mirror of
https://github.com/SerenityOS/serenity
synced 2024-09-06 00:51:33 +00:00
LibC: The exec() family of functions should not search "." by default
We should only execute the filename verbatim if it contains a slash (/) character somewhere. Otherwise, we need to look through the entries in the PATH environment variable. This fixes an issue where you could easily "override" system programs by placing them in a directory you control, and then waiting for someone to come there and run e.g "ls" :^) Test: LibC/exec-should-not-search-current-directory.cpp
This commit is contained in:
parent
268000e166
commit
998765a7a6
|
@ -111,13 +111,10 @@ int execve(const char* filename, char* const argv[], char* const envp[])
|
|||
|
||||
int execvpe(const char* filename, char* const argv[], char* const envp[])
|
||||
{
|
||||
if (strchr(filename, '/'))
|
||||
return execve(filename, argv, envp);
|
||||
|
||||
ScopedValueRollback errno_rollback(errno);
|
||||
int rc = execve(filename, argv, envp);
|
||||
if (rc < 0 && errno != ENOENT) {
|
||||
errno_rollback.set_override_rollback_value(errno);
|
||||
dbg() << "execvpe() failed on first with" << strerror(errno);
|
||||
return rc;
|
||||
}
|
||||
String path = getenv("PATH");
|
||||
if (path.is_empty())
|
||||
path = "/bin:/usr/bin";
|
||||
|
|
20
Tests/LibC/exec-should-not-search-current-directory.cpp
Normal file
20
Tests/LibC/exec-should-not-search-current-directory.cpp
Normal file
|
@ -0,0 +1,20 @@
|
|||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
#include <fcntl.h>
|
||||
|
||||
int main()
|
||||
{
|
||||
int fd = open("hax", O_CREAT | O_RDWR, 0755);
|
||||
ftruncate(fd, 0);
|
||||
close(fd);
|
||||
|
||||
int rc = execlp("hax", "hax", nullptr);
|
||||
int saved_errno = errno;
|
||||
unlink("hax");
|
||||
if (rc == -1 && saved_errno == ENOEXEC) {
|
||||
printf("FAIL\n");
|
||||
return 1;
|
||||
}
|
||||
printf("PASS\n");
|
||||
return 0;
|
||||
}
|
Loading…
Reference in a new issue