core: warn if a generator is world-writable

... because that is obviously a security risk. (cherry picked from commit da32cac8a014ddf048fc7bad84dafdbc204d4dc8) (cherry picked from commit 7ac58949a37db3ddb662908d3aadaf5934fec222)
2025-01-07 17:17:44 +03:00 · 2024-10-04 10:51:02 +02:00 · 2024-10-04 10:51:02 +02:00 · 3b0731b9d4
commit 3b0731b9d4
parent d0569c4405
3 changed files with 14 additions and 1 deletions
--- a/src/core/manager.c
+++ b/src/core/manager.c
@ -4003,7 +4003,7 @@ static int manager_execute_generators(Manager *m, char **paths, bool remount_ro)
                        /* callbacks= */ NULL, /* callback_args= */ NULL,
                        (char**) argv,
                        ge,
-                        EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS | EXEC_DIR_SET_SYSTEMD_EXEC_PID);
+                        EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS | EXEC_DIR_SET_SYSTEMD_EXEC_PID | EXEC_DIR_WARN_WORLD_WRITABLE);
 }

 static int manager_run_generators(Manager *m) {
--- a/src/shared/exec-util.c
+++ b/src/shared/exec-util.c
@ -147,6 +147,18 @@ static int do_execute(
                        log_debug("About to execute %s%s%s", t, argv ? " " : "", argv ? strnull(args) : "");
                }

+                if (FLAGS_SET(flags, EXEC_DIR_WARN_WORLD_WRITABLE)) {
+                        struct stat st;
+
+                        r = stat(t, &st);
+                        if (r < 0)
+                                log_warning_errno(errno, "Failed to stat '%s', ignoring: %m", t);
+                        else if (S_ISREG(st.st_mode) && (st.st_mode & 0002))
+                                log_warning("'%s' is marked world-writable, which is a security risk as it "
+                                            "is executed with privileges. Please remove world writability "
+                                            "permission bits. Proceeding anyway.", t);
+                }
+
                r = do_spawn(t, argv, fd, &pid, FLAGS_SET(flags, EXEC_DIR_SET_SYSTEMD_EXEC_PID));
                if (r <= 0)
                        continue;
--- a/src/shared/exec-util.h
+++ b/src/shared/exec-util.h
@ -20,6 +20,7 @@ typedef enum {
        EXEC_DIR_IGNORE_ERRORS        = 1 << 1, /* Ignore non-zero exit status of scripts */
        EXEC_DIR_SET_SYSTEMD_EXEC_PID = 1 << 2, /* Set $SYSTEMD_EXEC_PID environment variable */
        EXEC_DIR_SKIP_REMAINING       = 1 << 3, /* Ignore remaining executions when one exit with 77. */
+        EXEC_DIR_WARN_WORLD_WRITABLE  = 1 << 4, /* Warn if world writable files are found */
 } ExecDirFlags;

 typedef enum ExecCommandFlags {