09c434b8a0047 (Thomas Gleixner 2019-05-19 13:08:20 +0100 1) // SPDX-License-Identifier: GPL-2.0-only
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 2) /*
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 3) * linux/fs/binfmt_script.c
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 4) *
96de0e252cedf (Jan Engelhardt 2007-10-19 23:21:04 +0200 5) * Copyright (C) 1996 Martin von Löwis
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 6) * original #!-checking implemented by tytso.
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 7) */
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 8)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 9) #include <linux/module.h>
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 10) #include <linux/string.h>
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 11) #include <linux/stat.h>
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 12) #include <linux/binfmts.h>
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 13) #include <linux/init.h>
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 14) #include <linux/file.h>
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 15) #include <linux/err.h>
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 16) #include <linux/fs.h>
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 17)
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 18) static inline bool spacetab(char c) { return c == ' ' || c == '\t'; }
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 19) static inline const char *next_non_spacetab(const char *first, const char *last)
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 20) {
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 21) for (; first <= last; first++)
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 22) if (!spacetab(*first))
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 23) return first;
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 24) return NULL;
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 25) }
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 26) static inline const char *next_terminator(const char *first, const char *last)
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 27) {
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 28) for (; first <= last; first++)
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 29) if (spacetab(*first) || !*first)
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 30) return first;
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 31) return NULL;
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 32) }
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 33)
71613c3b871c5 (Al Viro 2012-10-20 22:00:48 -0400 34) static int load_script(struct linux_binprm *bprm)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 35) {
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 36) const char *i_name, *i_sep, *i_arg, *i_end, *buf_end;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 37) struct file *file;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 38) int retval;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 39)
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 40) /* Not ours to exec if we don't start with "#!". */
d740269867021 (Kees Cook 2012-12-17 16:03:20 -0800 41) if ((bprm->buf[0] != '#') || (bprm->buf[1] != '!'))
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 42) return -ENOEXEC;
51f39a1f0cea1 (David Drysdale 2014-12-12 16:57:29 -0800 43)
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 44) /*
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 45) * This section handles parsing the #! line into separate
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 46) * interpreter path and argument strings. We must be careful
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 47) * because bprm->buf is not yet guaranteed to be NUL-terminated
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 48) * (though the buffer will have trailing NUL padding when the
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 49) * file size was smaller than the buffer size).
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 50) *
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 51) * We do not want to exec a truncated interpreter path, so either
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 52) * we find a newline (which indicates nothing is truncated), or
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 53) * we find a space/tab/NUL after the interpreter path (which
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 54) * itself may be preceded by spaces/tabs). Truncating the
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 55) * arguments is fine: the interpreter can re-read the script to
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 56) * parse them on its own.
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 57) */
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 58) buf_end = bprm->buf + sizeof(bprm->buf) - 1;
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 59) i_end = strnchr(bprm->buf, sizeof(bprm->buf), '\n');
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 60) if (!i_end) {
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 61) i_end = next_non_spacetab(bprm->buf + 2, buf_end);
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 62) if (!i_end)
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 63) return -ENOEXEC; /* Entire buf is spaces/tabs */
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 64) /*
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 65) * If there is no later space/tab/NUL we must assume the
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 66) * interpreter path is truncated.
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 67) */
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 68) if (!next_terminator(i_end, buf_end))
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 69) return -ENOEXEC;
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 70) i_end = buf_end;
b5372fe5dc842 (Kees Cook 2019-02-18 16:36:48 -0800 71) }
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 72) /* Trim any trailing spaces/tabs from i_end */
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 73) while (spacetab(i_end[-1]))
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 74) i_end--;
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 75)
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 76) /* Skip over leading spaces/tabs */
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 77) i_name = next_non_spacetab(bprm->buf+2, i_end);
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 78) if (!i_name || (i_name == i_end))
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 79) return -ENOEXEC; /* No interpreter name found */
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 80)
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 81) /* Is there an optional argument? */
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 82) i_arg = NULL;
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 83) i_sep = next_terminator(i_name, i_end);
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 84) if (i_sep && (*i_sep != '\0'))
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 85) i_arg = next_non_spacetab(i_sep, i_end);
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 86)
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 87) /*
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 88) * If the script filename will be inaccessible after exec, typically
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 89) * because it is a "/dev/fd/<fd>/.." path against an O_CLOEXEC fd, give
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 90) * up now (on the assumption that the interpreter will want to load
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 91) * this file).
