diff options
| author | Ron Yorston <rmy@pobox.com> | 2023-03-19 10:25:23 +0000 |
|---|---|---|
| committer | Ron Yorston <rmy@pobox.com> | 2023-03-19 10:25:23 +0000 |
| commit | b0e7a401d51402c052563f55331c8b9001a1215c (patch) | |
| tree | daad4a5fd2ab07a4cc85b837416cd80cc0d7a1e7 | |
| parent | 6de29a7e5346bea9c1c2ad4faf4010ee78f1a97b (diff) | |
| download | busybox-w32-b0e7a401d51402c052563f55331c8b9001a1215c.tar.gz busybox-w32-b0e7a401d51402c052563f55331c8b9001a1215c.tar.bz2 busybox-w32-b0e7a401d51402c052563f55331c8b9001a1215c.zip | |
runuser,drop: drop runuser, tweak drop
Remove the runuser applet, leaving only drop. Move drop from
util-linux to miscutils.
A command of the form 'drop -c command' causes the BusyBox shell
to be used, just like 'drop' without any arguments. A simple
OpenSSH configuration with 'drop.exe' as DefaultShell and no
DefaultShellArguments now works both for interactive login and
to run a command. This is useful for older versions of OpenSSH
which don't support DefaultShellArguments.
Saves 208-232 bytes.
| -rw-r--r-- | configs/mingw32_defconfig | 4 | ||||
| -rw-r--r-- | configs/mingw64_defconfig | 4 | ||||
| -rw-r--r-- | miscutils/drop.c (renamed from util-linux/runuser.c) | 60 | ||||
| -rw-r--r-- | win32/mingw.c | 2 |
4 files changed, 18 insertions, 52 deletions
diff --git a/configs/mingw32_defconfig b/configs/mingw32_defconfig index 611fd327a..31f72a450 100644 --- a/configs/mingw32_defconfig +++ b/configs/mingw32_defconfig | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | # | 1 | # |
| 2 | # Automatically generated make config: don't edit | 2 | # Automatically generated make config: don't edit |
| 3 | # Busybox version: 1.37.0.git | 3 | # Busybox version: 1.37.0.git |
| 4 | # Sun Mar 12 09:41:00 2023 | 4 | # Sun Mar 19 09:51:34 2023 |
| 5 | # | 5 | # |
| 6 | CONFIG_HAVE_DOT_CONFIG=y | 6 | CONFIG_HAVE_DOT_CONFIG=y |
| 7 | # CONFIG_PLATFORM_POSIX is not set | 7 | # CONFIG_PLATFORM_POSIX is not set |
| @@ -707,7 +707,7 @@ CONFIG_XXD=y | |||
| 707 | # CONFIG_RENICE is not set | 707 | # CONFIG_RENICE is not set |
| 708 | CONFIG_REV=y | 708 | CONFIG_REV=y |
| 709 | # CONFIG_RTCWAKE is not set | 709 | # CONFIG_RTCWAKE is not set |
| 710 | CONFIG_RUNUSER=y | 710 | CONFIG_DROP=y |
| 711 | # CONFIG_SCRIPT is not set | 711 | # CONFIG_SCRIPT is not set |
| 712 | # CONFIG_SCRIPTREPLAY is not set | 712 | # CONFIG_SCRIPTREPLAY is not set |
| 713 | # CONFIG_SETARCH is not set | 713 | # CONFIG_SETARCH is not set |
diff --git a/configs/mingw64_defconfig b/configs/mingw64_defconfig index 6db0accbf..b5b02ba63 100644 --- a/configs/mingw64_defconfig +++ b/configs/mingw64_defconfig | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | # | 1 | # |
| 2 | # Automatically generated make config: don't edit | 2 | # Automatically generated make config: don't edit |
| 3 | # Busybox version: 1.37.0.git | 3 | # Busybox version: 1.37.0.git |
| 4 | # Sun Mar 12 09:41:00 2023 | 4 | # Sun Mar 19 09:51:34 2023 |
| 5 | # | 5 | # |
| 6 | CONFIG_HAVE_DOT_CONFIG=y | 6 | CONFIG_HAVE_DOT_CONFIG=y |
| 7 | # CONFIG_PLATFORM_POSIX is not set | 7 | # CONFIG_PLATFORM_POSIX is not set |
| @@ -707,7 +707,7 @@ CONFIG_XXD=y | |||
| 707 | # CONFIG_RENICE is not set | 707 | # CONFIG_RENICE is not set |
| 708 | CONFIG_REV=y | 708 | CONFIG_REV=y |
| 709 | # CONFIG_RTCWAKE is not set | 709 | # CONFIG_RTCWAKE is not set |
| 710 | CONFIG_RUNUSER=y | 710 | CONFIG_DROP=y |
