mirror of
https://anongit.gentoo.org/git/repo/gentoo.git
synced 2025-12-20 00:48:23 +00:00
21c9a61e14* Backport build fix for elogind * Backport musl build fix * ... which needs another fix for realpath / PATH order Signed-off-by: Sam James <sam@gentoo.org>
133 lines
4.8 KiB
Diff
133 lines
4.8 KiB
Diff
https://github.com/polkit-org/polkit/commit/9aa43e089d870a8ee695e625237c5b731b250678
|
|
|
|
From 9aa43e089d870a8ee695e625237c5b731b250678 Mon Sep 17 00:00:00 2001
|
|
From: Walter Doekes <walter+github@wjd.nu>
|
|
Date: Fri, 25 Oct 2024 23:18:16 +0200
|
|
Subject: [PATCH] pkexec: Use realpath when comparing
|
|
org.freedesktop.policykit.exec.path
|
|
|
|
This changes the pkexec path that is compared from the original supplied
|
|
path to the path resolved by realpath(3).
|
|
|
|
That means that "/bin/something" might now be matched as
|
|
"/usr/bin/something", a review of your
|
|
<annotate key="org.freedesktop.policykit.exec.path">
|
|
actions might be in order.
|
|
|
|
Fixes: polkit-org/polkit#194
|
|
|
|
See also: systemd/systemd#34714
|
|
---
|
|
src/programs/pkexec.c | 29 +++++++++++++++++++++++++++--
|
|
test/integration/pkexec/test.sh | 23 +++++++++++++++++++++++
|
|
2 files changed, 50 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
|
|
index 65c13090..b439475f 100644
|
|
--- a/src/programs/pkexec.c
|
|
+++ b/src/programs/pkexec.c
|
|
@@ -452,6 +452,7 @@ main (int argc, char *argv[])
|
|
gchar *action_id;
|
|
gboolean allow_gui;
|
|
gchar **exec_argv;
|
|
+ gchar *path_abs;
|
|
gchar *path;
|
|
struct passwd pwstruct;
|
|
gchar pwbuf[8192];
|
|
@@ -508,6 +509,7 @@ main (int argc, char *argv[])
|
|
result = NULL;
|
|
action_id = NULL;
|
|
saved_env = NULL;
|
|
+ path_abs = NULL;
|
|
path = NULL;
|
|
exec_argv = NULL;
|
|
command_line = NULL;
|
|
@@ -624,6 +626,8 @@ main (int argc, char *argv[])
|
|
* but do check this is the case.
|
|
*
|
|
* We also try to locate the program in the path if a non-absolute path is given.
|
|
+ *
|
|
+ * And then we resolve the real path of the program.
|
|
*/
|
|
g_assert (argv[argc] == NULL);
|
|
path = g_strdup (argv[n]);
|
|
@@ -647,7 +651,7 @@ main (int argc, char *argv[])
|
|
}
|
|
if (path[0] != '/')
|
|
{
|
|
- /* g_find_program_in_path() is not suspectible to attacks via the environment */
|
|
+ /* g_find_program_in_path() is not susceptible to attacks via the environment */
|
|
s = g_find_program_in_path (path);
|
|
if (s == NULL)
|
|
{
|
|
@@ -662,9 +666,29 @@ main (int argc, char *argv[])
|
|
*/
|
|
if (argv[n] != NULL)
|
|
{
|
|
- argv[n] = path;
|
|
+ /* Must copy because we might replace path later on. */
|
|
+ path_abs = g_strdup(path);
|
|
+ /* argv[n:] is used as argv arguments to execv(). The called program
|
|
+ * sees the original called path, but we make sure it's absolute. */
|
|
+ if (path_abs != NULL)
|
|
+ argv[n] = path_abs;
|
|
}
|
|
}
|
|
+#if _POSIX_C_SOURCE >= 200809L
|
|
+ s = realpath(path, NULL);
|
|
+#else
|
|
+ s = NULL;
|
|
+# error We have to deal with realpath(3) PATH_MAX madness
|
|
+#endif
|
|
+ if (s != NULL)
|
|
+ {
|
|
+ /* The called program resolved to the canonical location. We don't update
|
|
+ * argv[n] this time. The called program still sees the original
|
|
+ * called path. This is very important for multi-call binaries like
|
|
+ * busybox. */
|
|
+ g_free (path);
|
|
+ path = s;
|
|
+ }
|
|
if (access (path, F_OK) != 0)
|
|
{
|
|
g_printerr ("Error accessing %s: %s\n", path, g_strerror (errno));
|
|
@@ -1084,6 +1108,7 @@ main (int argc, char *argv[])
|
|
}
|
|
|
|
g_free (original_cwd);
|
|
+ g_free (path_abs);
|
|
g_free (path);
|
|
g_free (command_line);
|
|
g_free (cmdline_short);
|
|
diff --git a/test/integration/pkexec/test.sh b/test/integration/pkexec/test.sh
|
|
index 4c76687b..e57b948f 100755
|
|
--- a/test/integration/pkexec/test.sh
|
|
+++ b/test/integration/pkexec/test.sh
|
|
@@ -142,3 +142,26 @@ sudo -u "$TEST_USER" expect "$TMP_DIR/SIGTRAP-on-EOF.exp" | tee "$TMP_DIR/SIGTRA
|
|
grep -q "AUTHENTICATION FAILED" "$TMP_DIR/SIGTRAP-on-EOF.log"
|
|
grep -q "Not authorized" "$TMP_DIR/SIGTRAP-on-EOF.log"
|
|
rm -f "$TMP_DIR/SIGTRAP-on-EOF.log"
|
|
+
|
|
+: "Check absolute (but not canonicalized) path"
|
|
+BASH_ABS=$(command -v bash)
|
|
+ln -s "$BASH_ABS" ./my-bash
|
|
+sudo -u "$TEST_USER" expect "$TMP_DIR/basic-auth.exp" "$TEST_USER_PASSWORD" ./my-bash -c true | tee "$TMP_DIR/absolute-path.log"
|
|
+grep -Eq "Authentication is needed to run \`/.*/${PWD##*/}/./my-bash -c true' as the super user" "$TMP_DIR/absolute-path.log"
|
|
+grep -q "AUTHENTICATION COMPLETE" "$TMP_DIR/absolute-path.log"
|
|
+rm -f "$TMP_DIR/absolute-path.log"
|
|
+rm -f "./my-bash"
|
|
+
|
|
+: "Check canonicalized path"
|
|
+if command -v strace; then
|
|
+ BASH_ABS=$(command -v bash)
|
|
+ ln -s "$BASH_ABS" ./my-bash
|
|
+ sudo -u "$TEST_USER" strace -s 512 -o "$TMP_DIR/canonical-path.strace" -feexecve \
|
|
+ expect "$TMP_DIR/basic-auth.exp" "$TEST_USER_PASSWORD" ./my-bash -c true | tee "$TMP_DIR/canonical-path.log"
|
|
+ cat "$TMP_DIR/canonical-path.strace"
|
|
+ grep -qF "execve(\"$BASH_ABS\", [\"$PWD/./my-bash\"," "$TMP_DIR/canonical-path.strace"
|
|
+ grep -q "AUTHENTICATION COMPLETE" "$TMP_DIR/canonical-path.log"
|
|
+ rm -f "$TMP_DIR/canonical-path.log" "$TMP_DIR/canonical-path.strace"
|
|
+ rm -f "./my-bash"
|
|
+ rm -f "$TMP_DIR/preload.c" "$TMP_DIR/preload.so"
|
|
+fi
|
|
|