-/* SPDX-License-Identifier: LGPL-2.1+ */
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <dirent.h>
#include <errno.h>
#include "conf-files.h"
#include "env-file.h"
#include "env-util.h"
+#include "errno-util.h"
#include "exec-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "hashmap.h"
#include "macro.h"
+#include "missing_syscall.h"
#include "process-util.h"
#include "rlimit-util.h"
#include "serialize.h"
#include "set.h"
#include "signal-util.h"
#include "stat-util.h"
+#include "string-table.h"
#include "string-util.h"
#include "strv.h"
#include "terminal-util.h"
/* Put this test here for a lack of better place */
assert_cc(EAGAIN == EWOULDBLOCK);
-static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid) {
-
+static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, bool set_systemd_exec_pid) {
pid_t _pid;
int r;
char *_argv[2];
if (stdout_fd >= 0) {
- r = rearrange_stdio(STDIN_FILENO, stdout_fd, STDERR_FILENO);
+ r = rearrange_stdio(STDIN_FILENO, TAKE_FD(stdout_fd), STDERR_FILENO);
if (r < 0)
_exit(EXIT_FAILURE);
}
(void) rlimit_nofile_safe();
+ if (set_systemd_exec_pid) {
+ r = setenv_systemd_exec_pid(false);
+ if (r < 0)
+ log_warning_errno(r, "Failed to set $SYSTEMD_EXEC_PID, ignoring: %m");
+ }
+
if (!argv) {
_argv[0] = (char*) path;
_argv[1] = NULL;
_cleanup_hashmap_free_free_ Hashmap *pids = NULL;
_cleanup_strv_free_ char **paths = NULL;
- char **path, **e;
int r;
bool parallel_execution;
return log_oom();
}
- /* Abort execution of this process after the timout. We simply rely on SIGALRM as
+ /* Abort execution of this process after the timeout. We simply rely on SIGALRM as
* default action terminating the process, and turn on alarm(). */
if (timeout != USEC_INFINITY)
return log_error_errno(fd, "Failed to open serialization file: %m");
}
- r = do_spawn(t, argv, fd, &pid);
+ r = do_spawn(t, argv, fd, &pid, FLAGS_SET(flags, EXEC_DIR_SET_SYSTEMD_EXEC_PID));
if (r <= 0)
continue;
}
static int gather_environment_generate(int fd, void *arg) {
- char ***env = arg, **x, **y;
+ char ***env = ASSERT_PTR(arg);
_cleanup_fclose_ FILE *f = NULL;
_cleanup_strv_free_ char **new = NULL;
int r;
* fd is always consumed, even on error.
*/
- assert(env);
-
f = fdopen(fd, "r");
if (!f) {
safe_close(fd);
return r;
STRV_FOREACH_PAIR(x, y, new) {
- char *p;
-
if (!env_name_is_valid(*x)) {
log_warning("Invalid variable assignment \"%s=...\", ignoring.", *x);
continue;
}
- p = strjoin(*x, "=", *y);
- if (!p)
- return -ENOMEM;
-
- r = strv_env_replace(env, p);
+ r = strv_env_assign(env, *x, *y);
if (r < 0)
return r;
return -errno;
}
- return r;
+ return 0;
}
static int gather_environment_collect(int fd, void *arg) {
_cleanup_fclose_ FILE *f = NULL;
- char ***env = arg;
+ char ***env = ASSERT_PTR(arg);
int r;
/* Write out a series of env=cescape(VAR=value) assignments to fd. */
- assert(env);
-
f = fdopen(fd, "w");
if (!f) {
safe_close(fd);
static int gather_environment_consume(int fd, void *arg) {
_cleanup_fclose_ FILE *f = NULL;
- char ***env = arg;
+ char ***env = ASSERT_PTR(arg);
int r = 0;
/* Read a series of env=cescape(VAR=value) assignments from fd into env. */
- assert(env);
-
f = fdopen(fd, "r");
if (!f) {
safe_close(fd);
return r;
}
+int exec_command_flags_from_strv(char **ex_opts, ExecCommandFlags *flags) {
+ ExecCommandFlags ex_flag, ret_flags = 0;
+
+ assert(flags);
+
+ STRV_FOREACH(opt, ex_opts) {
+ ex_flag = exec_command_flags_from_string(*opt);
+ if (ex_flag < 0)
+ return ex_flag;
+ ret_flags |= ex_flag;
+ }
+
+ *flags = ret_flags;
+
+ return 0;
+}
+
+int exec_command_flags_to_strv(ExecCommandFlags flags, char ***ex_opts) {
+ _cleanup_strv_free_ char **ret_opts = NULL;
+ ExecCommandFlags it = flags;
+ const char *str;
+ int i, r;
+
+ assert(ex_opts);
+
+ if (flags < 0)
+ return flags;
+
+ for (i = 0; it != 0; it &= ~(1 << i), i++) {
+ if (FLAGS_SET(flags, (1 << i))) {
+ str = exec_command_flags_to_string(1 << i);
+ if (!str)
+ return -EINVAL;
+
+ r = strv_extend(&ret_opts, str);
+ if (r < 0)
+ return r;
+ }
+ }
+
+ *ex_opts = TAKE_PTR(ret_opts);
+
+ return 0;
+}
+
const gather_stdout_callback_t gather_environment[] = {
gather_environment_generate,
gather_environment_collect,
gather_environment_consume,
};
+
+static const char* const exec_command_strings[] = {