| 711 | # CONFIG_SCRIPT is not set | 711 | # CONFIG_SCRIPT is not set |
| 712 | # CONFIG_SCRIPTREPLAY is not set | 712 | # CONFIG_SCRIPTREPLAY is not set |
| 713 | # CONFIG_SETARCH is not set | 713 | # CONFIG_SETARCH is not set |
diff --git a/util-linux/runuser.c b/miscutils/drop.c index 993a4ed68..3e71f6180 100644 --- a/util-linux/runuser.c +++ b/miscutils/drop.c | |||
| @@ -1,20 +1,11 @@ | |||
| 1 | /* vi: set sw=4 ts=4: */ | 1 | /* vi: set sw=4 ts=4: */ |
| 2 | /* | 2 | /* |
| 3 | * runuser - run a shell without elevated privileges. | 3 | * drop - run a command without elevated privileges. |
| 4 | * This is a much restricted, Windows-specific reimplementation of | ||
| 5 | * runuser from util-linux. | ||
| 6 | * | 4 | * |
| 7 | * Copyright (c) 2023 Ronald M Yorston | 5 | * Copyright (c) 2023 Ronald M Yorston |
| 8 | * | 6 | * |
| 9 | * Licensed under GPLv2 or later, see file LICENSE in this source tree. | 7 | * Licensed under GPLv2 or later, see file LICENSE in this source tree. |
| 10 | */ | 8 | */ |
| 11 | //config:config RUNUSER | ||
| 12 | //config: bool "runuser" | ||
| 13 | //config: default y | ||
| 14 | //config: depends on PLATFORM_MINGW32 && SH_IS_ASH | ||
| 15 | //config: help | ||
| 16 | //config: Run a shell without elevated privileges | ||
| 17 | //config: | ||
| 18 | //config:config DROP | 9 | //config:config DROP |
| 19 | //config: bool "drop" | 10 | //config: bool "drop" |
| 20 | //config: default y | 11 | //config: default y |
| @@ -22,39 +13,24 @@ | |||
| 22 | //config: help | 13 | //config: help |
| 23 | //config: Run a command without elevated privileges | 14 | //config: Run a command without elevated privileges |
| 24 | 15 | ||
| 25 | //applet:IF_RUNUSER(APPLET(runuser, BB_DIR_USR_BIN, BB_SUID_DROP)) | 16 | //applet:IF_DROP(APPLET(drop, BB_DIR_USR_BIN, BB_SUID_DROP)) |
| 26 | //applet:IF_DROP(APPLET_ODDNAME(drop, runuser, BB_DIR_USR_BIN, BB_SUID_DROP, drop)) | ||
| 27 | 17 | ||
| 28 | //kbuild:lib-$(CONFIG_RUNUSER) += runuser.o | 18 | //kbuild:lib-$(CONFIG_DROP) += drop.o |
| 29 | //kbuild:lib-$(CONFIG_DROP) += runuser.o | ||
| 30 | |||
| 31 | //usage:#define runuser_trivial_usage | ||
| 32 | //usage: "USER [ARG...]" | ||
| 33 | //usage:#define runuser_full_usage "\n\n" | ||
| 34 | //usage: "Run a shell without elevated privileges. The user name\n" | ||
| 35 | //usage: "must be that of the user who was granted those privileges.\n" | ||
| 36 | //usage: "Any arguments are passed to the shell.\n" | ||
| 37 | 19 | ||
| 38 | //usage:#define drop_trivial_usage | 20 | //usage:#define drop_trivial_usage |
| 39 | //usage: "[COMMAND [ARG...]]" | 21 | //usage: "[COMMAND | -c [ARG...]]" |
| 40 | //usage:#define drop_full_usage "\n\n" | 22 | //usage:#define drop_full_usage "\n\n" |
| 41 | //usage: "Run a command without elevated privileges. Run the BusyBox\n" | 23 | //usage: "Drop elevated privileges and run a command. If no COMMAND\n" |
| 42 | //usage: "shell if no COMMAND is provided. Any arguments are passed\n" | 24 | //usage: "is provided run the BusyBox shell.\n" |
| 43 | //usage: "to the command.\n" | ||
| 44 | 25 | ||
| 45 | #include "libbb.h" | 26 | #include "libbb.h" |
| 46 | #include <winsafer.h> | 27 | #include <winsafer.h> |
| 47 | #include <lazyload.h> | 28 | #include <lazyload.h> |
| 48 | 29 | ||
| 49 | int runuser_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; | 30 | int drop_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; |
