int
intpexec(
struct vnode *vp,
struct execa *uap,
struct uarg *args,
struct intpdata *idatap,
int level,
long *execsz,
int setid,
caddr_t exec_file,
struct cred *cred,
int brand_action)
{
_NOTE(ARGUNUSED(brand_action))
vnode_t *nvp;
int error = 0;
struct intpdata idata;
struct pathname intppn;
struct pathname resolvepn;
char *opath;
char devfd[19]; /* 32-bit int fits in 10 digits + 8 for "/dev/fd/" */
int fd = -1;
if (level) { /* Can't recurse */
error = ENOEXEC;
goto bad;
}
ASSERT(idatap == (struct intpdata *)NULL);
/*
* Allocate a buffer to read in the interpreter pathname.
*/
idata.intp = kmem_alloc(INTPSZ, KM_SLEEP);
if (error = getintphead(vp, &idata))
goto fail;
/*
* Look the new vnode up.
*/
if (error = pn_get(idata.intp_name, UIO_SYSSPACE, &intppn))
goto fail;
pn_alloc(&resolvepn);
if (error = lookuppn(&intppn, &resolvepn, FOLLOW, NULLVPP, &nvp)) {
pn_free(&resolvepn);
pn_free(&intppn);
goto fail;
}
opath = args->pathname;
args->pathname = resolvepn.pn_path;
/* don't free resolvepn until we are done with args */
pn_free(&intppn);
/*
* When we're executing a set-uid script resulting in uids
* mismatching or when we execute with additional privileges,
* we close the "replace script between exec and open by shell"
* hole by passing the script as /dev/fd parameter.
*/
if ((setid & EXECSETID_PRIVS) != 0 ||
(setid & (EXECSETID_UGIDS|EXECSETID_SETID)) ==
(EXECSETID_UGIDS|EXECSETID_SETID)) {
(void) strcpy(devfd, "/dev/fd/");
if (error = execopen(&vp, &fd))
goto done;
numtos(fd, &devfd[8]);
args->fname = devfd;
}
error = gexec(&nvp, uap, args, &idata, ++level, execsz, exec_file, cred,
EBA_NONE);
done:
VN_RELE(nvp);
args->pathname = opath;
pn_free(&resolvepn);
fail:
kmem_free(idata.intp, INTPSZ);
if (error && fd != -1)
(void) execclose(fd);
bad:
return (error);
}
/*ARGSUSED3*/
static int
javaexec(vnode_t *vp, struct execa *uap, struct uarg *args,
struct intpdata *idatap, int level, long *execsz, int setid,
caddr_t execfile, cred_t *cred, int brand_action)
{
struct intpdata idata;
int error;
ssize_t resid;
vnode_t *nvp;
off_t xoff, xoff_end;
char lochdr[LOCHDRSIZ];
struct pathname lookpn;
struct pathname resolvepn;
char *opath;
if (level)
return (ENOEXEC); /* no recursion */
/*
* Read in the full local file header, and validate
* the initial signature.
*/
if ((error = vn_rdwr(UIO_READ, vp, lochdr, sizeof (lochdr),
0, UIO_SYSSPACE, 0, (rlim64_t)0, cred, &resid)) != 0)
return (error);
if (resid != 0 || strncmp(lochdr, LOCSIG, SIGSIZ) != 0)
return (ENOEXEC);
/*
* Ok, so this -is- a ZIP file, and might even be a JAR file.
* Is it a Java executable?
*/
xoff = sizeof (lochdr) + LOCNAM(lochdr);
xoff_end = xoff + LOCEXT(lochdr);
while (xoff < xoff_end) {
char xfhdr[XFHSIZ];
if ((error = vn_rdwr(UIO_READ, vp, xfhdr, sizeof (xfhdr),
xoff, UIO_SYSSPACE, 0, (rlim64_t)0, cred, &resid)) != 0)
return (error);
if (resid != 0)
return (ENOEXEC);
if (XFHID(xfhdr) == XFJAVASIG)
break;
xoff += sizeof (xfhdr) + XFDATASIZ(xfhdr);
}
if (xoff >= xoff_end)
return (ENOEXEC);
/*
* Note: If we ever make setid execution work, we need to ensure
* that we use /dev/fd to avoid the classic setuid shell script
* security hole.
*/
if (setid)
return (EACCES);
/*
* Find and invoke the Java runtime environment on the file
*/
idata.intp = NULL;
idata.intp_name[0] = jexec;
idata.intp_arg[0] = jexec_arg;
if (error = pn_get(idata.intp_name[0], UIO_SYSSPACE, &lookpn))
return (error);
pn_alloc(&resolvepn);
if (error = lookuppn(&lookpn, &resolvepn, FOLLOW, NULLVPP, &nvp)) {
pn_free(&resolvepn);
pn_free(&lookpn);
return (ENOEXEC);
}
opath = args->pathname;
args->pathname = resolvepn.pn_path;
/* don't free resolvepn until we are done with args */
pn_free(&lookpn);
error = gexec(&nvp, uap, args, &idata, level + 1, execsz, execfile,
cred, EBA_NONE);
if (!error) {
/*
* Close this Java executable as the interpreter
* will open and close it later on.
*/
(void) VOP_CLOSE(vp, FREAD, 1, (offset_t)0, cred, NULL);
}
VN_RELE(nvp);
args->pathname = opath;
pn_free(&resolvepn);
return (error);
}
