LibC: The exec() family of functions should not search "." by default

We should only execute the filename verbatim if it contains a slash (/) character somewhere. Otherwise, we need to look through the entries in the PATH environment variable. This fixes an issue where you could easily "override" system programs by placing them in a directory you control, and then waiting for someone to come there and run e.g "ls" :^) Test: LibC/exec-should-not-search-current-directory.cpp
2024-09-06 00:51:33 +00:00 · 2020-02-01 16:05:04 +01:00 · 2020-02-01 16:05:04 +01:00 · 998765a7a6
parent 268000e166
commit 998765a7a6
2 changed files with 23 additions and 6 deletions
--- a/Libraries/LibC/unistd.cpp
+++ b/Libraries/LibC/unistd.cpp
@ -111,13 +111,10 @@ int execve(const char* filename, char* const argv[], char* const envp[])

 int execvpe(const char* filename, char* const argv[], char* const envp[])
 {
+    if (strchr(filename, '/'))
+        return execve(filename, argv, envp);
+
    ScopedValueRollback errno_rollback(errno);
-    int rc = execve(filename, argv, envp);
-    if (rc < 0 && errno != ENOENT) {
-        errno_rollback.set_override_rollback_value(errno);
-        dbg() << "execvpe() failed on first with" << strerror(errno);
-        return rc;
-    }
    String path = getenv("PATH");
    if (path.is_empty())
        path = "/bin:/usr/bin";
--- a/Tests/LibC/exec-should-not-search-current-directory.cpp
+++ b/Tests/LibC/exec-should-not-search-current-directory.cpp
@ -0,0 +1,20 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+int main()
+{
+    int fd = open("hax", O_CREAT | O_RDWR, 0755);
+    ftruncate(fd, 0);
+    close(fd);
+
+    int rc = execlp("hax", "hax", nullptr);
+    int saved_errno = errno;
+    unlink("hax");
+    if (rc == -1 && saved_errno == ENOEXEC) {
+        printf("FAIL\n");
+        return 1;
+    }
+    printf("PASS\n");
+    return 0;
+}