1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00

pager: set $LESSSECURE whenver we invoke a pager

Some extra safety when invoked via "sudo". With this we address a
genuine design flaw of sudo, and we shouldn't need to deal with this.
But it's still a good idea to disable this surface given how exotic it
is.

Prompted by #5666
This commit is contained in:
Lennart Poettering 2020-08-31 19:37:13 +02:00 committed by Zbigniew Jędrzejewski-Szmek
parent 5b49641015
commit 612ebf6c91
4 changed files with 32 additions and 2 deletions

View File

@ -64,6 +64,15 @@
the invoking terminal is determined to be UTF-8 compatible).</para></listitem>
</varlistentry>
<varlistentry id='lesssecure'>
<term><varname>$SYSTEMD_LESSSECURE</varname></term>
<listitem><para>Takes a boolean argument. Overrides the <varname>$LESSSECURE</varname> environment
variable when invoking the pager, which controls the "secure" mode of less (which disables commands
such as <literal>|</literal> which allow to easily shell out to external command lines). By default
less secure mode is enabled, with this setting it may be disabled.</para></listitem>
</varlistentry>
<varlistentry id='colors'>
<term><varname>$SYSTEMD_COLORS</varname></term>

View File

@ -2240,6 +2240,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
<xi:include href="less-variables.xml" xpointer="pager"/>
<xi:include href="less-variables.xml" xpointer="less"/>
<xi:include href="less-variables.xml" xpointer="lesscharset"/>
<xi:include href="less-variables.xml" xpointer="lesssecure"/>
<xi:include href="less-variables.xml" xpointer="colors"/>
<xi:include href="less-variables.xml" xpointer="urlify"/>
</refsect1>

View File

@ -692,6 +692,7 @@
<xi:include href="less-variables.xml" xpointer="pager"/>
<xi:include href="less-variables.xml" xpointer="less"/>
<xi:include href="less-variables.xml" xpointer="lesscharset"/>
<xi:include href="less-variables.xml" xpointer="lesssecure"/>
<xi:include href="less-variables.xml" xpointer="colors"/>
<xi:include href="less-variables.xml" xpointer="urlify"/>

View File

@ -9,6 +9,7 @@
#include <unistd.h>
#include "copy.h"
#include "env-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "io-util.h"
@ -152,8 +153,7 @@ int pager_open(PagerFlags flags) {
_exit(EXIT_FAILURE);
}
/* Initialize a good charset for less. This is
* particularly important if we output UTF-8
/* Initialize a good charset for less. This is particularly important if we output UTF-8
* characters. */
less_charset = getenv("SYSTEMD_LESSCHARSET");
if (!less_charset && is_locale_utf8())
@ -164,6 +164,25 @@ int pager_open(PagerFlags flags) {
_exit(EXIT_FAILURE);
}
/* People might invoke us from sudo, don't needlessly allow less to be a way to shell out
* privileged stuff. */
r = getenv_bool("SYSTEMD_LESSSECURE");
if (r == 0) { /* Remove env var if off */
if (unsetenv("LESSSECURE") < 0) {
log_error_errno(errno, "Failed to uset environment variable LESSSECURE: %m");
_exit(EXIT_FAILURE);
}
} else {
/* Set env var otherwise */
if (r < 0)
log_warning_errno(r, "Unable to parse $SYSTEMD_LESSSECURE, ignoring: %m");
if (setenv("LESSSECURE", "1", 1) < 0) {
log_error_errno(errno, "Failed to set environment variable LESSSECURE: %m");
_exit(EXIT_FAILURE);
}
}
if (pager_args) {
r = loop_write(exe_name_pipe[1], pager_args[0], strlen(pager_args[0]) + 1, false);
if (r < 0) {