From d72df441f86f759bf143df745ff13fd9b90597bf Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 17 Feb 2021 23:53:31 +0100 Subject: Split client/webserver/accountd commands on whitespace. This doesn't change the default behavior. --- lacme | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'lacme') diff --git a/lacme b/lacme index d2d8840..019a5e7 100755 --- a/lacme +++ b/lacme @@ -379,7 +379,8 @@ sub spawn_webserver() { $ENV{DEBUG} = $OPTS{debug} // 0; # use execve(2) rather than a Perl pseudo-process to ensure that # the child doesn't have access to the parent's memory - exec $conf->{command}, fileno($sock) or die; + my ($cmd, @args) = split(/\s+/, $conf->{command}) or die "Empty webserver command\n"; + exec { $cmd } $cmd, @args, fileno($sock) or die; } print STDERR "[$$] Forking ACME webserver bound to $p, child PID $pid\n" if $OPTS{debug}; @@ -505,12 +506,13 @@ sub acme_client($@) { drop_privileges($accountd->{user}, $accountd->{group}, '/'); set_FD_CLOEXEC($s, 0); $client->close() or die "close: $!"; - my @cmd = ($accountd->{command}, '--conn-fd='.fileno($s)); - push @cmd, '--config='.$accountd->{config} if defined $accountd->{config}; - push @cmd, '--privkey='.$accountd->{privkey} if defined $accountd->{privkey}; - push @cmd, '--quiet' unless lc $accountd->{quiet} eq 'no'; - push @cmd, '--debug' if $OPTS{debug}; - exec { $cmd[0] } @cmd or die; + my ($cmd, @args) = split(/\s+/, $accountd->{command}) or die "Empty accountd command\n"; + push @args, '--conn-fd='.fileno($s); + push @args, '--config='.$accountd->{config} if defined $accountd->{config}; + push @args, '--privkey='.$accountd->{privkey} if defined $accountd->{privkey}; + push @args, '--quiet' unless lc $accountd->{quiet} eq 'no'; + push @args, '--debug' if $OPTS{debug}; + exec { $cmd } $cmd, @args or die; } print STDERR "[$$] Forking lacme-accountd, child PID $pid\n" if $OPTS{debug}; $s->close() or die "close: $!"; @@ -546,6 +548,7 @@ sub acme_client($@) { # use execve(2) rather than a Perl pseudo-process to ensure that the # child doesn't have access to the parent's memory + my ($cmd, @args2) = split(/\s+/, $conf->{command}) or die "Empty client command\n"; my @fileno = map { fileno($_) =~ /^(\d+)$/ ? $1 : die } ($CONFFILE, $client); # untaint fileno set_FD_CLOEXEC($client, 1); my $rv = spawn({in => $args->{in}, out => $args->{out}, child => sub() { @@ -553,7 +556,7 @@ sub acme_client($@) { set_FD_CLOEXEC($_, 0) foreach ($CONFFILE, $client); seek($CONFFILE, SEEK_SET, 0) or die "seek: $!"; $ENV{DEBUG} = $OPTS{debug} // 0; - }}, $conf->{command}, $COMMAND, @fileno, @args); + }}, $cmd, @args2, $COMMAND, @fileno, @args); if (defined $cleanup) { @CLEANUP = grep { $_ ne $cleanup } @CLEANUP; @@ -564,7 +567,7 @@ sub acme_client($@) { sub spawn($@) { my $args = shift; - my @exec = @_; + my ($cmd, @args) = @_; # create communication pipes if needed my ($in_rd, $in_wd, $out_rd, $out_wd); @@ -593,7 +596,7 @@ sub spawn($@) { } elsif (fileno(STDOUT) != fileno($args->{out})) { open STDOUT, '>&', $args->{out} or die "dup: $!"; } - exec { $exec[0] } @exec or die; + exec { $cmd } $cmd, @args or die; } push @CLEANUP, sub() { kill 15 => $pid; @@ -601,7 +604,7 @@ sub spawn($@) { }; # parent - print STDERR "[$$] Forking $exec[0], child PID $pid\n" if $OPTS{debug}; + print STDERR "[$$] Forking $cmd, child PID $pid\n" if $OPTS{debug}; if (defined $args->{in}) { $in_rd->close() or die "close: $!"; $in_wd->print($args->{in}); -- cgit v1.2.3