*: s/"/bin/sh"/DEFAULT_SHELL, run_shell() API fix, remove unneeded strdup

function old new delta run_shell 157 166 +9 su_main 477 470 -7 sulogin_main 515 503 -12 Signed-off-by: Ladislav Michl <Ladislav.Michl@seznam.cz> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Ladislav Michl <Ladislav.Michl@seznam.cz> 2010-06-27 03:23:31 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2010-06-27 03:23:31 +0200
commit: a73b87e9343df2a6f14e328a977e7b70eb3ed707 (patch)
tree: 564869bde93c870b20f6d4d8a3da71e42b629f2e
parent: 1b14cdb27ca5e8104a824424731be430c8592dd6 (diff)
download: busybox-w32-a73b87e9343df2a6f14e328a977e7b70eb3ed707.tar.gz
busybox-w32-a73b87e9343df2a6f14e328a977e7b70eb3ed707.tar.bz2
busybox-w32-a73b87e9343df2a6f14e328a977e7b70eb3ed707.zip
8 files changed, 58 insertions, 54 deletions
diff --git a/archival/libunarchive/data_extract_to_command.c b/archival/libunarchive/data_extract_to_command.c
index 53a7217c2..eb09439bc 100644
--- a/archival/libunarchive/data_extract_to_command.c
+++ b/archival/libunarchive/data_extract_to_command.c
@@ -102,8 +102,8 @@ void FAST_FUNC data_extract_to_command(archive_handle_t *archive_handle)
                        close(p[1]);
                        xdup2(p[0], STDIN_FILENO);
                        signal(SIGPIPE, SIG_DFL);
-                        execl("/bin/sh", "/bin/sh" + 5, "-c", archive_handle->tar__to_command, NULL);
+                        execl(DEFAULT_SHELL, DEFAULT_SHELL_SHORT_NAME, "-c", archive_handle->tar__to_command, NULL);
-                        bb_perror_msg_and_die("can't execute '%s'", "/bin/sh");
+                        bb_perror_msg_and_die("can't execute '%s'", DEFAULT_SHELL);
                }
                close(p[0]);
                /* Our caller is expected to do signal(SIGPIPE, SIG_IGN)
diff --git a/include/libbb.h b/include/libbb.h
index 58719a85b..53b768d88 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -1157,7 +1157,6 @@ char *bb_simplify_abs_path_inplace(char *path) FAST_FUNC;
 extern void bb_do_delay(int seconds) FAST_FUNC;
 extern void change_identity(const struct passwd *pw) FAST_FUNC;
 extern void run_shell(const char *shell, int loginshell, const char *command, const char **additional_args) NORETURN FAST_FUNC;
-extern void run_shell(const char *shell, int loginshell, const char *command, const char **additional_args) FAST_FUNC;
 #if ENABLE_SELINUX
 extern void renew_current_security_context(void) FAST_FUNC;
 extern void set_current_security_context(security_context_t sid) FAST_FUNC;
@@ -1593,12 +1592,12 @@ extern struct globals *const ptr_to_globals;
 * use bb_default_login_shell and following defines.
 * If you change LIBBB_DEFAULT_LOGIN_SHELL,
 * don't forget to change increment constant. */
-#define LIBBB_DEFAULT_LOGIN_SHELL      "-/bin/sh"
+#define LIBBB_DEFAULT_LOGIN_SHELL  "-/bin/sh"
 extern const char bb_default_login_shell[];
 /* "/bin/sh" */
-#define DEFAULT_SHELL     (bb_default_login_shell+1)
+#define DEFAULT_SHELL              (bb_default_login_shell+1)
 /* "sh" */
-#define DEFAULT_SHELL_SHORT_NAME     (bb_default_login_shell+6)
+#define DEFAULT_SHELL_SHORT_NAME   (bb_default_login_shell+6)
 #if ENABLE_FEATURE_DEVFS
 # define CURRENT_VC "/dev/vc/0"
diff --git a/libbb/run_shell.c b/libbb/run_shell.c
index 4608a24a9..4d92c3caa 100644
--- a/libbb/run_shell.c
+++ b/libbb/run_shell.c
@@ -49,15 +49,14 @@ void FAST_FUNC set_current_security_context(security_context_t sid)
 #endif
-/* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
+/* Run SHELL, or DEFAULT_SHELL if SHELL is "" or NULL.
