
164 | -P Create new process group |
165 | -0 -1 -2 Close fd 0,1,2 |
166 | |
167 | Even though we accept all these options for both softlimit and chpst, |
168 | they are not to be advertised on their help texts. |
169 | We have enough problems with feature creep in other people's |
170 | software, don't want to add our own. |
171 | |
172 | envdir, envuidgid, setuidgid take no options, but they reuse code which |
173 | handles -e, -U and -u. |
174 | */ |
175 | |
176 | enum { |
177 | OPT_a = (1 << 0) * ENABLE_SOFTLIMIT, |
178 | OPT_c = (1 << 1) * (ENABLE_SOFTLIMIT || ENABLE_CHPST), |
179 | OPT_d = (1 << 2) * (ENABLE_SOFTLIMIT || ENABLE_CHPST), |
180 | OPT_f = (1 << 3) * (ENABLE_SOFTLIMIT || ENABLE_CHPST), |
181 | OPT_l = (1 << 4) * ENABLE_SOFTLIMIT, |
182 | OPT_m = (1 << 5) * (ENABLE_SOFTLIMIT || ENABLE_CHPST), |
183 | OPT_o = (1 << 6) * (ENABLE_SOFTLIMIT || ENABLE_CHPST), |
184 | OPT_p = (1 << 7) * (ENABLE_SOFTLIMIT || ENABLE_CHPST), |
185 | OPT_r = (1 << 8) * ENABLE_SOFTLIMIT, |
186 | OPT_s = (1 << 9) * ENABLE_SOFTLIMIT, |
187 | OPT_t = (1 << 10) * ENABLE_SOFTLIMIT, |
188 | OPT_u = (1 << 11) * (ENABLE_CHPST || ENABLE_SETUIDGID), |
189 | OPT_U = (1 << 12) * (ENABLE_CHPST || ENABLE_ENVUIDGID), |
190 | OPT_e = (1 << 13) * (ENABLE_CHPST || ENABLE_ENVDIR), |
191 | OPT_root = (1 << 14) * ENABLE_CHPST, |
192 | OPT_n = (1 << 15) * ENABLE_CHPST, |
193 | OPT_v = (1 << 16) * ENABLE_CHPST, |
194 | OPT_P = (1 << 17) * ENABLE_CHPST, |
195 | OPT_0 = (1 << 18) * ENABLE_CHPST, |
196 | OPT_1 = (1 << 19) * ENABLE_CHPST, |
197 | OPT_2 = (1 << 20) * ENABLE_CHPST, |
198 | }; |
199 | |
200 | /* TODO: use recursive_action? */ |
201 | static NOINLINE void edir(const char *directory_name) |
202 | { |
203 | int wdir; |
204 | DIR *dir; |
205 | struct dirent *d; |
206 | int fd; |
207 | |
208 | wdir = xopen(".", O_RDONLY | O_NDELAY); |
209 | xchdir(directory_name); |
210 | dir = xopendir("."); |
211 | for (;;) { |
212 | char buf[256]; |
213 | char *tail; |
214 | int size; |
215 | |
216 | errno = 0; |
217 | d = readdir(dir); |
218 | if (!d) { |
219 | if (errno) |
220 | bb_perror_msg_and_die("readdir %s", |
221 | directory_name); |
222 | break; |
223 | } |
224 | if (d->d_name[0] == '.') |
225 | continue; |
226 | fd = open(d->d_name, O_RDONLY | O_NDELAY); |
227 | if (fd < 0) { |
228 | if ((errno == EISDIR) && directory_name) { |
229 | if (option_mask32 & OPT_v) |
230 | bb_perror_msg("warning: %s/%s is a directory", |
231 | directory_name, d->d_name); |
232 | continue; |
233 | } |
234 | bb_perror_msg_and_die("open %s/%s", |
235 | directory_name, d->d_name); |
236 | } |
237 | size = full_read(fd, buf, sizeof(buf)-1); |
238 | close(fd); |
239 | if (size < 0) |
240 | bb_perror_msg_and_die("read %s/%s", |
241 | directory_name, d->d_name); |
242 | if (size == 0) { |
243 | unsetenv(d->d_name); |
244 | continue; |
245 | } |
246 | buf[size] = '\n'; |
247 | tail = strchr(buf, '\n'); |
248 | /* skip trailing whitespace */ |
249 | while (1) { |
250 | *tail = '\0'; |
251 | tail--; |
252 | if (tail < buf || !isspace(*tail)) |
253 | break; |
254 | } |
255 | xsetenv(d->d_name, buf); |
256 | } |
