SHOW:
|
|
- or go back to the newest paste.
| 1 | On Linux execve() can be called with a NULL argv, which results in | |
| 2 | argc being set to zero and an empty list for argv. Doing so causes the | |
| 3 | polkit applications to misbehave, for example: | |
| 4 | ||
| 5 | $ python | |
| 6 | >>> import os | |
| 7 | >>> os.execve("/usr/bin/pkexec", [], {"FOO":"aaaaaaaaa"})
| |
| 8 | Cannot run program FOO=aaaaaaaaa: No such file or directory | |
| 9 | ||
| 10 | While this doesn't appear to have an further impact, setuid binaries | |
| 11 | should be hardened against any possible misuse. Add an explicit check | |
| 12 | for argc == 0 to all of the polkit applications. | |
| 13 | ||
| 14 | Signed-off-by: Ryan Mallon <[email protected]> | |
| 15 | --- | |
| 16 | ||
| 17 | src/programs/pkaction.c | 10 ++++++++++ | |
| 18 | src/programs/pkcheck.c | 10 ++++++++++ | |
| 19 | src/programs/pkexec.c | 10 ++++++++++ | |
| 20 | src/programs/pkttyagent.c | 10 ++++++++++ | |
| 21 | 4 files changed, 40 insertions(+) | |
| 22 | ||
| 23 | diff --git a/src/programs/pkaction.c b/src/programs/pkaction.c | |
| 24 | index f17a7dc..1034a82 100644 | |
| 25 | --- a/src/programs/pkaction.c | |
| 26 | +++ b/src/programs/pkaction.c | |
| 27 | @@ -121,6 +121,16 @@ main (int argc, char *argv[]) | |
| 28 | actions = NULL; | |
| 29 | ret = 1; | |
| 30 | ||
| 31 | + /* | |
| 32 | + * Linux allows an empty list to be passed for argv. This is a non-standard | |
| 33 | + * (mis)feature, so don't allow it. | |
| 34 | + */ | |
| 35 | + if (argc == 0) | |
| 36 | + {
| |
| 37 | + g_printerr("Refusing to accept empty argv\n");
| |
| 38 | + goto out; | |
| 39 | + } | |
| 40 | + | |
| 41 | g_type_init (); | |
| 42 | ||
| 43 | opt_show_version = FALSE; | |
| 44 | diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c | |
| 45 | index 5781893..c2352e3 100644 | |
| 46 | --- a/src/programs/pkcheck.c | |
| 47 | +++ b/src/programs/pkcheck.c | |
| 48 | @@ -362,6 +362,16 @@ main (int argc, char *argv[]) | |
| 49 | local_agent_handle = NULL; | |
| 50 | ret = 126; | |
| 51 | ||
| 52 | + /* | |
| 53 | + * Linux allows an empty list to be passed for argv. This is a non-standard | |
| 54 | + * (mis)feature, so don't allow it. | |
| 55 | + */ | |
| 56 | + if (argc == 0) | |
| 57 | + {
| |
| 58 | + g_printerr("Refusing to accept empty argv\n");
| |
| 59 | + goto out; | |
| 60 | + } | |
| 61 | + | |
| 62 | g_type_init (); | |
| 63 | ||
| 64 | details = polkit_details_new (); | |
| 65 | diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c | |
| 66 | index a7ca8e0..88363c0 100644 | |
| 67 | --- a/src/programs/pkexec.c | |
| 68 | +++ b/src/programs/pkexec.c | |
| 69 | @@ -502,6 +502,16 @@ main (int argc, char *argv[]) | |
| 70 | opt_user = NULL; | |
| 71 | local_agent_handle = NULL; | |
| 72 | ||
| 73 | + /* | |
| 74 | + * Linux allows an empty list to be passed for argv. This is a non-standard | |
| 75 | + * (mis)feature, so don't allow it. | |
| 76 | + */ | |
| 77 | + if (argc == 0) | |
| 78 | + {
| |
| 79 | + g_printerr("Refusing to accept empty argv\n");
| |
| 80 | + goto out; | |
| 81 | + } | |
| 82 | + | |
| 83 | /* check for correct invocation */ | |
| 84 | if (geteuid () != 0) | |
| 85 | {
| |
| 86 | diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c | |
| 87 | index 423b728..ed3caa5 100644 | |
| 88 | --- a/src/programs/pkttyagent.c | |
| 89 | +++ b/src/programs/pkttyagent.c | |
| 90 | @@ -74,6 +74,16 @@ main (int argc, char *argv[]) | |
| 91 | guint ret = 126; | |
| 92 | GVariantBuilder builder; | |
| 93 | ||
| 94 | + /* | |
| 95 | + * Linux allows an empty list to be passed for argv. This is a non-standard | |
| 96 | + * (mis)feature, so don't allow it. | |
| 97 | + */ | |
| 98 | + if (argc == 0) | |
| 99 | + {
| |
| 100 | + g_printerr("Refusing to accept empty argv\n");
| |
| 101 | + goto out; | |
| 102 | + } | |
| 103 | + | |
| 104 | g_type_init (); | |
| 105 | ||
| 106 | error = NULL; | |
| 107 | -- | |
| 108 | 1.7.9.7 |