-   If COMMAND is nonzero, pass it to the shell with the -c option.
+ * If COMMAND is nonzero, pass it to the shell with the -c option.
-   If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
+ * If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
-   arguments.  */
+ * arguments.  */
 void FAST_FUNC run_shell(const char *shell, int loginshell, const char *command, const char **additional_args)
 {
        const char **args;
-        int argno = 1;
+        int argno;
        int additional_args_cnt = 0;
        for (args = additional_args; args && *args; args++)
@@ -65,11 +64,13 @@ void FAST_FUNC run_shell(const char *shell, int loginshell, const char *command,
        args = xmalloc(sizeof(char*) * (4 + additional_args_cnt));
-        args[0] = bb_get_last_path_component_nostrip(xstrdup(shell));
+        if (!shell || !shell[0])
+                shell = DEFAULT_SHELL;
+        args[0] = bb_get_last_path_component_nostrip(shell);
        if (loginshell)
                args[0] = xasprintf("-%s", args[0]);
+        argno = 1;
        if (command) {
                args[argno++] = "-c";
                args[argno++] = command;
@@ -79,6 +80,7 @@ void FAST_FUNC run_shell(const char *shell, int loginshell, const char *command,
                        args[argno++] = *additional_args;
        }
        args[argno] = NULL;
 #if ENABLE_SELINUX
        if (current_sid)
                setexeccon(current_sid);
diff --git a/libbb/setup_environment.c b/libbb/setup_environment.c
index 13e60d8e4..a95fbc5bf 100644
--- a/libbb/setup_environment.c
+++ b/libbb/setup_environment.c
@@ -43,7 +43,7 @@ void FAST_FUNC setup_environment(const char *shell, int flags, const struct pass
                const char *term;
                /* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
-                   Unset all other environment variables.  */
+                 * Unset all other environment variables.  */
                term = getenv("TERM");
                clearenv();
                if (term)
@@ -57,7 +57,7 @@ void FAST_FUNC setup_environment(const char *shell, int flags, const struct pass
                //xsetenv("SHELL",   shell);
        } else if (flags & SETUP_ENV_CHANGEENV) {
                /* Set HOME, SHELL, and if not becoming a super-user,
-                   USER and LOGNAME.  */
+                 * USER and LOGNAME.  */
                if (pw->pw_uid) {
 shortcut:
                        xsetenv("USER",    pw->pw_name);
diff --git a/loginutils/login.c b/loginutils/login.c
index 078cd68ed..88ed0af78 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -201,7 +201,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
        };
        char *fromhost;
        char username[USERNAME_SIZE];
-        const char *tmp;
+        const char *shell;
        int run_by_root;
        unsigned opt;
        int count = 0;
@@ -389,10 +389,10 @@ int login_main(int argc UNUSED_PARAM, char **argv)
                run_login_script(pw, full_tty);
        change_identity(pw);
-        tmp = pw->pw_shell;
+        shell = pw->pw_shell;
-        if (!tmp || !*tmp)
+        if (!shell || !shell[0])
-                tmp = DEFAULT_SHELL;
+                shell = DEFAULT_SHELL;
-        setup_environment(tmp,
+        setup_environment(shell,
                        (!(opt & LOGIN_OPT_p) * SETUP_ENV_CLEARENV) + SETUP_ENV_CHANGEENV,
                        pw);
@@ -427,7 +427,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
        signal(SIGINT, SIG_DFL);
        /* Exec login shell with no additional parameters */
-        run_shell(tmp, 1, NULL, NULL);
+        run_shell(shell, 1, NULL, NULL);
        /* return EXIT_FAILURE; - not reached */
 }
diff --git a/loginutils/su.c b/loginutils/su.c
index af25655fd..9bae37551 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -10,23 +10,27 @@
 #if ENABLE_FEATURE_SU_CHECKS_SHELLS
 /* Return 1 if SHELL is a restricted shell (one not returned by
-   getusershell), else 0, meaning it is a standard shell.  */
+ * getusershell), else 0, meaning it is a standard shell.  */
 static int restricted_shell(const char *shell)
 {
        char *line;
+        int result = 1;
        /*setusershell(); - getusershell does it itself*/
        while ((line = getusershell()) != NULL) {
-                if (/* *line != '#' && */ strcmp(line, shell) == 0)
+                if (/* *line != '#' && */ strcmp(line, shell) == 0) {
-                        return 0;
+                        result = 0;
+                        break;
+                }
        }
-        endusershell();
+        if (ENABLE_FEATURE_CLEAN_UP)
-        return 1;
+                endusershell();
+        return result;
 }
 #endif
 #define SU_OPT_mp (3)
-#define SU_OPT_l (4)
+#define SU_OPT_l  (4)
 int su_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int su_main(int argc UNUSED_PARAM, char **argv)
@@ -38,7 +42,8 @@ int su_main(int argc UNUSED_PARAM, char **argv)
        struct passwd *pw;
        uid_t cur_uid = getuid();
        const char *tty;
-        char *old_user;
+        char user_buf[64];
+        const char *old_user;
        flags = getopt32(argv, "mplc:s:", &opt_command, &opt_shell);
        //argc -= optind;
@@ -56,21 +61,18 @@ int su_main(int argc UNUSED_PARAM, char **argv)
        }
        if (ENABLE_FEATURE_SU_SYSLOG) {
-                /* The utmp entry (via getlogin) is probably the best way to identify
+                /* The utmp entry (via getlogin) is probably the best way to
-                 * the user, especially if someone su's from a su-shell.