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 92) */
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 93) if (bprm->interp_flags & BINPRM_FLAGS_PATH_INACCESSIBLE)
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 94) return -ENOENT;
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 95)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 96) /*
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 97) * OK, we've parsed out the interpreter name and
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 98) * (optional) argument.
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 99) * Splice in (1) the interpreter's name for argv[0]
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 100) * (2) (optional) argument to interpreter
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 101) * (3) filename of shell script (replace argv[0])
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 102) *
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 103) * This is done in reverse order, because of how the
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 104) * user environment and arguments are stored.
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 105) */
b6a2fea39318e (Ollie Wild 2007-07-19 01:48:16 -0700 106) retval = remove_arg_zero(bprm);
b6a2fea39318e (Ollie Wild 2007-07-19 01:48:16 -0700 107) if (retval)
b6a2fea39318e (Ollie Wild 2007-07-19 01:48:16 -0700 108) return retval;
986db2d14a6dc (Christoph Hellwig 2020-06-04 16:51:14 -0700 109) retval = copy_string_kernel(bprm->interp, bprm);
c2315c187fa0d (Oleg Nesterov 2017-10-03 16:15:42 -0700 110) if (retval < 0)
c2315c187fa0d (Oleg Nesterov 2017-10-03 16:15:42 -0700 111) return retval;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 112) bprm->argc++;
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 113) *((char *)i_end) = '\0';
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 114) if (i_arg) {
ccbb18b67323b (Eric W. Biederman 2020-05-18 10:11:10 -0500 115) *((char *)i_sep) = '\0';
986db2d14a6dc (Christoph Hellwig 2020-06-04 16:51:14 -0700 116) retval = copy_string_kernel(i_arg, bprm);
c2315c187fa0d (Oleg Nesterov 2017-10-03 16:15:42 -0700 117) if (retval < 0)
c2315c187fa0d (Oleg Nesterov 2017-10-03 16:15:42 -0700 118) return retval;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 119) bprm->argc++;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 120) }
986db2d14a6dc (Christoph Hellwig 2020-06-04 16:51:14 -0700 121) retval = copy_string_kernel(i_name, bprm);
c2315c187fa0d (Oleg Nesterov 2017-10-03 16:15:42 -0700 122) if (retval)
c2315c187fa0d (Oleg Nesterov 2017-10-03 16:15:42 -0700 123) return retval;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 124) bprm->argc++;
c2315c187fa0d (Oleg Nesterov 2017-10-03 16:15:42 -0700 125) retval = bprm_change_interp(i_name, bprm);
b66c598401753 (Kees Cook 2012-12-20 15:05:16 -0800 126) if (retval < 0)
b66c598401753 (Kees Cook 2012-12-20 15:05:16 -0800 127) return retval;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 128)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 129) /*
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 130) * OK, now restart the process with the interpreter's dentry.
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 131) */
c2315c187fa0d (Oleg Nesterov 2017-10-03 16:15:42 -0700 132) file = open_exec(i_name);
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 133) if (IS_ERR(file))
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 134) return PTR_ERR(file);
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 135)
bc2bf338d54b7 (Eric W. Biederman 2020-05-18 18:43:20 -0500 136) bprm->interpreter = file;
bc2bf338d54b7 (Eric W. Biederman 2020-05-18 18:43:20 -0500 137) return 0;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 138) }
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 139)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 140) static struct linux_binfmt script_format = {
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 141) .module = THIS_MODULE,
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 142) .load_binary = load_script,
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 143) };
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 144)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 145) static int __init init_script_binfmt(void)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 146) {
8fc3dc5a3a17a (Al Viro 2012-03-17 03:05:16 -0400 147) register_binfmt(&script_format);
8fc3dc5a3a17a (Al Viro 2012-03-17 03:05:16 -0400 148) return 0;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 149) }
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 150)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 151) static void __exit exit_script_binfmt(void)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 152) {
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 153) unregister_binfmt(&script_format);
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 154) }
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 155)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 156) core_initcall(init_script_binfmt);
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 157) module_exit(exit_script_binfmt);
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 158) MODULE_LICENSE("GPL");