| blob | abcd0a7897b0ea3b1223860801b3ccf82d82ac39 |
1 /* env - run a program in a modified environment
2 Copyright (C) 1986-2022 Free Software Foundation, Inc.
4 This program is free software: you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation, either version 3 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <https://www.gnu.org/licenses/>. */
17 /* Richard Mlynarik and David MacKenzie */
19 #include <config.h>
20 #include <stdio.h>
21 #include <sys/types.h>
22 #include <getopt.h>
23 #include <c-ctype.h>
24 #include <signal.h>
34 /* The official name of this program (e.g., no 'g' prefix). */
37 #define AUTHORS \
42 /* Array of envvars to unset. */
47 /* Annotate the output with extra info to aid the user. */
50 /* Buffer and length of extracted envvars in -S strings. */
54 /* Possible actions on each signal. */
60 IGNORE_NOERR /* Ditto, but ignore sigaction(2) errors. */
61 };
64 /* Set of signals to block. */
67 /* Set of signals to unblock. */
70 /* Whether signal mask adjustment requested. */
73 /* Whether to list non default handling. */
76 /* The isspace characters in the C locale. */
81 /* For long options that have no equivalent short option, use a
82 non-character as a pseudo short option, starting with CHAR_MAX + 1. */
83 enum
84 {
86 IGNORE_SIGNAL_OPTION,
87 BLOCK_SIGNAL_OPTION,
88 LIST_SIGNAL_HANDLING_OPTION,
89 };
92 {
106 };
108 void
110 {
113 else
114 {
117 program_name);
164 }
166 }
168 static void
170 {
174 }
176 static void
178 {
180 {
186 }
192 }
194 /* Return a pointer to the end of a valid ${VARNAME} string, or NULL.
195 'str' should point to the '$' character.
196 First letter in VARNAME must be alpha or underscore,
197 rest of letters are alnum or underscore.
198 Any other character is an error. */
199 ATTRIBUTE_PURE
202 {
204 {
210 }
213 }
215 /* Return a pointer to a static buffer containing the VARNAME as
216 extracted from a '${VARNAME}' string.
217 The returned string will be NUL terminated.
218 The returned pointer should not be freed.
219 Return NULL if not a valid ${VARNAME} syntax. */
222 {
223 idx_t i;
230 /* -2 and +2 (below) account for the '${' prefix. */
234 {
237 }
243 }
245 /* Temporary buffer used by --split-string processing. */
246 struct splitbuf
247 {
248 /* Buffer address, arg count, and half the number of elements in the buffer.
249 ARGC and ARGV are as in 'main', and ARGC + 1 <= HALF_ALLOC so
250 that the upper half of ARGV can be used for string contents.
251 This may waste up to half the space but keeps the code simple,
252 which is better for this rarely-used but security-sensitive code.
254 ARGV[0] is not initialized; that is the caller's responsibility
255 after finalization.
257 During assembly, ARGV[I] (where 0 < I < ARGC) contains the offset
258 of the Ith string (relative to ARGV + HALF_ALLOC), so that
259 reallocating ARGV does not change the validity of its contents.
260 The integer offset is cast to char * during assembly, and is
261 converted to a true char * pointer on finalization.
263 During assembly, ARGV[ARGC] contains the offset of the first
264 unused string byte (relative to ARGV + HALF_ALLOC). */
267 idx_t half_alloc;
269 /* The number of extra argv slots to keep room for. */
272 /* Whether processing should act as if the most recent character
273 seen was a separator. */
275 };
277 /* Expand SS so that it has at least one more argv slot and at least
278 one more string byte. */
279 static void
281 {
287 }
289 /* In SS, append C to the last string. */
290 static void
292 {
298 }
300 /* If SS's most recent character was a separator, finish off its
301 previous argument and start a new one. */
302 static void
304 {
306 {
314 }
315 }
317 /* All additions to SS have been made. Convert its offsets to pointers,
318 and return the resulting argument vector. */
321 {
328 }
330 /* Return a newly-allocated argv-like array,
331 by parsing and splitting the input 'str'.
