c2109f05b7
commit cb5b020a8d38f77209d0472a0fea755299a8ec78 upstream. This reverts commit 8099b047ecc431518b9bb6bdbba3549bbecdc343. It turns out that people do actually depend on the shebang string being truncated, and on the fact that an interpreter (like perl) will often just re-interpret it entirely to get the full argument list. Reported-by: Samuel Dionne-Riel <samuel@dionne-riel.com> Acked-by: Kees Cook <keescook@chromium.org> Cc: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
130 lines
3 KiB
C
130 lines
3 KiB
C
/*
|
|
* linux/fs/binfmt_script.c
|
|
*
|
|
* Copyright (C) 1996 Martin von Löwis
|
|
* original #!-checking implemented by tytso.
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/string.h>
|
|
#include <linux/stat.h>
|
|
#include <linux/binfmts.h>
|
|
#include <linux/init.h>
|
|
#include <linux/file.h>
|
|
#include <linux/err.h>
|
|
#include <linux/fs.h>
|
|
|
|
static int load_script(struct linux_binprm *bprm)
|
|
{
|
|
const char *i_arg, *i_name;
|
|
char *cp;
|
|
struct file *file;
|
|
int retval;
|
|
|
|
if ((bprm->buf[0] != '#') || (bprm->buf[1] != '!'))
|
|
return -ENOEXEC;
|
|
|
|
/*
|
|
* If the script filename will be inaccessible after exec, typically
|
|
* because it is a "/dev/fd/<fd>/.." path against an O_CLOEXEC fd, give
|
|
* up now (on the assumption that the interpreter will want to load
|
|
* this file).
|
|
*/
|
|
if (bprm->interp_flags & BINPRM_FLAGS_PATH_INACCESSIBLE)
|
|
return -ENOENT;
|
|
|
|
/*
|
|
* This section does the #! interpretation.
|
|
* Sorta complicated, but hopefully it will work. -TYT
|
|
*/
|
|
|
|
allow_write_access(bprm->file);
|
|
fput(bprm->file);
|
|
bprm->file = NULL;
|
|
|
|
bprm->buf[BINPRM_BUF_SIZE - 1] = '\0';
|
|
if ((cp = strchr(bprm->buf, '\n')) == NULL)
|
|
cp = bprm->buf+BINPRM_BUF_SIZE-1;
|
|
*cp = '\0';
|
|
while (cp > bprm->buf) {
|
|
cp--;
|
|
if ((*cp == ' ') || (*cp == '\t'))
|
|
*cp = '\0';
|
|
else
|
|
break;
|
|
}
|
|
for (cp = bprm->buf+2; (*cp == ' ') || (*cp == '\t'); cp++);
|
|
if (*cp == '\0')
|
|
return -ENOEXEC; /* No interpreter name found */
|
|
i_name = cp;
|
|
i_arg = NULL;
|
|
for ( ; *cp && (*cp != ' ') && (*cp != '\t'); cp++)
|
|
/* nothing */ ;
|
|
while ((*cp == ' ') || (*cp == '\t'))
|
|
*cp++ = '\0';
|
|
if (*cp)
|
|
i_arg = cp;
|
|
/*
|
|
* OK, we've parsed out the interpreter name and
|
|
* (optional) argument.
|
|
* Splice in (1) the interpreter's name for argv[0]
|
|
* (2) (optional) argument to interpreter
|
|
* (3) filename of shell script (replace argv[0])
|
|
*
|
|
* This is done in reverse order, because of how the
|
|
* user environment and arguments are stored.
|
|
*/
|
|
retval = remove_arg_zero(bprm);
|
|
if (retval)
|
|
return retval;
|
|
retval = copy_strings_kernel(1, &bprm->interp, bprm);
|
|
if (retval < 0)
|
|
return retval;
|
|
bprm->argc++;
|
|
if (i_arg) {
|
|
retval = copy_strings_kernel(1, &i_arg, bprm);
|
|
if (retval < 0)
|
|
return retval;
|
|
bprm->argc++;
|
|
}
|
|
retval = copy_strings_kernel(1, &i_name, bprm);
|
|
if (retval)
|
|
return retval;
|
|
bprm->argc++;
|
|
retval = bprm_change_interp(i_name, bprm);
|
|
if (retval < 0)
|
|
return retval;
|
|
|
|
/*
|
|
* OK, now restart the process with the interpreter's dentry.
|
|
*/
|
|
file = open_exec(i_name);
|
|
if (IS_ERR(file))
|
|
return PTR_ERR(file);
|
|
|
|
bprm->file = file;
|
|
retval = prepare_binprm(bprm);
|
|
if (retval < 0)
|
|
return retval;
|
|
return search_binary_handler(bprm);
|
|
}
|
|
|
|
static struct linux_binfmt script_format = {
|
|
.module = THIS_MODULE,
|
|
.load_binary = load_script,
|
|
};
|
|
|
|
static int __init init_script_binfmt(void)
|
|
{
|
|
register_binfmt(&script_format);
|
|
return 0;
|
|
}
|
|
|
|
static void __exit exit_script_binfmt(void)
|
|
{
|
|
unregister_binfmt(&script_format);
|
|
}
|
|
|
|
core_initcall(init_script_binfmt);
|
|
module_exit(exit_script_binfmt);
|
|
MODULE_LICENSE("GPL");
|