+ "ignore-failure", /* EXEC_COMMAND_IGNORE_FAILURE */
+ "privileged", /* EXEC_COMMAND_FULLY_PRIVILEGED */
+ "no-setuid", /* EXEC_COMMAND_NO_SETUID */
+ "ambient", /* EXEC_COMMAND_AMBIENT_MAGIC */
+ "no-env-expand", /* EXEC_COMMAND_NO_ENV_EXPAND */
+};
+
+const char* exec_command_flags_to_string(ExecCommandFlags i) {
+ size_t idx;
+
+ for (idx = 0; idx < ELEMENTSOF(exec_command_strings); idx++)
+ if (i == (1 << idx))
+ return exec_command_strings[idx];
+
+ return NULL;
+}
+
+ExecCommandFlags exec_command_flags_from_string(const char *s) {
+ ssize_t idx;
+
+ idx = string_table_lookup(exec_command_strings, ELEMENTSOF(exec_command_strings), s);
+
+ if (idx < 0)
+ return _EXEC_COMMAND_FLAGS_INVALID;
+ else
+ return 1 << idx;
+}
+
+int fexecve_or_execve(int executable_fd, const char *executable, char *const argv[], char *const envp[]) {
+ /* Refuse invalid fds, regardless if fexecve() use is enabled or not */
+ if (executable_fd < 0)
+ return -EBADF;
+
+ /* Block any attempts on exploiting Linux' liberal argv[] handling, i.e. CVE-2021-4034 and suchlike */
+ if (isempty(executable) || strv_isempty(argv))
+ return -EINVAL;
+
+#if ENABLE_FEXECVE
+
+ execveat(executable_fd, "", argv, envp, AT_EMPTY_PATH);
+
+ if (IN_SET(errno, ENOSYS, ENOENT) || ERRNO_IS_PRIVILEGE(errno))
+ /* Old kernel or a script or an overzealous seccomp filter? Let's fall back to execve().
+ *
+ * fexecve(3): "If fd refers to a script (i.e., it is an executable text file that names a
+ * script interpreter with a first line that begins with the characters #!) and the
+ * close-on-exec flag has been set for fd, then fexecve() fails with the error ENOENT. This
+ * error occurs because, by the time the script interpreter is executed, fd has already been
+ * closed because of the close-on-exec flag. Thus, the close-on-exec flag can't be set on fd
+ * if it refers to a script."
+ *
+ * Unfortunately, if we unset close-on-exec, the script will be executed just fine, but (at
+ * least in case of bash) the script name, $0, will be shown as /dev/fd/nnn, which breaks
+ * scripts which make use of $0. Thus, let's fall back to execve() in this case.
+ */
+#endif
+ execve(executable, argv, envp);
+ return -errno;
+}
+
+int fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret_pid, const char *path, ...) {
+ bool stdout_is_tty, stderr_is_tty;
+ size_t n, i;
+ va_list ap;
+ char **l;
+ int r;
+
+ assert(path);
+
+ /* Spawns a temporary TTY agent, making sure it goes away when we go away */
+
+ r = safe_fork_full(name,
+ except,
+ n_except,
+ FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG,
+ ret_pid);
+ if (r < 0)
+ return r;
+ if (r > 0)
+ return 0;
+
+ /* In the child: */
+
+ stdout_is_tty = isatty(STDOUT_FILENO);
+ stderr_is_tty = isatty(STDERR_FILENO);
+
+ if (!stdout_is_tty || !stderr_is_tty) {
+ int fd;
+
+ /* Detach from stdout/stderr and reopen /dev/tty for them. This is important to ensure that
+ * when systemctl is started via popen() or a similar call that expects to read EOF we
+ * actually do generate EOF and not delay this indefinitely by keeping an unused copy of
+ * stdin around. */
+ fd = open("/dev/tty", O_WRONLY);
+ if (fd < 0) {
+ if (errno != ENXIO) {
+ log_error_errno(errno, "Failed to open /dev/tty: %m");
+ _exit(EXIT_FAILURE);
+ }
+
+ /* If we get ENXIO here we have no controlling TTY even though stdout/stderr are
+ * connected to a TTY. That's a weird setup, but let's handle it gracefully: let's
+ * skip the forking of the agents, given the TTY setup is not in order. */
+ } else {
+ if (!stdout_is_tty && dup2(fd, STDOUT_FILENO) < 0) {
+ log_error_errno(errno, "Failed to dup2 /dev/tty: %m");
+ _exit(EXIT_FAILURE);
+ }
+
+ if (!stderr_is_tty && dup2(fd, STDERR_FILENO) < 0) {
+ log_error_errno(errno, "Failed to dup2 /dev/tty: %m");
+ _exit(EXIT_FAILURE);
+ }
+
+ fd = safe_close_above_stdio(fd);
+ }
+ }
+
+ (void) rlimit_nofile_safe();
+
+ /* Count arguments */
+ va_start(ap, path);
+ for (n = 0; va_arg(ap, char*); n++)
+ ;
+ va_end(ap);
+
+ /* Allocate strv */
+ l = newa(char*, n + 1);
+
+ /* Fill in arguments */
+ va_start(ap, path);
+ for (i = 0; i <= n; i++)
+ l[i] = va_arg(ap, char*);
+ va_end(ap);
+
+ execv(path, l);
+ _exit(EXIT_FAILURE);
+}