1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #include <sys/types.h> 28 #include <sys/param.h> 29 #include <sys/sysmacros.h> 30 #include <sys/signal.h> 31 #include <sys/cred.h> 32 #include <sys/user.h> 33 #include <sys/errno.h> 34 #include <sys/vnode.h> 35 #include <sys/proc.h> 36 #include <sys/cmn_err.h> 37 #include <sys/debug.h> 38 #include <sys/pathname.h> 39 #include <sys/disp.h> 40 #include <sys/exec.h> 41 #include <sys/kmem.h> 42 #include <sys/note.h> 43 44 /* 45 * This is the loadable module wrapper. 46 */ 47 #include <sys/modctl.h> 48 49 /* Prototype */ 50 int 51 shbinexec( 52 struct vnode *vp, 53 struct execa *uap, 54 struct uarg *args, 55 struct intpdata *idatap, 56 int level, 57 long *execsz, 58 int setid, 59 caddr_t exec_file, 60 struct cred *cred, 61 int brand_action); 62 63 #define SHBIN_CNTL(x) ((x)&037) 64 #define SHBINMAGIC_LEN 4 65 extern char shbinmagicstr[]; 66 67 /* 68 * Our list where we may find a copy of ksh93. The ordering is: 69 * 1. 64bit (may not be installed or not supported in hardware) 70 * 2. 32bit 71 * 3. Use /sbin/ksh93 when /usr is not available 72 * 73 * ([1] and [2] explicitly bypass /usr/bin/ksh93 to avoid the 74 * isaexec overhead). 75 */ 76 static char *shell_list[] = 77 { 78 /* Bypass /usr/bin/ksh93 (which is "isaexec") for performance */ 79 #if defined(__sparc) 80 "/usr/bin/sparcv9/ksh93", 81 "/usr/bin/sparcv7/ksh93", 82 #elif defined(__amd64) 83 "/usr/bin/amd64/ksh93", 84 "/usr/bin/i86/ksh93", 85 #elif defined(__i386) 86 "/usr/bin/i86/ksh93", 87 #else 88 #error "Unrecognized platform/CPU (use /usr/bin/ksh93 when in doubt)." 89 #endif 90 "/sbin/ksh93", 91 NULL 92 }; 93 94 static struct execsw esw = { 95 shbinmagicstr, 96 0, 97 SHBINMAGIC_LEN, 98 shbinexec, 99 NULL 100 }; 101 102 /* 103 * Module linkage information for the kernel. 104 */ 105 extern struct mod_ops mod_execops; 106 107 static struct modlexec modlexec = { 108 &mod_execops, "exec mod for shell binaries (ksh93)", &esw 109 }; 110 111 static struct modlinkage modlinkage = { 112 MODREV_1, (void *)&modlexec, NULL 113 }; 114 115 int 116 _init(void) 117 { 118 return (mod_install(&modlinkage)); 119 } 120 121 int 122 _fini(void) 123 { 124 return (mod_remove(&modlinkage)); 125 } 126 127 int 128 _info(struct modinfo *modinfop) 129 { 130 return (mod_info(&modlinkage, modinfop)); 131 } 132 133 static int 134 checkshbinmagic(struct vnode *vp) 135 { 136 int error; 137 char linep[SHBINMAGIC_LEN]; 138 ssize_t resid; 139 140 /* 141 * Read the entire line and confirm that it starts with the magic 142 * sequence for compiled ksh93 shell scripts. 143 */ 144 if (error = vn_rdwr(UIO_READ, vp, linep, sizeof (linep), (offset_t)0, 145 UIO_SYSSPACE, 0, (rlim64_t)0, CRED(), &resid)) 146 return (error); 147 148 if (memcmp(linep, shbinmagicstr, SHBINMAGIC_LEN) != 0) 149 return (ENOEXEC); 150 151 return (0); 152 } 153 154 int 155 shbinexec( 156 struct vnode *vp, 157 struct execa *uap, 158 struct uarg *args, 159 struct intpdata *idatap, 160 int level, 161 long *execsz, 162 int setid, 163 caddr_t exec_file, 164 struct cred *cred, 165 int brand_action) 166 { 167 _NOTE(ARGUNUSED(brand_action)) 168 vnode_t *nvp; 169 int error = 0; 170 struct intpdata idata; 171 struct pathname intppn; 172 struct pathname resolvepn; 173 char *opath; 174 char devfd[19]; /* 32-bit int fits in 10 digits + 8 for "/dev/fd/" */ 175 int fd = -1; 176 int i; 177 178 (void) memset(&idata, 0, sizeof (idata)); 179 180 if (level) { /* Can't recurse */ 181 error = ENOEXEC; 182 goto bad; 183 } 184 185 ASSERT(idatap == (struct intpdata *)NULL); 186 187 /* 188 * Check whether the executable has the correct magic value. 189 */ 190 if (error = checkshbinmagic(vp)) 191 goto fail; 192 193 pn_alloc(&resolvepn); 194 195 /* 196 * Travel the list of shells and look for one which is available... 197 */ 198 for (i = 0; shell_list[i] != NULL; i++) { 199 error = pn_get(shell_list[i], UIO_SYSSPACE, &intppn); 200 if (error != 0) { 201 break; 202 } 203 204 error = lookuppn(&intppn, &resolvepn, FOLLOW, NULLVPP, &nvp); 205 if (!error) { 206 /* Found match */ 207 break; 208 } 209 210 /* No match found ? Then continue with the next item... */ 211 pn_free(&intppn); 212 } 213 214 if (error) { 215 pn_free(&resolvepn); 216 goto fail; 217 } 218 219 opath = args->pathname; 220 args->pathname = resolvepn.pn_path; 221 /* don't free resolvepn until we are done with args */ 222 pn_free(&intppn); 223 224 /* 225 * When we're executing a set-uid script resulting in uids 226 * mismatching or when we execute with additional privileges, 227 * we close the "replace script between exec and open by shell" 228 * hole by passing the script as /dev/fd parameter. 229 */ 230 if ((setid & EXECSETID_PRIVS) != 0 || 231 (setid & (EXECSETID_UGIDS|EXECSETID_SETID)) == 232 (EXECSETID_UGIDS|EXECSETID_SETID)) { 233 (void) strcpy(devfd, "/dev/fd/"); 234 if (error = execopen(&vp, &fd)) 235 goto done; 236 numtos(fd, &devfd[8]); 237 args->fname = devfd; 238 } 239 240 error = gexec(&nvp, uap, args, &idata, ++level, execsz, exec_file, cred, 241 EBA_NONE); 242 done: 243 VN_RELE(nvp); 244 args->pathname = opath; 245 pn_free(&resolvepn); 246 fail: 247 if (error && fd != -1) 248 (void) execclose(fd); 249 bad: 250 return (error); 251 } 252