+                 * identify the user, especially if someone su's from a su-shell.
                 * But getlogin can fail -- usually due to lack of utmp entry.
                 * in this case resort to getpwuid.  */
-                const char *user;
 #if ENABLE_FEATURE_UTMP
-                char user_buf[64];
+                old_user = user_buf;
-                user = user_buf;
                if (getlogin_r(user_buf, sizeof(user_buf)) != 0)
 #endif
                {
                        pw = getpwuid(cur_uid);
-                        user = pw ? pw->pw_name : "";
+                        old_user = pw ? xstrdup(pw->pw_name) : "";
                }
-                old_user = xstrdup(user);
                tty = xmalloc_ttyname(2);
                if (!tty) {
                        tty = "none";
@@ -80,13 +82,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
        pw = xgetpwnam(opt_username);
-        /* Make sure pw->pw_shell is non-NULL.  It may be NULL when NEW_USER
+        if (cur_uid == 0 || correct_password(pw)) {
-           is a username that is retrieved via NIS (YP), but that doesn't have
-           a default shell listed.  */
-        if (!pw->pw_shell || !pw->pw_shell[0])
-                pw->pw_shell = (char *)DEFAULT_SHELL;
-        if ((cur_uid == 0) || correct_password(pw)) {
                if (ENABLE_FEATURE_SU_SYSLOG)
                        syslog(LOG_NOTICE, "%c %s %s:%s",
                                '+', tty, old_user, opt_username);
@@ -99,21 +95,30 @@ int su_main(int argc UNUSED_PARAM, char **argv)
        if (ENABLE_FEATURE_CLEAN_UP && ENABLE_FEATURE_SU_SYSLOG) {
                closelog();
-                free(old_user);
        }
-        if (!opt_shell && (flags & SU_OPT_mp))
+        if (!opt_shell && (flags & SU_OPT_mp)) {
+                /* -s SHELL is not given, but "preserve env" opt is */
                opt_shell = getenv("SHELL");
+        }
+        /* Make sure pw->pw_shell is non-NULL.  It may be NULL when NEW_USER
+         * is a username that is retrieved via NIS (YP), that doesn't have
+         * a default shell listed.  */
+        if (!pw->pw_shell || !pw->pw_shell[0])
+                pw->pw_shell = (char *)DEFAULT_SHELL;
 #if ENABLE_FEATURE_SU_CHECKS_SHELLS
        if (opt_shell && cur_uid != 0 && restricted_shell(pw->pw_shell)) {
                /* The user being su'd to has a nonstandard shell, and so is
-                   probably a uucp account or has restricted access.  Don't
+                 * probably a uucp account or has restricted access.  Don't
-                   compromise the account by allowing access with a standard
+                 * compromise the account by allowing access with a standard
-                   shell.  */
+                 * shell.  */
                bb_error_msg("using restricted shell");
                opt_shell = NULL;
        }
+        /* else: user can run whatever he wants via "su -s PROG USER".
