4 files changed, 78 insertions, 24 deletions

diff --git a/include/mingw.h b/include/mingw.h
index 7e6109f2e..0ccced2a3 100644
--- a/include/mingw.h
+++ b/include/mingw.h
@@ -593,3 +593,4 @@ char *get_last_slash(const char *path);
 const char *applet_to_exe(const char *name);
 char *get_user_name(void);
 char *quote_arg(const char *arg);
+char *find_first_executable(const char *name);
diff --git a/util-linux/runuser.c b/util-linux/runuser.c
index f6abd9a74..6b87c641c 100644
--- a/util-linux/runuser.c
+++ b/util-linux/runuser.c
@@ -14,10 +14,19 @@
 //config:       depends on PLATFORM_MINGW32 && SH_IS_ASH
 //config:       help
 //config:       Run a shell without elevated privileges
+//config:
+//config:config DROP
+//config:       bool "drop"
+//config:       default y
+//config:       depends on PLATFORM_MINGW32 && SH_IS_ASH
+//config:       help
+//config:       Run a command without elevated privileges
 
 //applet:IF_RUNUSER(APPLET(runuser, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_DROP(APPLET_ODDNAME(drop, runuser, BB_DIR_USR_BIN, BB_SUID_DROP, drop))
 
 //kbuild:lib-$(CONFIG_RUNUSER) += runuser.o
+//kbuild:lib-$(CONFIG_DROP) += runuser.o
 
 //usage:#define runuser_trivial_usage
 //usage:        "USER [ARG...]"
@@ -26,14 +35,26 @@
 //usage:        "must be that of the user who was granted those privileges.\n"
 //usage:        "Any arguments are passed to the shell.\n"
 
+//usage:#define drop_trivial_usage
+//usage:        "[COMMAND [ARG...]]"
+//usage:#define drop_full_usage "\n\n"
+//usage:        "Run a command without elevated privileges. Run the BusyBox\n"
+//usage:        "shell if no COMMAND is provided. Any arguments are passed\n"
+//usage:        "to the command.\n"
+
 #include "libbb.h"
 #include <winsafer.h>
 #include <lazyload.h>
 
 int runuser_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
-int runuser_main(int argc UNUSED_PARAM, char **argv)
+int runuser_main(int argc, char **argv)
 {
-        const char *user;
+#if ENABLE_RUNUSER && ENABLE_DROP
+        int is_runuser = strcmp(applet_name, "runuser") == 0;
+#else
+        const int is_runuser = ENABLE_RUNUSER;
+#endif
+        const char *user, *exe;
         SAFER_LEVEL_HANDLE safer;
         HANDLE token;
         STARTUPINFO si;
@@ -56,15 +77,17 @@ int runuser_main(int argc UNUSED_PARAM, char **argv)
         if (!INIT_PROC_ADDR(advapi32.dll, CreateProcessAsUserA))
                 bb_simple_error_msg_and_die("not supported");
 
-        if (getuid() != 0)
-                bb_simple_error_msg_and_die("may not be used by non-root users");
+        if (is_runuser) {
+                if (getuid() != 0)
+                        bb_simple_error_msg_and_die("may not be used by non-root users");
 
-        if (argc < 2)
-                bb_show_usage();
+                if (argc < 2)
+                        bb_show_usage();
 
-        user = get_user_name();
-        if (user == NULL || strcmp(argv[1], user) != 0)
-                bb_simple_error_msg_and_die("invalid user");
+                user = get_user_name();
+                if (user == NULL || strcmp(argv[1], user) != 0)
+                        bb_simple_error_msg_and_die("invalid user");
+        }
 
         /*
          * Run a shell using a token with reduced privilege.  Hints from:
@@ -81,16 +104,40 @@ int runuser_main(int argc UNUSED_PARAM, char **argv)
                 if (SetTokenInformation(token, TokenIntegrityLevel, &TIL,
                                                 sizeof(TOKEN_MANDATORY_LABEL))) {
 