257 | closedir(dir); |
258 | xfchdir(wdir); |
259 | close(wdir); |
260 | } |
261 | |
262 | static void limit(int what, long l) |
263 | { |
264 | struct rlimit r; |
265 | |
266 | /* Never fails under Linux (except if you pass it bad arguments) */ |
267 | getrlimit(what, &r); |
268 | if ((l < 0) || (l > r.rlim_max)) |
269 | r.rlim_cur = r.rlim_max; |
270 | else |
271 | r.rlim_cur = l; |
272 | if (setrlimit(what, &r) == -1) |
273 | bb_perror_msg_and_die("setrlimit"); |
274 | } |
275 | |
276 | int chpst_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; |
277 | int chpst_main(int argc UNUSED_PARAM, char **argv) |
278 | { |
279 | struct bb_uidgid_t ugid; |
280 | char *set_user = set_user; /* for compiler */ |
281 | char *env_dir = env_dir; |
282 | char *root; |
283 | char *nicestr; |
284 | unsigned limita; |
285 | unsigned limitc; |
286 | unsigned limitd; |
287 | unsigned limitf; |
288 | unsigned limitl; |
289 | unsigned limitm; |
290 | unsigned limito; |
291 | unsigned limitp; |
292 | unsigned limitr; |
293 | unsigned limits; |
294 | unsigned limitt; |
295 | unsigned opt; |
296 | |
297 | if ((ENABLE_CHPST && applet_name[0] == 'c') |
298 | || (ENABLE_SOFTLIMIT && applet_name[1] == 'o') |
299 | ) { |
300 | // FIXME: can we live with int-sized limits? |
301 | // can we live with 40000 days? |
302 | // if yes -> getopt converts strings to numbers for us |
303 | opt_complementary = "-1"; |
304 | opt = getopt32(argv, "+a:+c:+d:+f:+l:+m:+o:+p:+r:+s:+t:+u:U:e:" |
305 | IF_CHPST("/:n:vP012"), |
306 | &limita, &limitc, &limitd, &limitf, &limitl, |
307 | &limitm, &limito, &limitp, &limitr, &limits, &limitt, |
308 | &set_user, &set_user, &env_dir |
309 | IF_CHPST(, &root, &nicestr)); |
310 | argv += optind; |
311 | if (opt & OPT_m) { // -m means -asld |
312 | limita = limits = limitl = limitd = limitm; |
313 | opt |= (OPT_s | OPT_l | OPT_a | OPT_d); |
314 | } |
315 | } else { |
316 | option_mask32 = opt = 0; |
317 | argv++; |
318 | if (!*argv) |
319 | bb_show_usage(); |
320 | } |
321 | |
322 | // envdir? |
323 | if (ENABLE_ENVDIR && applet_name[3] == 'd') { |
324 | env_dir = *argv++; |
325 | opt |= OPT_e; |
326 | } |
327 | |
328 | // setuidgid? |
329 | if (ENABLE_SETUIDGID && applet_name[1] == 'e') { |
330 | set_user = *argv++; |
331 | opt |= OPT_u; |
332 | } |
333 | |
334 | // envuidgid? |
335 | if (ENABLE_ENVUIDGID && applet_name[0] == 'e' && applet_name[3] == 'u') { |
336 | set_user = *argv++; |
337 | opt |= OPT_U; |
338 | } |
339 | |
340 | // we must have PROG [ARGS] |
341 | if (!*argv) |
342 | bb_show_usage(); |
343 | |
344 | // set limits |
345 | if (opt & OPT_d) { |
346 | #ifdef RLIMIT_DATA |
347 | limit(RLIMIT_DATA, limitd); |
348 | #else |
349 | if (opt & OPT_v) |
350 | bb_error_msg("system does not support RLIMIT_%s", |
351 | "DATA"); |
352 | #endif |
353 | } |
354 | if (opt & OPT_s) { |
355 | #ifdef RLIMIT_STACK |
356 | limit(RLIMIT_STACK, limits); |
357 | #else |
358 | if (opt & OPT_v) |
359 | bb_error_msg("system does not support RLIMIT_%s", |
360 | "STACK"); |
361 | #endif |
362 | } |
363 | if (opt & OPT_l) { |
364 | #ifdef RLIMIT_MEMLOCK |