333 'extra_argc' is the number of additional elements to allocate
334 in the array (on top of the number of args required to split 'str').
336 Store into *argc the number of arguments found (plus 1 for
337 the program name).
339 Example:
340 int argc;
341 char **argv = build_argv ("A=B uname -k', 3, &argc);
342 Results in:
343 argc = 4
344 argv[0] = [not initialized]
345 argv[1] = "A=B"
346 argv[2] = "uname"
347 argv[3] = "-k"
348 argv[4,5,6,7] = [allocated due to extra_argc + 1, but not initialized]
350 To free allocated memory:
351 free (argv);
352 However, 'env' does not free since it's about to exec or exit anyway
353 and the complexity of keeping track of the storage that may have been
354 allocated via multiple calls to build_argv is not worth the hassle. */
357 {
367 /* In the following loop,
368 'break' causes the character 'newc' to be added to *dest,
369 'continue' skips the character. */
371 {
375 {
393 /* Start a new argument if outside quotes. */
406 /* Backslash inside single-quotes is not special, except \\
407 and \'. */
411 /* Skip the backslash and examine the next character. */
414 {
416 /* Pass escaped character as-is. */
421 {
425 }
447 }
451 /* ${VARNAME} are not expanded inside single-quotes. */
455 /* Store the ${VARNAME} value. */
456 {
461 str);
465 {
470 }
471 else
476 }
477 }
482 }
487 eos:
491 }
493 /* Process an "-S" string and create the corresponding argv array.
494 Update the given argc/argv parameters with the new argv.
496 Example: if executed as:
497 $ env -S"-i -C/tmp A=B" foo bar
498 The input argv is:
499 argv[0] = "env"
500 argv[1] = "-S-i -C/tmp A=B"
501 argv[2] = "foo"
502 argv[3] = "bar"
503 argv[4] = NULL
504 This function will modify argv to be:
505 argv[0] = "env"
506 argv[1] = "-i"
507 argv[2] = "-C/tmp"
508 argv[3] = "A=B"
509 argv[4] = "foo"
510 argv[5] = "bar"
511 argv[6] = NULL
512 argc will be updated from 4 to 6.
513 optind will be reset to 0 to force getopt_long to rescan all arguments. */
514 static void
517 {
521 /* Restore argv[0] - the 'env' executable name. */
524 /* Print parsed arguments. */
526 {
531 }
533 /* Add remaining arguments and terminating null from the original
534 command line. */
538 /* Set new values for original getopt variables. */
542 }
544 static void
546 {
552 {
553 /* Without an argument, reset all signals.
554 Some signals cannot be set to ignore or default (e.g., SIGKILL,
555 SIGSTOP on most OSes, and SIGCONT on AIX.) - so ignore errors. */
560 }
566 {
568 /* operand2sig accepts signal 0 (EXIT) - but we reject it. */
577 }
580 }
582 static void
584 {
586 {
605 {
611 }
614 {
621 }
622 }
623 }
626 static void
628 {
634 {
635 /* Without an argument, reset all signals. */
638 }
640 {
641 /* Initialize the sets. */
644 }
655 {
657 /* operand2sig accepts signal 0 (EXIT) - but we reject it. */
667 }
670 }
672 static void
674 {
675 /* Get the existing signal mask */
676 sigset_t set;
685 {
687 {
690 }
692 {
695 }
696 else
697 {
699 }
702 {
707 }
708 }
712 }
714 static void
716 {
717 sigset_t set;
725 {
740 }
741 }
743 static void
745 {
752 }
754 int
756 {
774 {
776 {
809 /* These are undocumented options. Attempt to detect
810 incorrect shebang usage with extraneous space, e.g.:
811 #!/usr/bin/env -i command
812 In which case argv[1] == "-i command". */
817 case_GETOPT_HELP_CHAR;
821 }
822 }
825 {
828 }
831 {
835 }
836 else
841 {
845 {
849 }
850 optind++;
851 }
856 {
859 }
862 {
865 }
868 {
869 /* Print the environment and exit. */
874 }
884 {
890 }
893 {
897 }
908 }