int intpexec( struct vnode *vp, struct execa *uap, struct uarg *args, struct intpdata *idatap, int level, long *execsz, int setid, caddr_t exec_file, struct cred *cred, int brand_action) { _NOTE(ARGUNUSED(brand_action)) vnode_t *nvp; int error = 0; struct intpdata idata; struct pathname intppn; struct pathname resolvepn; char *opath; char devfd[19]; /* 32-bit int fits in 10 digits + 8 for "/dev/fd/" */ int fd = -1; if (level) { /* Can't recurse */ error = ENOEXEC; goto bad; } ASSERT(idatap == (struct intpdata *)NULL); /* * Allocate a buffer to read in the interpreter pathname. */ idata.intp = kmem_alloc(INTPSZ, KM_SLEEP); if (error = getintphead(vp, &idata)) goto fail; /* * Look the new vnode up. */ if (error = pn_get(idata.intp_name, UIO_SYSSPACE, &intppn)) goto fail; pn_alloc(&resolvepn); if (error = lookuppn(&intppn, &resolvepn, FOLLOW, NULLVPP, &nvp)) { pn_free(&resolvepn); pn_free(&intppn); goto fail; } opath = args->pathname; args->pathname = resolvepn.pn_path; /* don't free resolvepn until we are done with args */ pn_free(&intppn); /* * When we're executing a set-uid script resulting in uids * mismatching or when we execute with additional privileges, * we close the "replace script between exec and open by shell" * hole by passing the script as /dev/fd parameter. */ if ((setid & EXECSETID_PRIVS) != 0 || (setid & (EXECSETID_UGIDS|EXECSETID_SETID)) == (EXECSETID_UGIDS|EXECSETID_SETID)) { (void) strcpy(devfd, "/dev/fd/"); if (error = execopen(&vp, &fd)) goto done; numtos(fd, &devfd[8]); args->fname = devfd; } error = gexec(&nvp, uap, args, &idata, ++level, execsz, exec_file, cred, EBA_NONE); done: VN_RELE(nvp); args->pathname = opath; pn_free(&resolvepn); fail: kmem_free(idata.intp, INTPSZ); if (error && fd != -1) (void) execclose(fd); bad: return (error); }
/*ARGSUSED3*/ static int javaexec(vnode_t *vp, struct execa *uap, struct uarg *args, struct intpdata *idatap, int level, long *execsz, int setid, caddr_t execfile, cred_t *cred, int brand_action) { struct intpdata idata; int error; ssize_t resid; vnode_t *nvp; off_t xoff, xoff_end; char lochdr[LOCHDRSIZ]; struct pathname lookpn; struct pathname resolvepn; char *opath; if (level) return (ENOEXEC); /* no recursion */ /* * Read in the full local file header, and validate * the initial signature. */ if ((error = vn_rdwr(UIO_READ, vp, lochdr, sizeof (lochdr), 0, UIO_SYSSPACE, 0, (rlim64_t)0, cred, &resid)) != 0) return (error); if (resid != 0 || strncmp(lochdr, LOCSIG, SIGSIZ) != 0) return (ENOEXEC); /* * Ok, so this -is- a ZIP file, and might even be a JAR file. * Is it a Java executable? */ xoff = sizeof (lochdr) + LOCNAM(lochdr); xoff_end = xoff + LOCEXT(lochdr); while (xoff < xoff_end) { char xfhdr[XFHSIZ]; if ((error = vn_rdwr(UIO_READ, vp, xfhdr, sizeof (xfhdr), xoff, UIO_SYSSPACE, 0, (rlim64_t)0, cred, &resid)) != 0) return (error); if (resid != 0) return (ENOEXEC); if (XFHID(xfhdr) == XFJAVASIG) break; xoff += sizeof (xfhdr) + XFDATASIZ(xfhdr); } if (xoff >= xoff_end) return (ENOEXEC); /* * Note: If we ever make setid execution work, we need to ensure * that we use /dev/fd to avoid the classic setuid shell script * security hole. */ if (setid) return (EACCES); /* * Find and invoke the Java runtime environment on the file */ idata.intp = NULL; idata.intp_name[0] = jexec; idata.intp_arg[0] = jexec_arg; if (error = pn_get(idata.intp_name[0], UIO_SYSSPACE, &lookpn)) return (error); pn_alloc(&resolvepn); if (error = lookuppn(&lookpn, &resolvepn, FOLLOW, NULLVPP, &nvp)) { pn_free(&resolvepn); pn_free(&lookpn); return (ENOEXEC); } opath = args->pathname; args->pathname = resolvepn.pn_path; /* don't free resolvepn until we are done with args */ pn_free(&lookpn); error = gexec(&nvp, uap, args, &idata, level + 1, execsz, execfile, cred, EBA_NONE); if (!error) { /* * Close this Java executable as the interpreter * will open and close it later on. */ (void) VOP_CLOSE(vp, FREAD, 1, (offset_t)0, cred, NULL); } VN_RELE(nvp); args->pathname = opath; pn_free(&resolvepn); return (error); }