| blob | 58879737ba8c4d286b0fb9c7659d1646832aa792 |
1 /* env - run a program in a modified environment
2 Copyright (C) 1986-2023 Free Software Foundation, Inc.
4 This program is free software: you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation, either version 3 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <https://www.gnu.org/licenses/>. */
17 /* Richard Mlynarik and David MacKenzie */
19 #include <config.h>
20 #include <stdio.h>
21 #include <sys/types.h>
22 #include <getopt.h>
23 #include <c-ctype.h>
24 #include <signal.h>
32 /* The official name of this program (e.g., no 'g' prefix). */
35 #define AUTHORS \
40 /* Array of envvars to unset. */
45 /* Annotate the output with extra info to aid the user. */
48 /* Buffer and length of extracted envvars in -S strings. */
52 /* Possible actions on each signal. */
58 IGNORE_NOERR /* Ditto, but ignore sigaction(2) errors. */
59 };
62 /* Set of signals to block. */
65 /* Set of signals to unblock. */
68 /* Whether signal mask adjustment requested. */
71 /* Whether to list non default handling. */
74 /* The isspace characters in the C locale. */
79 /* For long options that have no equivalent short option, use a
80 non-character as a pseudo short option, starting with CHAR_MAX + 1. */
81 enum
82 {
84 IGNORE_SIGNAL_OPTION,
85 BLOCK_SIGNAL_OPTION,
86 LIST_SIGNAL_HANDLING_OPTION,
87 };
90 {
104 };
106 void
108 {
111 else
112 {
115 program_name);
163 }
165 }
167 static void
169 {
173 }
175 static void
177 {
179 {
185 }
186 }
188 /* Return a pointer to the end of a valid ${VARNAME} string, or nullptr.
189 'str' should point to the '$' character.
190 First letter in VARNAME must be alpha or underscore,
191 rest of letters are alnum or underscore.
192 Any other character is an error. */
193 ATTRIBUTE_PURE
196 {
198 {
204 }
207 }
209 /* Return a pointer to a static buffer containing the VARNAME as
210 extracted from a '${VARNAME}' string.
211 The returned string will be NUL terminated.
212 The returned pointer should not be freed.
213 Return nullptr if not a valid ${VARNAME} syntax. */
216 {
217 idx_t i;
224 /* -2 and +2 (below) account for the '${' prefix. */
228 {
231 }
237 }
239 /* Temporary buffer used by --split-string processing. */
240 struct splitbuf
241 {
242 /* Buffer address, arg count, and half the number of elements in the buffer.
243 ARGC and ARGV are as in 'main', and ARGC + 1 <= HALF_ALLOC so
244 that the upper half of ARGV can be used for string contents.
245 This may waste up to half the space but keeps the code simple,
246 which is better for this rarely-used but security-sensitive code.
248 ARGV[0] is not initialized; that is the caller's responsibility
249 after finalization.
251 During assembly, ARGV[I] (where 0 < I < ARGC) contains the offset
252 of the Ith string (relative to ARGV + HALF_ALLOC), so that
253 reallocating ARGV does not change the validity of its contents.
254 The integer offset is cast to char * during assembly, and is
255 converted to a true char * pointer on finalization.
257 During assembly, ARGV[ARGC] contains the offset of the first
258 unused string byte (relative to ARGV + HALF_ALLOC). */
261 idx_t half_alloc;
263 /* The number of extra argv slots to keep room for. */
266 /* Whether processing should act as if the most recent character
267 seen was a separator. */
269 };
271 /* Expand SS so that it has at least one more argv slot and at least
272 one more string byte. */
273 static void
275 {
281 }
283 /* In SS, append C to the last string. */
284 static void
286 {
292 }
294 /* If SS's most recent character was a separator, finish off its
295 previous argument and start a new one. */
296 static void
298 {
300 {
308 }
309 }
311 /* All additions to SS have been made. Convert its offsets to pointers,
312 and return the resulting argument vector. */
315 {
322 }
324 /* Return a newly-allocated argv-like array,
325 by parsing and splitting the input 'str'.
