drop: add cdrop and pdrop aliases

Add cdrop and pdrop applets as aliases for drop. If a command isn't specified these use cmd.exe and PowerShell instead of the BusyBox shell. This makes it possible to choose the default shell used for SSH connections even in older versions of OpenSSH that don't support the DefaultShellArguments registry key. Note that to get cmd.exe to run a command rather than an interactive shell it's necessary to set the DefaultShellCommandOption registry key to '/c'. Costs 248-272 bytes.
author: Ron Yorston <rmy@pobox.com> 2023-03-19 10:26:24 +0000
committer: Ron Yorston <rmy@pobox.com> 2023-03-19 10:26:24 +0000
commit: d9e8bb61cf380264511a4524281af2ca57498bce (patch)
tree: aa4b3f77fb99554eae734f4e3f97d93a409874b5
parent: b0e7a401d51402c052563f55331c8b9001a1215c (diff)
download: busybox-w32-d9e8bb61cf380264511a4524281af2ca57498bce.tar.gz
busybox-w32-d9e8bb61cf380264511a4524281af2ca57498bce.tar.bz2
busybox-w32-d9e8bb61cf380264511a4524281af2ca57498bce.zip
4 files changed, 53 insertions, 4 deletions
diff --git a/configs/mingw32_defconfig b/configs/mingw32_defconfig
index 31f72a450..4918b2f4f 100644
--- a/configs/mingw32_defconfig
+++ b/configs/mingw32_defconfig
@@ -708,6 +708,8 @@ CONFIG_XXD=y
 CONFIG_REV=y
 # CONFIG_RTCWAKE is not set
 CONFIG_DROP=y
+CONFIG_CDROP=y
+CONFIG_PDROP=y
 # CONFIG_SCRIPT is not set
 # CONFIG_SCRIPTREPLAY is not set
 # CONFIG_SETARCH is not set
diff --git a/configs/mingw64_defconfig b/configs/mingw64_defconfig
index b5b02ba63..96e407644 100644
--- a/configs/mingw64_defconfig
+++ b/configs/mingw64_defconfig
@@ -708,6 +708,8 @@ CONFIG_XXD=y
 CONFIG_REV=y
 # CONFIG_RTCWAKE is not set
 CONFIG_DROP=y
+CONFIG_CDROP=y
+CONFIG_PDROP=y
 # CONFIG_SCRIPT is not set
 # CONFIG_SCRIPTREPLAY is not set
 # CONFIG_SETARCH is not set
diff --git a/miscutils/drop.c b/miscutils/drop.c
index 3e71f6180..f73125e1b 100644
--- a/miscutils/drop.c
+++ b/miscutils/drop.c
@@ -13,9 +13,27 @@
 //config:       help
 //config:       Run a command without elevated privileges
+//config:config CDROP
+//config:       bool "cdrop"
+//config:       default y
+//config:       depends on PLATFORM_MINGW32 && SH_IS_ASH
+//config:       help
+//config:       Run a command without elevated privileges using cmd.exe
+//config:config PDROP
+//config:       bool "pdrop"
+//config:       default y
+//config:       depends on PLATFORM_MINGW32 && SH_IS_ASH
+//config:       help
+//config:       Run a command without elevated privileges using PowerShell
 //applet:IF_DROP(APPLET(drop, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_CDROP(APPLET_ODDNAME(cdrop, drop, BB_DIR_USR_BIN, BB_SUID_DROP, cdrop))
+//applet:IF_PDROP(APPLET_ODDNAME(pdrop, drop, BB_DIR_USR_BIN, BB_SUID_DROP, pdrop))
 //kbuild:lib-$(CONFIG_DROP) += drop.o
+//kbuild:lib-$(CONFIG_CDROP) += drop.o
+//kbuild:lib-$(CONFIG_PDROP) += drop.o
 //usage:#define drop_trivial_usage
 //usage:        "[COMMAND | -c [ARG...]]"
@@ -23,6 +41,18 @@
 //usage:        "Drop elevated privileges and run a command. If no COMMAND\n"
 //usage:        "is provided run the BusyBox shell.\n"
+//usage:#define cdrop_trivial_usage
+//usage:        "[COMMAND | /c [ARG...]]"
+//usage:#define cdrop_full_usage "\n\n"
+//usage:        "Drop elevated privileges and run a command. If no COMMAND\n"
+//usage:        "is provided run cmd.exe.\n"
+//usage:#define pdrop_trivial_usage
+//usage:        "[COMMAND | -c [ARG...]]"
+//usage:#define pdrop_full_usage "\n\n"
+//usage:        "Drop elevated privileges and run a command. If no COMMAND\n"
+//usage:        "is provided run PowerShell.\n"
 #include "libbb.h"
 #include <winsafer.h>
 #include <lazyload.h>
@@ -69,9 +99,24 @@ int drop_main(int argc, char **argv)
                                                sizeof(TOKEN_MANDATORY_LABEL))) {
                        int skip = 1;
-                        if (argc == 1 || strcmp(argv[1], "-c") == 0) {
+                        if (argc == 1 || strcmp(argv[1], "-c") == 0
-                                exe = bb_busybox_exec_path;
+                                                IF_CDROP(|| strcmp(argv[1], "/c") == 0)) {
-                                cmd = xstrdup("sh");
+#if ENABLE_PDROP
+                                if (*applet_name == 'p') {
+                                        exe = "C:/Windows/System32/WindowsPowerShell/v1.0/powershell.exe";
+                                        cmd = xstrdup("powershell");
+                                } else
+#endif
+#if ENABLE_CDROP
+                                if (*applet_name == 'c') {
+                                        exe = "C:/Windows/System32/cmd.exe";
+                                        cmd = xstrdup("cmd");
+                                } else
+#endif
+                                {
+                                        exe = bb_busybox_exec_path;
+                                        cmd = xstrdup("sh");
+                                }
                                skip = 0;
                        } else {
                                char *file;
diff --git a/win32/mingw.c b/win32/mingw.c
index 1fdb8cad9..011bc5ffb 100644
--- a/win32/mingw.c
+++ b/win32/mingw.c
@@ -1136,7 +1136,7 @@ char *get_user_name(void)
        return user_name;
 }
-#if ENABLE_DROP
+#if ENABLE_DROP || ENABLE_CDROP || ENABLE_PDROP
 /*
 * When runuser drops privileges TokenIsElevated still returns TRUE.
 * Use other means to determine if we're actually unprivileged.
author	Ron Yorston <rmy@pobox.com>	2023-03-19 10:26:24 +0000
committer	Ron Yorston <rmy@pobox.com>	2023-03-19 10:26:24 +0000
commit	d9e8bb61cf380264511a4524281af2ca57498bce (patch)
tree	aa4b3f77fb99554eae734f4e3f97d93a409874b5
parent	b0e7a401d51402c052563f55331c8b9001a1215c (diff)
download	busybox-w32-d9e8bb61cf380264511a4524281af2ca57498bce.tar.gz busybox-w32-d9e8bb61cf380264511a4524281af2ca57498bce.tar.bz2 busybox-w32-d9e8bb61cf380264511a4524281af2ca57498bce.zip

