fix an issue when scripts are exec'd under systrace where

the argv[0] would be normalized, and hence break scripts
that depend on how they were called.

this fixes an issue in the ports builds.

ok provos@ deraadt@; lots of testing during hackathon sturm@ naddy@

4 files changed, 32 insertions, 11 deletions

diff --git a/bin/systrace/intercept-translate.c b/bin/systrace/intercept-translate.c
index 41d385bfa3a..4c6d7cea22e 100644
--- a/bin/systrace/intercept-translate.c
+++ b/bin/systrace/intercept-translate.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: intercept-translate.c,v 1.10 2003/10/08 16:32:44 sturm Exp $	*/
+/*	$OpenBSD: intercept-translate.c,v 1.11 2004/07/07 07:31:40 marius Exp $	*/
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.
@@ -133,7 +133,7 @@ ic_get_filename(struct intercept_translate *trans, int fd, pid_t pid,
 	char *name;
 	int len;
 
-	name = intercept_filename(fd, pid, addr, ICLINK_ALL);
+	name = intercept_filename(fd, pid, addr, ICLINK_ALL, NULL);
 	if (name == NULL)
 		return (-1);
 
@@ -180,7 +180,7 @@ ic_get_linkname(struct intercept_translate *trans, int fd, pid_t pid,
 	char *name;
 	int len;
 
-	name = intercept_filename(fd, pid, addr, ICLINK_NONE);
+	name = intercept_filename(fd, pid, addr, ICLINK_NONE, NULL);
 	if (name == NULL)
 		return (-1);
 
@@ -204,7 +204,7 @@ ic_get_unlinkname(struct intercept_translate *trans, int fd, pid_t pid,
 	char *name;
 	int len;
 
-	name = intercept_filename(fd, pid, addr, ICLINK_NOLAST);
+	name = intercept_filename(fd, pid, addr, ICLINK_NOLAST, NULL);
 	if (name == NULL)
 		return (-1);
 
diff --git a/bin/systrace/intercept.c b/bin/systrace/intercept.c
index b79faf2755e..61f72435f0b 100644
--- a/bin/systrace/intercept.c
+++ b/bin/systrace/intercept.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: intercept.c,v 1.48 2004/06/24 21:00:10 marius Exp $	*/
+/*	$OpenBSD: intercept.c,v 1.49 2004/07/07 07:31:40 marius Exp $	*/
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.
@@ -585,13 +585,16 @@ intercept_get_string(int fd, pid_t pid, void *addr)
 }
 
 char *
-intercept_filename(int fd, pid_t pid, void *addr, int userp)
+intercept_filename(int fd, pid_t pid, void *addr, int userp, char *before)
 {
 	char *name;
 
 	if ((name = intercept_get_string(fd, pid, addr)) == NULL)
 		goto abort;
 
+	if (before != NULL)
+		strlcpy(before, name, MAXPATHLEN);
+
 	if ((name = normalize_filename(fd, pid, name, userp)) == NULL)
 		goto abort;
 
@@ -746,7 +749,7 @@ intercept_syscall(int fd, pid_t pid, u_int16_t seqnr, int policynr,
 	/* Special handling for the exec call */
 	if (!strcmp(name, "execve")) {
 		void *addr;
-		char *argname;
+		char *argname, before[MAXPATHLEN];
 
 		icpid->execve_code = code;
 		icpid->policynr = policynr;
@@ -755,10 +758,14 @@ intercept_syscall(int fd, pid_t pid, u_int16_t seqnr, int policynr,
 			free(icpid->newname);
 
 		intercept.getarg(0, args, argsize, &addr);
-		argname = intercept_filename(fd, pid, addr, ICLINK_ALL);
+		argname = intercept_filename(fd, pid, addr, ICLINK_ALL, before);
 		if (argname == NULL)
 			err(1, "%s:%d: intercept_filename",
 			    __func__, __LINE__);
+
+		if (intercept.scriptname(fd, pid, before) != 0)
+			err(1, "%s:%d: ioctl", __func__, __LINE__);
+
 		icpid->newname = strdup(argname);
 		if (icpid->newname == NULL)
 			err(1, "%s:%d: strdup", __func__, __LINE__);
diff --git a/bin/systrace/intercept.h b/bin/systrace/intercept.h
index 9bb9da7ecdd..a470cf20f5b 100644
--- a/bin/systrace/intercept.h
+++ b/bin/systrace/intercept.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: intercept.h,v 1.20 2004/06/23 05:16:35 marius Exp $	*/
+/*	$OpenBSD: intercept.h,v 1.21 2004/07/07 07:31:40 marius Exp $	*/
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.
@@ -59,6 +59,7 @@ struct intercept_system {
 	int (*replace)(int, pid_t, u_int16_t, struct intercept_replace *);
 	void (*clonepid)(struct intercept_pid *, struct intercept_pid *);
 	void (*freepid)(struct intercept_pid *);
+	int (*scriptname)(int, pid_t, char *);
 };
 
 #define INTERCEPT_READ	1
@@ -189,7 +190,7 @@ int intercept_existpids(void);
 
 char *intercept_get_string(int, pid_t, void *);
 char *normalize_filename(int, pid_t, char *, int);
-char *intercept_filename(int, pid_t, void *, int);
+char *intercept_filename(int, pid_t, void *, int, char *);
 void intercept_syscall(int, pid_t, u_int16_t, int, const char *, int,
     const char *, void *, int);
 void intercept_syscall_result(int, pid_t, u_int16_t, int, const char *, int,
diff --git a/bin/systrace/openbsd-syscalls.c b/bin/systrace/openbsd-syscalls.c
index d806b0784ce..4f45909a3c3 100644
--- a/bin/systrace/openbsd-syscalls.c
+++ b/bin/systrace/openbsd-syscalls.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: openbsd-syscalls.c,v 1.24 2004/06/23 05:16:35 marius Exp $	*/
+/*	$OpenBSD: openbsd-syscalls.c,v 1.25 2004/07/07 07:31:40 marius Exp $	*/
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.
@@ -139,6 +139,7 @@ static int obsd_setcwd(int, pid_t);
 static int obsd_restcwd(int);
 static int obsd_argument(int, void *, int, void **);
 static int obsd_read(int);
+static int obsd_scriptname(int, pid_t, char *);
 
 static int
 obsd_init(void)
@@ -382,6 +383,17 @@ obsd_answer(int fd, pid_t pid, u_int32_t seqnr, short policy, int nerrno,
 	return (0);
 }
 
+static int 
+obsd_scriptname(int fd, pid_t pid, char *scriptname)
+{
+	struct systrace_scriptname sn;
+
+	sn.sn_pid = pid;
+	strlcpy(sn.sn_scriptname, scriptname, sizeof(sn.sn_scriptname));
+
+	return (ioctl(fd, STRIOCSCRIPTNAME, &sn));
+}
+
 static int
 obsd_newpolicy(int fd)
 {
@@ -663,4 +675,5 @@ struct intercept_system intercept = {
 	obsd_replace,
 	obsd_clonepid,
 	obsd_freepid,
+	obsd_scriptname,
 };