From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=T_SCC_BODY_TEXT_LINE
	autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 29471 invoked from network); 10 Jul 2022 21:51:25 -0000
Received: from 9front.inri.net (168.235.81.73)
  by inbox.vuxu.org with ESMTPUTF8; 10 Jul 2022 21:51:25 -0000
Received: from mimir.eigenstate.org ([206.124.132.107]) by 9front; Sun Jul 10 17:50:34 -0400 2022
Received: from stockyard (ue.tmodns.net [172.58.219.134])
	by mimir.eigenstate.org (OpenSMTPD) with ESMTPSA id 0e370c36 (TLSv1.2:ECDHE-RSA-AES256-SHA:256:NO)
	for <9front@9front.org>;
	Sun, 10 Jul 2022 14:50:33 -0700 (PDT)
Message-ID: <C43D7EA68797D1B4F1F3C3AC66EEF4A4@eigenstate.org>
To: 9front@9front.org
Date: Sun, 10 Jul 2022 17:50:31 -0400
From: ori@eigenstate.org
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: open rich-client-scale table GPU-based core generator 
Subject: [9front] auth/box: tweaks for #! lines
Reply-To: 9front@9front.org
Precedence: bulk

this makes 'auth/box -s' work better when dropping the
sandboxing in a #! line, allowing any number of command
line arguments, verifying that the current dir is in the
namespace, and using it if available -- and erroring if
it's not.

diff cd64b7129c81102c811b3df9a32ceb4004420f54 uncommitted
--- a//sys/src/cmd/auth/box.c
+++ b//sys/src/cmd/auth/box.c
@@ -2,7 +2,11 @@
 #include <libc.h>
 #include <auth.h>
 
-static int debug;
+static int	debug;
+static char	cwd[8192];
+static char	*parts[256];
+static int	mflags[nelem(parts)];
+static int	nparts;
 
 static void
 binderr(char *new, char *old, int flag)
@@ -32,20 +36,15 @@
 		fprint(2, "bind %s %s %s\n", dash, new, old);
 	}
 	if(bind(new, old, flag) < 0)
-		sysfatal("bind: %r");
+		sysfatal("bind %s: %r", new);
 }
 
 static void
 resolvenames(char **names, int nname)
 {
-	int i;
-	char buf[8192];
-	int fd;
+	int i, gotcwd;
 
-	fd = open(".", OREAD|OCEXEC);
-	if(fd < 0)
-		sysfatal("could not open .: %r");
-	fd2path(fd, buf, sizeof buf);
+	gotcwd = 0;
 	for(i = 0; i < nname; i++){
 		if(names[i] == nil)
 			continue;
@@ -55,10 +54,13 @@
 		case '/':
 			break;
 		default:
-			names[i] = cleanname(smprint("%s/%s", buf, names[i]));
-		}	
+			names[i] = cleanname(smprint("%s/%s", cwd, names[i]));
+		}
+		if(strcmp(names[i], cwd) == 0)
+			gotcwd = 1;	
 	}
-	close(fd);
+	if(!gotcwd && strcmp(cwd, "/") != 0)
+		sysfatal("working outside box: %s", cwd);
 }
 
 static void
@@ -133,16 +135,11 @@
 		sysfatal("/mnt/d mount setup: %r");
 }
 
-static char *parts[256];
-static int  mflags[nelem(parts)];
-static int  nparts;
-static char *rc[] = { "/bin/rc", nil , nil};
-
 static void
 push(char *path, int flag)
 {
 	if(nparts == nelem(parts))
-		sysfatal("component overflow");
+		sysfatal("too many bound paths");
 	parts[nparts] = path;
 	mflags[nparts++] = flag;
 }
@@ -157,16 +154,16 @@
 void
 main(int argc, char **argv)
 {
-	char devs[1024];
-	int dfd;
-	char *path;
+	char **argp, devs[128];
+	int i, narg, dfd;
 	char *a;
 	int sflag;
 
 	nparts = 0;
-	path = "/";
+	narg = 0;
 	memset(devs, 0, sizeof devs);
 	sflag = 0;
+	argp = argv;
 	ARGBEGIN{
 	case 'D':
 		debug++;
@@ -184,9 +181,6 @@
 	case 'e':
 		snprint(devs, sizeof devs, "%s%s", devs, EARGF(usage()));
 		break;
-	case '.':
-		path = EARGF(usage());
-		break;
 	case 's':
 		sflag = 1;
 		break;
@@ -198,6 +192,8 @@
 	if(argc == 0)
 		usage();
 
+	if(getwd(cwd, sizeof(cwd)) == nil)
+		sysfatal("getwd: %r");
 	if(sflag){
 		snprint(devs, sizeof devs, "%s%s", devs, "|d");
 		push("/srv", MREPL|MCREATE);
@@ -204,9 +200,7 @@
 		push("/env", MREPL|MCREATE);
 		push("/rc", MREPL);
 		push("/bin", MREPL);
-		push(argv[0], MREPL);
-		rc[1] = argv[0];
-		argv = rc;
+		argp[narg++] = "/bin/rc";
 	} else {
 		if(access(argv[0], AEXIST) == -1){
 			if((argv[0] = smprint("/bin/%s", argv[0])) == nil)
@@ -216,6 +210,9 @@
 		}
 		push(argv[0], MREPL);
 	}
+	for(i = 0; i < argc; i++)
+		argp[narg++] = argv[i];
+	argp[narg] = nil;
 
 	rfork(RFNAMEG|RFFDG);
 	skelfs();
@@ -225,7 +222,7 @@
 
 	resolvenames(parts, nparts);
 	sandbox(parts, mflags, nparts);
-	
+
 	if(debug)
 		fprint(2, "chdev %s\n", devs);
 
@@ -238,8 +235,8 @@
 	}
 	close(dfd);
 
-	if(chdir(path) < 0)
-		sysfatal("can not cd to %s", path);
-	exec(argv[0], argv);
+	if(chdir(cwd) < 0)
+		sysfatal("chdir %s: %r", cwd);
+	exec(argp[0], argp);
 	sysfatal("exec: %r");
 }