365 | limit(RLIMIT_MEMLOCK, limitl); |
366 | #else |
367 | if (opt & OPT_v) |
368 | bb_error_msg("system does not support RLIMIT_%s", |
369 | "MEMLOCK"); |
370 | #endif |
371 | } |
372 | if (opt & OPT_a) { |
373 | #ifdef RLIMIT_VMEM |
374 | limit(RLIMIT_VMEM, limita); |
375 | #else |
376 | #ifdef RLIMIT_AS |
377 | limit(RLIMIT_AS, limita); |
378 | #else |
379 | if (opt & OPT_v) |
380 | bb_error_msg("system does not support RLIMIT_%s", |
381 | "VMEM"); |
382 | #endif |
383 | #endif |
384 | } |
385 | if (opt & OPT_o) { |
386 | #ifdef RLIMIT_NOFILE |
387 | limit(RLIMIT_NOFILE, limito); |
388 | #else |
389 | #ifdef RLIMIT_OFILE |
390 | limit(RLIMIT_OFILE, limito); |
391 | #else |
392 | if (opt & OPT_v) |
393 | bb_error_msg("system does not support RLIMIT_%s", |
394 | "NOFILE"); |
395 | #endif |
396 | #endif |
397 | } |
398 | if (opt & OPT_p) { |
399 | #ifdef RLIMIT_NPROC |
400 | limit(RLIMIT_NPROC, limitp); |
401 | #else |
402 | if (opt & OPT_v) |
403 | bb_error_msg("system does not support RLIMIT_%s", |
404 | "NPROC"); |
405 | #endif |
406 | } |
407 | if (opt & OPT_f) { |
408 | #ifdef RLIMIT_FSIZE |
409 | limit(RLIMIT_FSIZE, limitf); |
410 | #else |
411 | if (opt & OPT_v) |
412 | bb_error_msg("system does not support RLIMIT_%s", |
413 | "FSIZE"); |
414 | #endif |
415 | } |
416 | if (opt & OPT_c) { |
417 | #ifdef RLIMIT_CORE |
418 | limit(RLIMIT_CORE, limitc); |
419 | #else |
420 | if (opt & OPT_v) |
421 | bb_error_msg("system does not support RLIMIT_%s", |
422 | "CORE"); |
423 | #endif |
424 | } |
425 | if (opt & OPT_r) { |
426 | #ifdef RLIMIT_RSS |
427 | limit(RLIMIT_RSS, limitr); |
428 | #else |
429 | if (opt & OPT_v) |
430 | bb_error_msg("system does not support RLIMIT_%s", |
431 | "RSS"); |
432 | #endif |
433 | } |
434 | if (opt & OPT_t) { |
435 | #ifdef RLIMIT_CPU |
436 | limit(RLIMIT_CPU, limitt); |
437 | #else |
438 | if (opt & OPT_v) |
439 | bb_error_msg("system does not support RLIMIT_%s", |
440 | "CPU"); |
441 | #endif |
442 | } |
443 | |
444 | if (opt & OPT_P) |
445 | setsid(); |
446 | |
447 | if (opt & OPT_e) |
448 | edir(env_dir); |
449 | |
450 | if (opt & (OPT_u|OPT_U)) |
451 | xget_uidgid(&ugid, set_user); |
452 | |
453 | // chrooted jail must have /etc/passwd if we move this after chroot. |
454 | // OTOH chroot fails for non-roots. |
455 | // Solution: cache uid/gid before chroot, apply uid/gid after. |
456 | if (opt & OPT_U) { |
457 | xsetenv("GID", utoa(ugid.gid)); |
458 | xsetenv("UID", utoa(ugid.uid)); |
459 | } |
460 | |
461 | if (opt & OPT_root) { |
462 | xchroot(root); |
463 | } |
464 | |
465 | if (opt & OPT_u) { |
466 | if (setgroups(1, &ugid.gid) == -1) |
467 | bb_perror_msg_and_die("setgroups"); |
468 | xsetgid(ugid.gid); |
469 | xsetuid(ugid.uid); |
470 | } |
471 | |
472 | if (opt & OPT_n) { |
473 | errno = 0; |
474 | if (nice(xatoi(nicestr)) == -1) |
475 | bb_perror_msg_and_die("nice"); |
476 | } |
477 | |
478 | if (opt & OPT_0) |
479 | close(STDIN_FILENO); |
480 | if (opt & OPT_1) |
481 | close(STDOUT_FILENO); |
482 | if (opt & OPT_2) |
483 | close(STDERR_FILENO); |
484 | |
485 | BB_EXECVP_or_die(argv); |
486 | } |
487 |