Fix two CFG_TOYBOX_SUID corner cases:

1) Don't try to force re-exec unless we actually dropped permissions.
   (Fixes "./toybox mount" when no suid bit on toybox binary, which
   previously exited.)
2) Set temporary toys.which value for error reporting.
   (Fixes "ln -s toybox mount && ./mount" with CFG_TOYBOX_DEBUG and
   no suid bit, which previously segfaulted.)

diff --git a/main.c b/main.c
index 3949c84..e95c641 100644 (file)
--- a/main.c
+++ b/main.c
@@ -96,15 +96,20 @@ static void toy_singleinit(struct toy_list *which, char *argv[])
 // Full init needed by multiplexer or reentrant calls, calls singleinit at end
 void toy_init(struct toy_list *which, char *argv[])
 {
+  void *oldwhich = toys.which;
+
   // Drop permissions for non-suid commands.
 
   if (CFG_TOYBOX_SUID) {
+    if (!toys.which) toys.which = toy_list;
+
     uid_t uid = getuid(), euid = geteuid();
 
     if (!(which->flags & TOYFLAG_STAYROOT)) {
       if (uid != euid) {
         if (!setuid(uid)) perror_exit("setuid %d->%d", euid, uid); // drop root
-        else euid = uid;
+        euid = uid;
+        toys.wasroot++;
       }
     } else if (CFG_TOYBOX_DEBUG && uid && which != toy_list)
       error_msg("Not installed suid root");
@@ -116,7 +121,7 @@ void toy_init(struct toy_list *which, char *argv[])
   // don't blank old optargs if our new argc lives in the old optargs.
   if (argv<toys.optargs || argv>toys.optargs+toys.optc) free(toys.optargs);
   memset(&toys, 0, offsetof(struct toy_context, rebound));
-  if (toys.which) memset(&this, 0, sizeof(this));
+  if (oldwhich) memset(&this, 0, sizeof(this));
 
   // Continue to portion of init needed by standalone commands
   toy_singleinit(which, argv);
@@ -136,7 +141,7 @@ void toy_exec(char *argv[])
     return;
 
   // Return if we need to re-exec to acquire root via suid bit.
-  if (toys.which && (which->flags&TOYFLAG_ROOTONLY) && getuid()) return;
+  if (toys.which && (which->flags&TOYFLAG_ROOTONLY) && toys.wasroot) return;
 
   // Run command
   toy_init(which, argv);

diff --git a/toys.h b/toys.h
index 8bd3be2..4bfccb1 100644 (file)
--- a/toys.h
+++ b/toys.h
@@ -127,13 +127,14 @@ extern struct toy_context {
   int exitval;             // Value error_exit feeds to exit()
   int optc;                // Count of optargs
   int old_umask;           // Old umask preserved by TOYFLAG_UMASK
-  int toycount;            // Total number of commands in this build
-  int signal;              // generic_signal() records what signal it saw here
+  short toycount;          // Total number of commands in this build
+  short signal;            // generic_signal() records what signal it saw here
   int signalfd;            // and writes signal to this fd, if set
+  int wasroot;             // dropped setuid
 
   // This is at the end so toy_init() doesn't zero it.
   jmp_buf *rebound;        // longjmp here instead of exit when do_rebound set
-  void *stacktop;          // nested toy_exec() call count, or -1 if vforked
+  void *stacktop;          // nested toy_exec() call count, or 0 if vforked
 } toys;
 
 // Two big temporary buffers: one for use by commands, one for library functions