+         * This is safe since PROG is run under user's uid/gid. */
 #endif
        if (!opt_shell)
                opt_shell = pw->pw_shell;
diff --git a/loginutils/sulogin.c b/loginutils/sulogin.c
index 6e3d3b019..3516013f1 100644
--- a/loginutils/sulogin.c
+++ b/loginutils/sulogin.c
@@ -101,11 +101,9 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
        shell = getenv("SUSHELL");
        if (!shell)
                shell = getenv("sushell");
-        if (!shell) {
+        if (!shell)
-                shell = "/bin/sh";
+                shell = pwd->pw_shell;
-                if (pwd->pw_shell[0])
-                        shell = pwd->pw_shell;
-        }
        /* Exec login shell with no additional parameters. Never returns. */
        run_shell(shell, 1, NULL, NULL);
diff --git a/runit/svlogd.c b/runit/svlogd.c
index fc8b4abb9..9fe81b900 100644
--- a/runit/svlogd.c
+++ b/runit/svlogd.c
@@ -354,7 +354,7 @@ static void processorstart(struct logdir *ld)
                xmove_fd(fd, 5);
 // getenv("SHELL")?
-                execl("/bin/sh", "/bin/sh" + 5, "-c", ld->processor, (char*) NULL);
+                execl(DEFAULT_SHELL, DEFAULT_SHELL_SHORT_NAME, "-c", ld->processor, (char*) NULL);
                bb_perror_msg_and_die(FATAL"can't %s processor %s", "run", ld->name);
        }
        ld->fnsave[26] = sv_ch; /* ...restore */
author	Ladislav Michl <Ladislav.Michl@seznam.cz>	2010-06-27 03:23:31 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2010-06-27 03:23:31 +0200
commit	a73b87e9343df2a6f14e328a977e7b70eb3ed707 (patch)
tree	564869bde93c870b20f6d4d8a3da71e42b629f2e
parent	1b14cdb27ca5e8104a824424731be430c8592dd6 (diff)
download	busybox-w32-a73b87e9343df2a6f14e328a977e7b70eb3ed707.tar.gz busybox-w32-a73b87e9343df2a6f14e328a977e7b70eb3ed707.tar.bz2 busybox-w32-a73b87e9343df2a6f14e328a977e7b70eb3ed707.zip

diff --git a/archival/libunarchive/data_extract_to_command.c b/archival/libunarchive/data_extract_to_command.c index 53a7217c2..eb09439bc 100644 --- a/archival/libunarchive/data_extract_to_command.c +++ b/archival/libunarchive/data_extract_to_command.c
@@ -102,8 +102,8 @@ void FAST_FUNC data_extract_to_command(archive_handle_t *archive_handle)
102	close(p[1]);	102	close(p[1]);
103	xdup2(p[0], STDIN_FILENO);	103	xdup2(p[0], STDIN_FILENO);
104	signal(SIGPIPE, SIG_DFL);	104	signal(SIGPIPE, SIG_DFL);
105	execl("/bin/sh", "/bin/sh" + 5, "-c", archive_handle->tar__to_command, NULL);	105	execl(DEFAULT_SHELL, DEFAULT_SHELL_SHORT_NAME, "-c", archive_handle->tar__to_command, NULL);
106	bb_perror_msg_and_die("can't execute '%s'", "/bin/sh");	106	bb_perror_msg_and_die("can't execute '%s'", DEFAULT_SHELL);
107	}	107	}
108	close(p[0]);	108	close(p[0]);
109	/* Our caller is expected to do signal(SIGPIPE, SIG_IGN)	109	/* Our caller is expected to do signal(SIGPIPE, SIG_IGN)


diff --git a/include/libbb.h b/include/libbb.h index 58719a85b..53b768d88 100644 --- a/include/libbb.h +++ b/include/libbb.h
@@ -1157,7 +1157,6 @@ char bb_simplify_abs_path_inplace(char path) FAST_FUNC;
1157	extern void bb_do_delay(int seconds) FAST_FUNC;	1157	extern void bb_do_delay(int seconds) FAST_FUNC;
1158	extern void change_identity(const struct passwd *pw) FAST_FUNC;	1158	extern void change_identity(const struct passwd *pw) FAST_FUNC;
1159	extern void run_shell(const char shell, int loginshell, const char command, const char **additional_args) NORETURN FAST_FUNC;	1159	extern void run_shell(const char shell, int loginshell, const char command, const char **additional_args) NORETURN FAST_FUNC;
1160	extern void run_shell(const char shell, int loginshell, const char command, const char **additional_args) FAST_FUNC;
1161	#if ENABLE_SELINUX	1160	#if ENABLE_SELINUX
1162	extern void renew_current_security_context(void) FAST_FUNC;	1161	extern void renew_current_security_context(void) FAST_FUNC;
1163	extern void set_current_security_context(security_context_t sid) FAST_FUNC;	1162	extern void set_current_security_context(security_context_t sid) FAST_FUNC;
@@ -1593,12 +1592,12 @@ extern struct globals *const ptr_to_globals;
1593	* use bb_default_login_shell and following defines.	1592	* use bb_default_login_shell and following defines.
