shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-03-08 20:58:20 +03:00
Code

tree-wide: some additional checks to avoid CVE-2021-4034 style weaknesses

Browse Source
This commit is contained in:
Lennart Poettering 2022-01-31 17:58:18 +01:00 committed by Luca Boccassi
parent e5b90b30c2
commit 69339ae9f7
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/core/execute.c
View File

@ -4058,6 +4058,10 @@ static int exec_child(
assert(params);
assert(exit_status);
/* Explicitly test for CVE-2021-4034 inspired invocations */
assert(command->path);
assert(!strv_isempty(command->argv));
rename_process_from_path(command->path);
/* We reset exactly these signals, since they are the only ones we set to SIG_IGN in the main

9
src/shared/exec-util.c
View File

@ -449,7 +449,16 @@ ExecCommandFlags exec_command_flags_from_string(const char *s) {
}
int fexecve_or_execve(int executable_fd, const char *executable, char *const argv[], char *const envp[]) {
/* Refuse invalid fds, regardless if fexecve() use is enabled or not */
if (executable_fd < 0)
return -EBADF;
/* Block any attempts on exploiting Linux' liberal argv[] handling, i.e. CVE-2021-4034 and suchlike */
if (isempty(executable) || strv_isempty(argv))
return -EINVAL;
#if ENABLE_FEXECVE
execveat(executable_fd, "", argv, envp, AT_EMPTY_PATH);
if (IN_SET(errno, ENOSYS, ENOENT) || ERRNO_IS_PRIVILEGE(errno))