diff --git a/configs/mingw32_defconfig b/configs/mingw32_defconfig index 31f72a450..4918b2f4f 100644 --- a/configs/mingw32_defconfig +++ b/configs/mingw32_defconfig
@@ -708,6 +708,8 @@ CONFIG_XXD=y
708	CONFIG_REV=y	708	CONFIG_REV=y
709	# CONFIG_RTCWAKE is not set	709	# CONFIG_RTCWAKE is not set
710	CONFIG_DROP=y	710	CONFIG_DROP=y
		711	CONFIG_CDROP=y
		712	CONFIG_PDROP=y
711	# CONFIG_SCRIPT is not set	713	# CONFIG_SCRIPT is not set
712	# CONFIG_SCRIPTREPLAY is not set	714	# CONFIG_SCRIPTREPLAY is not set
713	# CONFIG_SETARCH is not set	715	# CONFIG_SETARCH is not set


diff --git a/configs/mingw64_defconfig b/configs/mingw64_defconfig index b5b02ba63..96e407644 100644 --- a/configs/mingw64_defconfig +++ b/configs/mingw64_defconfig
@@ -708,6 +708,8 @@ CONFIG_XXD=y
708	CONFIG_REV=y	708	CONFIG_REV=y
709	# CONFIG_RTCWAKE is not set	709	# CONFIG_RTCWAKE is not set
710	CONFIG_DROP=y	710	CONFIG_DROP=y
		711	CONFIG_CDROP=y
		712	CONFIG_PDROP=y
711	# CONFIG_SCRIPT is not set	713	# CONFIG_SCRIPT is not set
712	# CONFIG_SCRIPTREPLAY is not set	714	# CONFIG_SCRIPTREPLAY is not set
713	# CONFIG_SETARCH is not set	715	# CONFIG_SETARCH is not set