1594	* If you change LIBBB_DEFAULT_LOGIN_SHELL,	1593	* If you change LIBBB_DEFAULT_LOGIN_SHELL,
1595	* don't forget to change increment constant. */	1594	* don't forget to change increment constant. */
1596	#define LIBBB_DEFAULT_LOGIN_SHELL "-/bin/sh"	1595	#define LIBBB_DEFAULT_LOGIN_SHELL "-/bin/sh"
1597	extern const char bb_default_login_shell[];	1596	extern const char bb_default_login_shell[];
1598	/* "/bin/sh" */	1597	/* "/bin/sh" */
1599	#define DEFAULT_SHELL (bb_default_login_shell+1)	1598	#define DEFAULT_SHELL (bb_default_login_shell+1)
1600	/* "sh" */	1599	/* "sh" */
1601	#define DEFAULT_SHELL_SHORT_NAME (bb_default_login_shell+6)	1600	#define DEFAULT_SHELL_SHORT_NAME (bb_default_login_shell+6)
1602		1601
1603	#if ENABLE_FEATURE_DEVFS	1602	#if ENABLE_FEATURE_DEVFS
1604	# define CURRENT_VC "/dev/vc/0"	1603	# define CURRENT_VC "/dev/vc/0"


diff --git a/libbb/run_shell.c b/libbb/run_shell.c index 4608a24a9..4d92c3caa 100644 --- a/libbb/run_shell.c +++ b/libbb/run_shell.c
@@ -49,15 +49,14 @@ void FAST_FUNC set_current_security_context(security_context_t sid)
49		49
50	#endif	50	#endif
51		51
52	/* Run SHELL, or DEFAULT_SHELL if SHELL is empty.	52	/* Run SHELL, or DEFAULT_SHELL if SHELL is "" or NULL.
53	If COMMAND is nonzero, pass it to the shell with the -c option.	53	* If COMMAND is nonzero, pass it to the shell with the -c option.
54	If ADDITIONAL_ARGS is nonzero, pass it to the shell as more	54	* If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
55	arguments. */	55	* arguments. */
56
57	void FAST_FUNC run_shell(const char shell, int loginshell, const char command, const char **additional_args)	56	void FAST_FUNC run_shell(const char shell, int loginshell, const char command, const char **additional_args)
58	{	57	{
59	const char **args;	58	const char **args;
60	int argno = 1;	59	int argno;
61	int additional_args_cnt = 0;	60	int additional_args_cnt = 0;
62		61
63	for (args = additional_args; args && *args; args++)	62	for (args = additional_args; args && *args; args++)
@@ -65,11 +64,13 @@ void FAST_FUNC run_shell(const char shell, int loginshell, const char command,
65		64
66	args = xmalloc(sizeof(char) (4 + additional_args_cnt));	65	args = xmalloc(sizeof(char) (4 + additional_args_cnt));
67		66
68	args[0] = bb_get_last_path_component_nostrip(xstrdup(shell));	67	if (!shell \|\| !shell[0])
		68	shell = DEFAULT_SHELL;
69		69
		70	args[0] = bb_get_last_path_component_nostrip(shell);
70	if (loginshell)	71	if (loginshell)
71	args[0] = xasprintf("-%s", args[0]);	72	args[0] = xasprintf("-%s", args[0]);
72		73	argno = 1;
73	if (command) {	74	if (command) {
74	args[argno++] = "-c";	75	args[argno++] = "-c";
75	args[argno++] = command;	76	args[argno++] = command;
@@ -79,6 +80,7 @@ void FAST_FUNC run_shell(const char shell, int loginshell, const char command,
79	args[argno++] = *additional_args;	80	args[argno++] = *additional_args;
80	}	81	}
81	args[argno] = NULL;	82	args[argno] = NULL;
		83
82	#if ENABLE_SELINUX	84	#if ENABLE_SELINUX
83	if (current_sid)	85	if (current_sid)
84	setexeccon(current_sid);	86	setexeccon(current_sid);


diff --git a/libbb/setup_environment.c b/libbb/setup_environment.c index 13e60d8e4..a95fbc5bf 100644 --- a/libbb/setup_environment.c +++ b/libbb/setup_environment.c