-                        ZeroMemory(&si, sizeof(STARTUPINFO));
-                        si.cb = sizeof(STARTUPINFO);
-                        si.hStdInput = GetStdHandle(STD_INPUT_HANDLE);
-                        si.hStdOutput = GetStdHandle(STD_OUTPUT_HANDLE);
-                        si.hStdError = GetStdHandle(STD_ERROR_HANDLE);
-                        si.dwFlags = STARTF_USESTDHANDLES;
+                        if (is_runuser || argc == 1) {
+                                exe = bb_busybox_exec_path;
+                                cmd = xstrdup("sh");
+                        } else {
+                                char *file;
+
+#if ENABLE_FEATURE_PREFER_APPLETS
+                                if (!has_path(argv[1]) && find_applet_by_name(argv[1]) >= 0) {
+                                        file = xstrdup(bb_busybox_exec_path);
+                                        cmd = argv[1];
+                                } else
+#endif
+                                if (has_path(argv[1])) {
+                                        file = cmd = file_is_win32_exe(argv[1]);
+                                } else {
+                                        file = cmd = find_first_executable(argv[1]);
+                                }
+
+                                if (file == NULL) {
+                                        xfunc_error_retval = 127;
+                                        bb_error_msg_and_die("can't find '%s'", argv[1]);
+                                }
+
+                                slash_to_bs(file);
+                                exe = file;
+                                cmd = xstrdup(cmd);
+                                file = quote_arg(cmd);
+                                if (file != cmd)
+                                        free(cmd);
+                                cmd = file;
+                        }
 
                         // Build the command line
-                        cmd = xstrdup("sh");
-                        for (a = argv + 2; *a; ++a) {
+                        for (a = argv + 1 + (argc != 1); *a; ++a) {
                                 char *q = quote_arg(*a);
                                 char *newcmd = xasprintf("%s %s", cmd, q);
                                 if (q != *a)
@@ -99,11 +146,17 @@ int runuser_main(int argc UNUSED_PARAM, char **argv)
                                 cmd = newcmd;
                         }
 
-                        if (!CreateProcessAsUserA(token, bb_busybox_exec_path,
-                                                cmd, NULL, NULL, TRUE, 0, NULL,
-                                                NULL, &si, &pi)) {
-                                errno = err_win_to_posix();
-                                bb_perror_msg_and_die("can't execute 'sh'");
+                        ZeroMemory(&si, sizeof(STARTUPINFO));
+                        si.cb = sizeof(STARTUPINFO);
+                        si.hStdInput = GetStdHandle(STD_INPUT_HANDLE);
+                        si.hStdOutput = GetStdHandle(STD_OUTPUT_HANDLE);
+                        si.hStdError = GetStdHandle(STD_ERROR_HANDLE);
+                        si.dwFlags = STARTF_USESTDHANDLES;
+
+                        if (!CreateProcessAsUserA(token, exe, cmd, NULL, NULL, TRUE,
+                                                0, NULL, NULL, &si, &pi)) {
+                                xfunc_error_retval = 126;
+                                bb_error_msg_and_die("can't execute '%s'", exe);
                         }
 
                         WaitForSingleObject(pi.hProcess, INFINITE);
diff --git a/win32/mingw.c b/win32/mingw.c
index 0a1af6b72..fd670ebf6 100644
--- a/win32/mingw.c
+++ b/win32/mingw.c
@@ -1136,7 +1136,7 @@ char *get_user_name(void)
         return user_name;
 }
 
-#if ENABLE_RUNUSER
+#if ENABLE_RUNUSER || ENABLE_DROP
 /*
  * When runuser drops privileges TokenIsElevated still returns TRUE.
  * Use other means to determine if we're actually unprivileged.
diff --git a/win32/process.c b/win32/process.c
index a0678f50d..7db7741fd 100644
--- a/win32/process.c
+++ b/win32/process.c
@@ -204,7 +204,7 @@ quote_arg(const char *arg)
         return q;
 }
 
-static char *
+char *
 find_first_executable(const char *name)
 {
         char *tmp, *path = getenv("PATH");