| 50 | int runuser_main(int argc, char **argv) | 31 | int drop_main(int argc, char **argv) |
| 51 | { | 32 | { |
| 52 | #if ENABLE_RUNUSER && ENABLE_DROP | 33 | const char *exe; |
| 53 | int is_runuser = strcmp(applet_name, "runuser") == 0; | ||
| 54 | #else | ||
| 55 | const int is_runuser = ENABLE_RUNUSER; | ||
| 56 | #endif | ||
| 57 | const char *user, *exe; | ||
| 58 | SAFER_LEVEL_HANDLE safer; | 34 | SAFER_LEVEL_HANDLE safer; |
| 59 | HANDLE token; | 35 | HANDLE token; |
| 60 | STARTUPINFO si; | 36 | STARTUPINFO si; |
| @@ -77,18 +53,6 @@ int runuser_main(int argc, char **argv) | |||
| 77 | if (!INIT_PROC_ADDR(advapi32.dll, CreateProcessAsUserA)) | 53 | if (!INIT_PROC_ADDR(advapi32.dll, CreateProcessAsUserA)) |
| 78 | bb_simple_error_msg_and_die("not supported"); | 54 | bb_simple_error_msg_and_die("not supported"); |
| 79 | 55 | ||
| 80 | if (is_runuser) { | ||
| 81 | if (getuid() != 0) | ||
| 82 | bb_simple_error_msg_and_die("may not be used by non-root users"); | ||
| 83 | |||
| 84 | if (argc < 2) | ||
| 85 | bb_show_usage(); | ||
| 86 | |||
| 87 | user = get_user_name(); | ||
| 88 | if (user == NULL || strcmp(argv[1], user) != 0) | ||
| 89 | bb_simple_error_msg_and_die("invalid user"); | ||
| 90 | } | ||
| 91 | |||
| 92 | /* | 56 | /* |
| 93 | * Run a shell using a token with reduced privilege. Hints from: | 57 | * Run a shell using a token with reduced privilege. Hints from: |
| 94 | * | 58 | * |
| @@ -103,10 +67,12 @@ int runuser_main(int argc, char **argv) | |||
| 103 | TIL.Label.Attributes = SE_GROUP_INTEGRITY; | 67 | TIL.Label.Attributes = SE_GROUP_INTEGRITY; |
| 104 | if (SetTokenInformation(token, TokenIntegrityLevel, &TIL, | 68 | if (SetTokenInformation(token, TokenIntegrityLevel, &TIL, |
| 105 | sizeof(TOKEN_MANDATORY_LABEL))) { | 69 | sizeof(TOKEN_MANDATORY_LABEL))) { |
| 70 | int skip = 1; | ||
| 106 | 71 | ||
| 107 | if (is_runuser || argc == 1) { | 72 | if (argc == 1 || strcmp(argv[1], "-c") == 0) { |
| 108 | exe = bb_busybox_exec_path; | 73 | exe = bb_busybox_exec_path; |
| 109 | cmd = xstrdup("sh"); | 74 | cmd = xstrdup("sh"); |
| 75 | skip = 0; | ||
| 110 | } else { | 76 | } else { |
| 111 | char *file; | 77 | char *file; |
| 112 | 78 | ||
| @@ -132,7 +98,7 @@ int runuser_main(int argc, char **argv) | |||
| 132 | } | 98 | } |
| 133 | 99 | ||
| 134 | // Build the command line | 100 | // Build the command line |
| 135 | for (a = argv + 1 + (argc != 1); *a; ++a) { | 101 | for (a = argv + 1 + skip; *a; ++a) { |
| 136 | q = quote_arg(*a); | 102 | q = quote_arg(*a); |
| 137 | newcmd = xasprintf("%s %s", cmd, q); | 103 | newcmd = xasprintf("%s %s", cmd, q); |
| 138 | free(q); | 104 | free(q); |
diff --git a/win32/mingw.c b/win32/mingw.c index fd670ebf6..1fdb8cad9 100644 --- a/win32/mingw.c +++ b/win32/mingw.c | |||
| @@ -1136,7 +1136,7 @@ char *get_user_name(void) | |||
| 1136 | return user_name; | 1136 | return user_name; |
| 1137 | } | 1137 | } |
| 1138 | 1138 | ||
| 1139 | #if ENABLE_RUNUSER || ENABLE_DROP | 1139 | #if ENABLE_DROP |
| 1140 | /* | 1140 | /* |
| 1141 | * When runuser drops privileges TokenIsElevated still returns TRUE. | 1141 | * When runuser drops privileges TokenIsElevated still returns TRUE. |
| 1142 | * Use other means to determine if we're actually unprivileged. | 1142 | * Use other means to determine if we're actually unprivileged. |