diff options
| -rw-r--r-- | sysif.c | 2 | ||||
| -rw-r--r-- | sysif.h | 3 | ||||
| -rw-r--r-- | txr.1 | 28 | ||||
| -rw-r--r-- | txr.c | 8 |
4 files changed, 40 insertions, 1 deletions
@@ -524,7 +524,7 @@ static val dup_wrap(val old, val neu) return num(dup2(c_num(old), c_num(neu))); } -static val exec_wrap(val file, val args_opt) +val exec_wrap(val file, val args_opt) { val args = default_bool_arg(args_opt); int nargs = c_num(length(args)) + 1; @@ -43,6 +43,9 @@ typedef long off_t; #endif val getenv_wrap(val name); +#if HAVE_FORK_STUFF +val exec_wrap(val file, val args_opt); +#endif #if HAVE_SYS_STAT struct stat; val stat_to_struct(struct stat st); @@ -757,6 +757,26 @@ or .code -P options. +.coIP --reexec +On platforms which support the POSIX +.code exec +family of functions, this option causes \*(TX to re-execute itself. +The re-executed image receives the remaining arguments which follow +the +.code --reexec +argument. Note: this option is useful for supporting setuid operation in +"hash hang" scripts. On some platforms, the interpreter designated by +a "hash bang" script runs without altered privilege, even if that +interpreter is installed setuid. If the interpreter is executed directly, +then setuid applies to it, but not if it is executed via "hash bang". +If the +.code --reexec +option is used in the interpreter command line of such a script, the +interpreter will re-execute itself, thereby gaining the setuid privilege. +The re-executed image will then obtain the script name from the arguments +which are passed to it and determine whether that script will run setuid. +See the section SETUID/SETGID OPERATION. + .coIP --gc-debug This option enables a behavior which stresses the garbage collector with frequent garbage collection requests. The purpose is to make it more likely @@ -1101,6 +1121,14 @@ script name is inserted anywhere among them, possibly multiple times. Arguments for the interpreter can be encoded, as well as arguments to be processed by the script. +\*(TX supports setuid hash bang scripting, even on platforms that do not +support setuid and setgid attributes on hash bang scripts. On such +platforms, \*(TX has to be installed setuid/setgid. See the section +SETUID/SETGID OPERATION. On some platforms, it may also be necessary to +to use the +.code --reexec +option. + .SS* Whitespace Outside of directives, whitespace is significant in \*(TX queries, and represents a pattern match for whitespace in the input. An extent of text consisting of @@ -153,6 +153,9 @@ static void help(void) "--compat=N Synonym for -C N\n" "--gc-delta=N Invoke garbage collection when malloc activity\n" " increments by N megabytes since last collection.\n" +#if HAVE_FORK_STUFF +"--reexec Re-execute TXR with remaining arguments.\n" +#endif "--debug-autoload Allow debugger to step through library auto-loading.\n" "--debug-expansion Allow debugger to step through macro-expansion of query.\n" "--yydebug Debug Yacc parser, if compiled with YYDEBUG support.\n" @@ -603,6 +606,11 @@ int txr_main(int argc, char **argv) } else if (equal(opt, lit("lisp"))) { txr_lisp_p = t; continue; +#if HAVE_FORK_STUFF + } else if (equal(opt, lit("reexec"))) { + exec_wrap(prog_path, arg_list); + return EXIT_FAILURE; +#endif } else if (equal(opt, lit("debugger"))) { drop_privilege(); #if CONFIG_DEBUG_SUPPORT |