@@ -43,7 +43,7 @@ void FAST_FUNC setup_environment(const char *shell, int flags, const struct pass
43	const char *term;	43	const char *term;
44		44
45	/* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.	45	/* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
46	Unset all other environment variables. */	46	* Unset all other environment variables. */
47	term = getenv("TERM");	47	term = getenv("TERM");
48	clearenv();	48	clearenv();
49	if (term)	49	if (term)
@@ -57,7 +57,7 @@ void FAST_FUNC setup_environment(const char *shell, int flags, const struct pass
57	//xsetenv("SHELL", shell);	57	//xsetenv("SHELL", shell);
58	} else if (flags & SETUP_ENV_CHANGEENV) {	58	} else if (flags & SETUP_ENV_CHANGEENV) {
59	/* Set HOME, SHELL, and if not becoming a super-user,	59	/* Set HOME, SHELL, and if not becoming a super-user,
60	USER and LOGNAME. */	60	* USER and LOGNAME. */
61	if (pw->pw_uid) {	61	if (pw->pw_uid) {
62	shortcut:	62	shortcut:
63	xsetenv("USER", pw->pw_name);	63	xsetenv("USER", pw->pw_name);


diff --git a/loginutils/login.c b/loginutils/login.c index 078cd68ed..88ed0af78 100644 --- a/loginutils/login.c +++ b/loginutils/login.c
@@ -201,7 +201,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
201	};	201	};
202	char *fromhost;	202	char *fromhost;
203	char username[USERNAME_SIZE];	203	char username[USERNAME_SIZE];
204	const char *tmp;	204	const char *shell;
205	int run_by_root;	205	int run_by_root;
206	unsigned opt;	206	unsigned opt;
207	int count = 0;	207	int count = 0;
@@ -389,10 +389,10 @@ int login_main(int argc UNUSED_PARAM, char **argv)
389	run_login_script(pw, full_tty);	389	run_login_script(pw, full_tty);
390		390
391	change_identity(pw);	391	change_identity(pw);
392	tmp = pw->pw_shell;	392	shell = pw->pw_shell;
393	if (!tmp \|\| !*tmp)	393	if (!shell \|\| !shell[0])
394	tmp = DEFAULT_SHELL;	394	shell = DEFAULT_SHELL;
395	setup_environment(tmp,	395	setup_environment(shell,
396	(!(opt & LOGIN_OPT_p) * SETUP_ENV_CLEARENV) + SETUP_ENV_CHANGEENV,	396	(!(opt & LOGIN_OPT_p) * SETUP_ENV_CLEARENV) + SETUP_ENV_CHANGEENV,
397	pw);	397	pw);
398		398
@@ -427,7 +427,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
427	signal(SIGINT, SIG_DFL);	427	signal(SIGINT, SIG_DFL);
428		428
429	/* Exec login shell with no additional parameters */	429	/* Exec login shell with no additional parameters */
430	run_shell(tmp, 1, NULL, NULL);	430	run_shell(shell, 1, NULL, NULL);
431		431
432	/* return EXIT_FAILURE; - not reached */	432	/* return EXIT_FAILURE; - not reached */
433	}	433	}


diff --git a/loginutils/su.c b/loginutils/su.c index af25655fd..9bae37551 100644 --- a/loginutils/su.c +++ b/loginutils/su.c
@@ -10,23 +10,27 @@
10		10
11	#if ENABLE_FEATURE_SU_CHECKS_SHELLS	11	#if ENABLE_FEATURE_SU_CHECKS_SHELLS
12	/* Return 1 if SHELL is a restricted shell (one not returned by	12	/* Return 1 if SHELL is a restricted shell (one not returned by
13	getusershell), else 0, meaning it is a standard shell. */	13	* getusershell), else 0, meaning it is a standard shell. */
14	static int restricted_shell(const char *shell)	14	static int restricted_shell(const char *shell)
15	{	15	{
16	char *line;	16	char *line;
		17	int result = 1;
17		18
