xref: /titanic_44/usr/src/uts/common/exec/shbin/shbin.c (revision 01ef659d9b1ead333ef0adc346e7051f7eae7520)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #include <sys/types.h>
28 #include <sys/param.h>
29 #include <sys/sysmacros.h>
30 #include <sys/signal.h>
31 #include <sys/cred.h>
32 #include <sys/user.h>
33 #include <sys/errno.h>
34 #include <sys/vnode.h>
35 #include <sys/proc.h>
36 #include <sys/cmn_err.h>
37 #include <sys/debug.h>
38 #include <sys/pathname.h>
39 #include <sys/disp.h>
40 #include <sys/exec.h>
41 #include <sys/kmem.h>
42 #include <sys/note.h>
43 
44 /*
45  * This is the loadable module wrapper.
46  */
47 #include <sys/modctl.h>
48 
49 /* Prototype */
50 int
51 shbinexec(
52 	struct vnode *vp,
53 	struct execa *uap,
54 	struct uarg *args,
55 	struct intpdata *idatap,
56 	int level,
57 	long *execsz,
58 	int setid,
59 	caddr_t exec_file,
60 	struct cred *cred,
61 	int brand_action);
62 
63 #define	SHBIN_CNTL(x)	((x)&037)
64 #define	SHBINMAGIC_LEN	4
65 extern char shbinmagicstr[];
66 
67 /*
68  * Our list where we may find a copy of ksh93. The ordering is:
69  * 1. 64bit (may not be installed or not supported in hardware)
70  * 2. 32bit
71  * 3. Use /sbin/ksh93 when /usr is not available
72  *
73  * ([1] and [2] explicitly bypass /usr/bin/ksh93 to avoid the
74  * isaexec overhead).
75  */
76 static char *shell_list[] =
77 {
78 /* Bypass /usr/bin/ksh93 (which is "isaexec") for performance */
79 #if defined(__sparc)
80 	"/usr/bin/sparcv9/ksh93",
81 	"/usr/bin/sparcv7/ksh93",
82 #elif defined(__amd64)
83 	"/usr/bin/amd64/ksh93",
84 	"/usr/bin/i86/ksh93",
85 #elif defined(__i386)
86 	"/usr/bin/i86/ksh93",
87 #else
88 #error "Unrecognized platform/CPU (use /usr/bin/ksh93 when in doubt)."
89 #endif
90 	"/sbin/ksh93",
91 	NULL
92 };
93 
94 static struct execsw esw = {
95 	shbinmagicstr,
96 	0,
97 	SHBINMAGIC_LEN,
98 	shbinexec,
99 	NULL
100 };
101 
102 /*
103  * Module linkage information for the kernel.
104  */
105 extern struct mod_ops mod_execops;
106 
107 static struct modlexec modlexec = {
108 	&mod_execops, "exec mod for shell binaries (ksh93)", &esw
109 };
110 
111 static struct modlinkage modlinkage = {
112 	MODREV_1, (void *)&modlexec, NULL
113 };
114 
115 int
116 _init(void)
117 {
118 	return (mod_install(&modlinkage));
119 }
120 
121 int
122 _fini(void)
123 {
124 	return (mod_remove(&modlinkage));
125 }
126 
127 int
128 _info(struct modinfo *modinfop)
129 {
130 	return (mod_info(&modlinkage, modinfop));
131 }
132 
133 static int
134 checkshbinmagic(struct vnode *vp)
135 {
136 	int error;
137 	char linep[SHBINMAGIC_LEN];
138 	ssize_t resid;
139 
140 	/*
141 	 * Read the entire line and confirm that it starts with the magic
142 	 * sequence for compiled ksh93 shell scripts.
143 	 */
144 	if (error = vn_rdwr(UIO_READ, vp, linep, sizeof (linep), (offset_t)0,
145 	    UIO_SYSSPACE, 0, (rlim64_t)0, CRED(), &resid))
146 		return (error);
147 
148 	if (memcmp(linep, shbinmagicstr, SHBINMAGIC_LEN) != 0)
149 		return (ENOEXEC);
150 
151 	return (0);
152 }
153 
154 int
155 shbinexec(
156 	struct vnode *vp,
157 	struct execa *uap,
158 	struct uarg *args,
159 	struct intpdata *idatap,
160 	int level,
161 	long *execsz,
162 	int setid,
163 	caddr_t exec_file,
164 	struct cred *cred,
165 	int brand_action)
166 {
167 	_NOTE(ARGUNUSED(brand_action))
168 	vnode_t *nvp;
169 	int error = 0;
170 	struct intpdata idata;
171 	struct pathname intppn;
172 	struct pathname resolvepn;
173 	char *opath;
174 	char devfd[19]; /* 32-bit int fits in 10 digits + 8 for "/dev/fd/" */
175 	int fd = -1;
176 	int i;
177 
178 	(void) memset(&idata, 0, sizeof (idata));
179 
180 	if (level) {		/* Can't recurse */
181 		error = ENOEXEC;
182 		goto bad;
183 	}
184 
185 	ASSERT(idatap == (struct intpdata *)NULL);
186 
187 	/*
188 	 * Check whether the executable has the correct magic value.
189 	 */
190 	if (error = checkshbinmagic(vp))
191 		goto fail;
192 
193 	pn_alloc(&resolvepn);
194 
195 	/*
196 	 * Travel the list of shells and look for one which is available...
197 	 */
198 	for (i = 0; shell_list[i] != NULL; i++) {
199 		error = pn_get(shell_list[i], UIO_SYSSPACE, &intppn);
200 		if (error != 0) {
201 			break;
202 		}
203 
204 		error = lookuppn(&intppn, &resolvepn, FOLLOW, NULLVPP, &nvp);
205 		if (!error) {
206 			/* Found match */
207 			break;
208 		}
209 
210 		/* No match found ? Then continue with the next item... */
211 		pn_free(&intppn);
212 	}
213 
214 	if (error) {
215 		pn_free(&resolvepn);
216 		goto fail;
217 	}
218 
219 	opath = args->pathname;
220 	args->pathname = resolvepn.pn_path;
221 	/* don't free resolvepn until we are done with args */
222 	pn_free(&intppn);
223 
224 	/*
225 	 * When we're executing a set-uid script resulting in uids
226 	 * mismatching or when we execute with additional privileges,
227 	 * we close the "replace script between exec and open by shell"
228 	 * hole by passing the script as /dev/fd parameter.
229 	 */
230 	if ((setid & EXECSETID_PRIVS) != 0 ||
231 	    (setid & (EXECSETID_UGIDS|EXECSETID_SETID)) ==
232 	    (EXECSETID_UGIDS|EXECSETID_SETID)) {
233 		(void) strcpy(devfd, "/dev/fd/");
234 		if (error = execopen(&vp, &fd))
235 			goto done;
236 		numtos(fd, &devfd[8]);
237 		args->fname = devfd;
238 	}
239 
240 	error = gexec(&nvp, uap, args, &idata, ++level, execsz, exec_file, cred,
241 	    EBA_NONE);
242 done:
243 	VN_RELE(nvp);
244 	args->pathname = opath;
245 	pn_free(&resolvepn);
246 fail:
247 	if (error && fd != -1)
248 		(void) execclose(fd);
249 bad:
250 	return (error);
251 }
252