/* Trusted environment for executing commands */
char * trusted_env[4] = {
- "PATH=/usr/bin:/usr/sbin:/sbin:/bin",
+ "PATH=/usr/local/bin:/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin",
"SHELL=/bin/sh",
"TERM=dumb",
NULL
if(!command)
return 1;
-#if 0
// Add command as first element to argv
argv[argc++] = command;
-#endif
// Add all other arguments
if (args) {
}
default: /* parent */
- do {
- if (waitpid(pid, &status, 0) == -1) {
- if (errno != EINTR)
- return -1;
- } else {
- return status;
- }
- } while (1);
- }
+ // Wait until the child process has finished
+ waitpid(pid, &status, 0);
+
+ // The child was terminated by a signal
+ if (WIFSIGNALED(status))
+ return 128 + WTERMSIG(status);
+ // Return the exit code if available
+ if (WIFEXITED(status))
+ return WEXITSTATUS(status);
+
+ // Something unexpected happened, exiting with error
+ return EXIT_FAILURE;
+ }
}
int run(char* command, char** argv) {
NULL,
};
- return system_core(argv[0], argv, 0, 0, "safe_system");
+ return system_core(argv[0], argv + 1, 0, 0, "safe_system");
}
/* Much like safe_system but lets you specify a non-root uid and gid to run
* the command as */
int unpriv_system(char* command, uid_t uid, gid_t gid) {
- return system_core(command, NULL, uid, gid, "unpriv_system");
+ char* argv[4] = {
+ "/bin/sh",
+ "-c",
+ command,
+ NULL,
+ };
+
+ return system_core(argv[0], argv + 1, uid, gid, "unpriv_system");
}
/* General routine to initialise a setuid root program, and put the