18	/setusershell(); - getusershell does it itself/	19	/setusershell(); - getusershell does it itself/
19	while ((line = getusershell()) != NULL) {	20	while ((line = getusershell()) != NULL) {
20	if (/* line != '#' && / strcmp(line, shell) == 0)	21	if (/* line != '#' && / strcmp(line, shell) == 0) {
21	return 0;	22	result = 0;
		23	break;
		24	}
22	}	25	}
23	endusershell();	26	if (ENABLE_FEATURE_CLEAN_UP)
24	return 1;	27	endusershell();
		28	return result;
25	}	29	}
26	#endif	30	#endif
27		31
28	#define SU_OPT_mp (3)	32	#define SU_OPT_mp (3)
29	#define SU_OPT_l (4)	33	#define SU_OPT_l (4)
30		34
31	int su_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;	35	int su_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
32	int su_main(int argc UNUSED_PARAM, char **argv)	36	int su_main(int argc UNUSED_PARAM, char **argv)
@@ -38,7 +42,8 @@ int su_main(int argc UNUSED_PARAM, char **argv)
38	struct passwd *pw;	42	struct passwd *pw;
39	uid_t cur_uid = getuid();	43	uid_t cur_uid = getuid();
40	const char *tty;	44	const char *tty;
41	char *old_user;	45	char user_buf[64];
		46	const char *old_user;
42		47
43	flags = getopt32(argv, "mplc:s:", &opt_command, &opt_shell);	48	flags = getopt32(argv, "mplc:s:", &opt_command, &opt_shell);
44	//argc -= optind;	49	//argc -= optind;
@@ -56,21 +61,18 @@ int su_main(int argc UNUSED_PARAM, char **argv)
56	}	61	}
57		62
58	if (ENABLE_FEATURE_SU_SYSLOG) {	63	if (ENABLE_FEATURE_SU_SYSLOG) {
59	/* The utmp entry (via getlogin) is probably the best way to identify	64	/* The utmp entry (via getlogin) is probably the best way to
60	* the user, especially if someone su's from a su-shell.	65	* identify the user, especially if someone su's from a su-shell.
61	* But getlogin can fail -- usually due to lack of utmp entry.	66	* But getlogin can fail -- usually due to lack of utmp entry.
62	* in this case resort to getpwuid. */	67	* in this case resort to getpwuid. */
63	const char *user;
64	#if ENABLE_FEATURE_UTMP	68	#if ENABLE_FEATURE_UTMP
65	char user_buf[64];	69	old_user = user_buf;
66	user = user_buf;
67	if (getlogin_r(user_buf, sizeof(user_buf)) != 0)	70	if (getlogin_r(user_buf, sizeof(user_buf)) != 0)
68	#endif	71	#endif
69	{	72	{
70	pw = getpwuid(cur_uid);	73	pw = getpwuid(cur_uid);
71	user = pw ? pw->pw_name : "";	74	old_user = pw ? xstrdup(pw->pw_name) : "";
72	}	75	}
73	old_user = xstrdup(user);
74	tty = xmalloc_ttyname(2);	76	tty = xmalloc_ttyname(2);
75	if (!tty) {	77	if (!tty) {
76	tty = "none";	78	tty = "none";
@@ -80,13 +82,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
80		82
81	pw = xgetpwnam(opt_username);	83	pw = xgetpwnam(opt_username);
82		84
83	/* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER	85	if (cur_uid == 0 \|\| correct_password(pw)) {
84	is a username that is retrieved via NIS (YP), but that doesn't have
85	a default shell listed. */
86	if (!pw->pw_shell \|\| !pw->pw_shell[0])
87	pw->pw_shell = (char *)DEFAULT_SHELL;
88
89	if ((cur_uid == 0) \|\| correct_password(pw)) {
90	if (ENABLE_FEATURE_SU_SYSLOG)	86	if (ENABLE_FEATURE_SU_SYSLOG)
91	syslog(LOG_NOTICE, "%c %s %s:%s",	87	syslog(LOG_NOTICE, "%c %s %s:%s",
92	'+', tty, old_user, opt_username);	88	'+', tty, old_user, opt_username);