diff --git a/miscutils/drop.c b/miscutils/drop.c index 3e71f6180..f73125e1b 100644 --- a/miscutils/drop.c +++ b/miscutils/drop.c
@@ -13,9 +13,27 @@
13	//config: help	13	//config: help
14	//config: Run a command without elevated privileges	14	//config: Run a command without elevated privileges
15		15
		16	//config:config CDROP
		17	//config: bool "cdrop"
		18	//config: default y
		19	//config: depends on PLATFORM_MINGW32 && SH_IS_ASH
		20	//config: help
		21	//config: Run a command without elevated privileges using cmd.exe
		22
		23	//config:config PDROP
		24	//config: bool "pdrop"
		25	//config: default y
		26	//config: depends on PLATFORM_MINGW32 && SH_IS_ASH
		27	//config: help
		28	//config: Run a command without elevated privileges using PowerShell
		29
16	//applet:IF_DROP(APPLET(drop, BB_DIR_USR_BIN, BB_SUID_DROP))	30	//applet:IF_DROP(APPLET(drop, BB_DIR_USR_BIN, BB_SUID_DROP))
		31	//applet:IF_CDROP(APPLET_ODDNAME(cdrop, drop, BB_DIR_USR_BIN, BB_SUID_DROP, cdrop))
		32	//applet:IF_PDROP(APPLET_ODDNAME(pdrop, drop, BB_DIR_USR_BIN, BB_SUID_DROP, pdrop))
17		33
18	//kbuild:lib-$(CONFIG_DROP) += drop.o	34	//kbuild:lib-$(CONFIG_DROP) += drop.o
		35	//kbuild:lib-$(CONFIG_CDROP) += drop.o
		36	//kbuild:lib-$(CONFIG_PDROP) += drop.o
19		37
20	//usage:#define drop_trivial_usage	38	//usage:#define drop_trivial_usage
21	//usage: "[COMMAND \| -c [ARG...]]"	39	//usage: "[COMMAND \| -c [ARG...]]"
@@ -23,6 +41,18 @@
23	//usage: "Drop elevated privileges and run a command. If no COMMAND\n"	41	//usage: "Drop elevated privileges and run a command. If no COMMAND\n"
24	//usage: "is provided run the BusyBox shell.\n"	42	//usage: "is provided run the BusyBox shell.\n"
25		43
		44	//usage:#define cdrop_trivial_usage
		45	//usage: "[COMMAND \| /c [ARG...]]"
		46	//usage:#define cdrop_full_usage "\n\n"
		47	//usage: "Drop elevated privileges and run a command. If no COMMAND\n"
		48	//usage: "is provided run cmd.exe.\n"
		49
		50	//usage:#define pdrop_trivial_usage
		51	//usage: "[COMMAND \| -c [ARG...]]"
		52	//usage:#define pdrop_full_usage "\n\n"
		53	//usage: "Drop elevated privileges and run a command. If no COMMAND\n"
		54	//usage: "is provided run PowerShell.\n"
		55
26	#include "libbb.h"	56	#include "libbb.h"
27	#include <winsafer.h>	57	#include <winsafer.h>
28	#include <lazyload.h>	58	#include <lazyload.h>
@@ -69,9 +99,24 @@ int drop_main(int argc, char **argv)
69	sizeof(TOKEN_MANDATORY_LABEL))) {	99	sizeof(TOKEN_MANDATORY_LABEL))) {
70	int skip = 1;	100	int skip = 1;
71		101
72	if (argc == 1 \|\| strcmp(argv[1], "-c") == 0) {	102	if (argc == 1 \|\| strcmp(argv[1], "-c") == 0
73	exe = bb_busybox_exec_path;	103	IF_CDROP(\|\| strcmp(argv[1], "/c") == 0)) {
74	cmd = xstrdup("sh");	104	#if ENABLE_PDROP
		105	if (*applet_name == 'p') {
		106	exe = "C:/Windows/System32/WindowsPowerShell/v1.0/powershell.exe";
		107	cmd = xstrdup("powershell");
		108	} else
		109	#endif
		110	#if ENABLE_CDROP
		111	if (*applet_name == 'c') {
		112	exe = "C:/Windows/System32/cmd.exe";
		113	cmd = xstrdup("cmd");
		114	} else
		115	#endif
		116	{
		117	exe = bb_busybox_exec_path;
		118	cmd = xstrdup("sh");
		119	}
75	skip = 0;	120	skip = 0;
76	} else {	121	} else {
77	char *file;	122	char *file;


diff --git a/win32/mingw.c b/win32/mingw.c index 1fdb8cad9..011bc5ffb 100644 --- a/win32/mingw.c +++ b/win32/mingw.c
@@ -1136,7 +1136,7 @@ char *get_user_name(void)
1136	return user_name;	1136	return user_name;
1137	}	1137	}
1138		1138
1139	#if ENABLE_DROP	1139	#if ENABLE_DROP \|\| ENABLE_CDROP \|\| ENABLE_PDROP
1140	/*	1140	/*
1141	* When runuser drops privileges TokenIsElevated still returns TRUE.	1141	* When runuser drops privileges TokenIsElevated still returns TRUE.
1142	* Use other means to determine if we're actually unprivileged.	1142	* Use other means to determine if we're actually unprivileged.