327 'extra_argc' is the number of additional elements to allocate
328 in the array (on top of the number of args required to split 'str').
330 Store into *argc the number of arguments found (plus 1 for
331 the program name).
333 Example:
334 int argc;
335 char **argv = build_argv ("A=B uname -k', 3, &argc);
336 Results in:
337 argc = 4
338 argv[0] = [not initialized]
339 argv[1] = "A=B"
340 argv[2] = "uname"
341 argv[3] = "-k"
342 argv[4,5,6,7] = [allocated due to extra_argc + 1, but not initialized]
344 To free allocated memory:
345 free (argv);
346 However, 'env' does not free since it's about to exec or exit anyway
347 and the complexity of keeping track of the storage that may have been
348 allocated via multiple calls to build_argv is not worth the hassle. */
351 {
361 /* In the following loop,
362 'break' causes the character 'newc' to be added to *dest,
363 'continue' skips the character. */
365 {
369 {
387 /* Start a new argument if outside quotes. */
400 /* Backslash inside single-quotes is not special, except \\
401 and \'. */
405 /* Skip the backslash and examine the next character. */
408 {
410 /* Pass escaped character as-is. */
415 {
419 }
442 }
446 /* ${VARNAME} are not expanded inside single-quotes. */
450 /* Store the ${VARNAME} value. */
451 {
456 str);
460 {
465 }
466 else
471 }
472 }
477 }
482 eos:
486 }
488 /* Process an "-S" string and create the corresponding argv array.
489 Update the given argc/argv parameters with the new argv.
491 Example: if executed as:
492 $ env -S"-i -C/tmp A=B" foo bar
493 The input argv is:
494 argv[0] = "env"
495 argv[1] = "-S-i -C/tmp A=B"
496 argv[2] = "foo"
497 argv[3] = "bar"
498 argv[4] = nullptr
499 This function will modify argv to be:
500 argv[0] = "env"
501 argv[1] = "-i"
502 argv[2] = "-C/tmp"
503 argv[3] = "A=B"
504 argv[4] = "foo"
505 argv[5] = "bar"
506 argv[6] = nullptr
507 argc will be updated from 4 to 6.
508 optind will be reset to 0 to force getopt_long to rescan all arguments. */
509 static void
512 {
516 /* Restore argv[0] - the 'env' executable name. */
519 /* Print parsed arguments. */
521 {
526 }
528 /* Add remaining arguments and terminating null from the original
529 command line. */
533 /* Set new values for original getopt variables. */
537 }
539 static void
541 {
547 {
548 /* Without an argument, reset all signals.
549 Some signals cannot be set to ignore or default (e.g., SIGKILL,
550 SIGSTOP on most OSes, and SIGCONT on AIX.) - so ignore errors. */
555 }
561 {
563 /* operand2sig accepts signal 0 (EXIT) - but we reject it. */
572 }
575 }
577 static void
579 {
581 {
600 {
606 }
609 {
616 }
617 }
618 }
621 static void
623 {
629 {
630 /* Without an argument, reset all signals. */
633 }
635 {
636 /* Initialize the sets. */
639 }
650 {
652 /* operand2sig accepts signal 0 (EXIT) - but we reject it. */
662 }
665 }
667 static void
669 {
670 /* Get the existing signal mask */
671 sigset_t set;
680 {
682 {
685 }
687 {
690 }
691 else
692 {
694 }
697 {
702 }
703 }
707 }
709 static void
711 {
712 sigset_t set;
720 {
735 }
736 }
738 static void
740 {
747 }
749 int
751 {
769 {
771 {
804 /* These are undocumented options. Attempt to detect
805 incorrect shebang usage with extraneous space, e.g.:
806 #!/usr/bin/env -i command
807 In which case argv[1] == "-i command". */
812 case_GETOPT_HELP_CHAR;
816 }
817 }
820 {
823 }
826 {
830 }
831 else
836 {
840 {
844 }
845 optind++;
846 }
851 {
854 }
857 {
860 }
863 {
864 /* Print the environment and exit. */
869 }
879 {
885 }
888 {
892 }
903 }