shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-25 10:04:04 +03:00
Code

Merge pull request #18300 from yuwata/analyze-verify-18252

Browse Source 
analyze: resolve executable path if it is relative
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2021-01-19 08:41:15 +01:00 committed by GitHub
commit f1fb046a98
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/analyze/analyze-verify.c
View File

@ -115,14 +115,17 @@ static int verify_socket(Unit *u) {
} }
int verify_executable(Unit *u, const ExecCommand *exec) { int verify_executable(Unit *u, const ExecCommand *exec) {
int r;
if (!exec) if (!exec)
return 0; return 0;
if (exec->flags & EXEC_COMMAND_IGNORE_FAILURE) if (exec->flags & EXEC_COMMAND_IGNORE_FAILURE)
return 0; return 0;
if (access(exec->path, X_OK) < 0) r = find_executable_full(exec->path, false, NULL, NULL);
return log_unit_error_errno(u, errno, "Command %s is not executable: %m", exec->path); if (r < 0)
return log_unit_error_errno(u, r, "Command %s is not executable: %m", exec->path);
return 0; return 0;
} }

39
src/basic/path-util.c
View File

@ -586,10 +586,11 @@ char* path_join_internal(const char *first, ...) {
} }
static int check_x_access(const char *path, int *ret_fd) { static int check_x_access(const char *path, int *ret_fd) {
if (ret_fd) {
_cleanup_close_ int fd = -1; _cleanup_close_ int fd = -1;
const char *with_dash;
int r; int r;
if (ret_fd) {
/* We need to use O_PATH because there may be executables for which we have only exec /* We need to use O_PATH because there may be executables for which we have only exec
* permissions, but not read (usually suid executables). */ * permissions, but not read (usually suid executables). */
fd = open(path, O_PATH|O_CLOEXEC); fd = open(path, O_PATH|O_CLOEXEC);
@ -599,14 +600,24 @@ static int check_x_access(const char *path, int *ret_fd) {
r = access_fd(fd, X_OK); r = access_fd(fd, X_OK);
if (r < 0) if (r < 0)
return r; return r;
*ret_fd = TAKE_FD(fd);
} else { } else {
/* Let's optimize things a bit by not opening the file if we don't need the fd. */ /* Let's optimize things a bit by not opening the file if we don't need the fd. */
if (access(path, X_OK) < 0) if (access(path, X_OK) < 0)
return -errno; return -errno;
} }
with_dash = strjoina(path, "/");
/* If this passes, it must be a directory. */
if (access(with_dash, X_OK) >= 0)
return -EISDIR;
if (errno != ENOTDIR)
return -errno;
if (ret_fd)
*ret_fd = TAKE_FD(fd);
return 0; return 0;
} }
@ -663,19 +674,13 @@ int find_executable_full(const char *name, bool use_path_envvar, char **ret_file
return -ENOMEM; return -ENOMEM;
r = check_x_access(j, ret_fd ? &fd : NULL); r = check_x_access(j, ret_fd ? &fd : NULL);
if (r >= 0) { if (r < 0) {
_cleanup_free_ char *with_dash; /* PATH entries which we don't have access to are ignored, as per tradition. */
if (r != -EACCES)
with_dash = strjoin(j, "/"); last_error = r;
if (!with_dash)
return -ENOMEM;
/* If this passes, it must be a directory, and so should be skipped. */
if (access(with_dash, X_OK) >= 0)
continue; continue;
}
/* We can't just `continue` inverting this case, since we need to update last_error. */
if (errno == ENOTDIR) {
/* Found it! */ /* Found it! */
if (ret_filename) if (ret_filename)
*ret_filename = path_simplify(TAKE_PTR(j), false); *ret_filename = path_simplify(TAKE_PTR(j), false);
@ -684,12 +689,6 @@ int find_executable_full(const char *name, bool use_path_envvar, char **ret_file
return 0; return 0;
} }
}
/* PATH entries which we don't have access to are ignored, as per tradition. */
if (errno != EACCES)
last_error = -errno;
}
return last_error; return last_error;
} }