@@ -99,21 +95,30 @@ int su_main(int argc UNUSED_PARAM, char **argv)
99		95
100	if (ENABLE_FEATURE_CLEAN_UP && ENABLE_FEATURE_SU_SYSLOG) {	96	if (ENABLE_FEATURE_CLEAN_UP && ENABLE_FEATURE_SU_SYSLOG) {
101	closelog();	97	closelog();
102	free(old_user);
103	}	98	}
104		99
105	if (!opt_shell && (flags & SU_OPT_mp))	100	if (!opt_shell && (flags & SU_OPT_mp)) {
		101	/* -s SHELL is not given, but "preserve env" opt is */
106	opt_shell = getenv("SHELL");	102	opt_shell = getenv("SHELL");
		103	}
		104
		105	/* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER
		106	* is a username that is retrieved via NIS (YP), that doesn't have
		107	* a default shell listed. */
		108	if (!pw->pw_shell \|\| !pw->pw_shell[0])
		109	pw->pw_shell = (char *)DEFAULT_SHELL;
107		110
108	#if ENABLE_FEATURE_SU_CHECKS_SHELLS	111	#if ENABLE_FEATURE_SU_CHECKS_SHELLS
109	if (opt_shell && cur_uid != 0 && restricted_shell(pw->pw_shell)) {	112	if (opt_shell && cur_uid != 0 && restricted_shell(pw->pw_shell)) {
110	/* The user being su'd to has a nonstandard shell, and so is	113	/* The user being su'd to has a nonstandard shell, and so is
111	probably a uucp account or has restricted access. Don't	114	* probably a uucp account or has restricted access. Don't
112	compromise the account by allowing access with a standard	115	* compromise the account by allowing access with a standard
113	shell. */	116	* shell. */
114	bb_error_msg("using restricted shell");	117	bb_error_msg("using restricted shell");
115	opt_shell = NULL;	118	opt_shell = NULL;
116	}	119	}
		120	/* else: user can run whatever he wants via "su -s PROG USER".
		121	* This is safe since PROG is run under user's uid/gid. */
117	#endif	122	#endif
118	if (!opt_shell)	123	if (!opt_shell)
119	opt_shell = pw->pw_shell;	124	opt_shell = pw->pw_shell;


diff --git a/loginutils/sulogin.c b/loginutils/sulogin.c index 6e3d3b019..3516013f1 100644 --- a/loginutils/sulogin.c +++ b/loginutils/sulogin.c
@@ -101,11 +101,9 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
101	shell = getenv("SUSHELL");	101	shell = getenv("SUSHELL");
102	if (!shell)	102	if (!shell)
103	shell = getenv("sushell");	103	shell = getenv("sushell");
104	if (!shell) {	104	if (!shell)
105	shell = "/bin/sh";	105	shell = pwd->pw_shell;
106	if (pwd->pw_shell[0])	106
107	shell = pwd->pw_shell;
108	}
109	/* Exec login shell with no additional parameters. Never returns. */	107	/* Exec login shell with no additional parameters. Never returns. */
110	run_shell(shell, 1, NULL, NULL);	108	run_shell(shell, 1, NULL, NULL);
111		109


diff --git a/runit/svlogd.c b/runit/svlogd.c index fc8b4abb9..9fe81b900 100644 --- a/runit/svlogd.c +++ b/runit/svlogd.c
@@ -354,7 +354,7 @@ static void processorstart(struct logdir *ld)
354	xmove_fd(fd, 5);	354	xmove_fd(fd, 5);
355		355
356	// getenv("SHELL")?	356	// getenv("SHELL")?
357	execl("/bin/sh", "/bin/sh" + 5, "-c", ld->processor, (char*) NULL);	357	execl(DEFAULT_SHELL, DEFAULT_SHELL_SHORT_NAME, "-c", ld->processor, (char*) NULL);
358	bb_perror_msg_and_die(FATAL"can't %s processor %s", "run", ld->name);	358	bb_perror_msg_and_die(FATAL"can't %s processor %s", "run", ld->name);
359	}	359	}
360	ld->fnsave[26] = sv_ch; /* ...restore */	360	ld->fnsave[26] = sv_ch; /* ...restore */