RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 14:28:12 +00:00
Code Issues Activity Actions

LibC: The exec() family of functions should not search "." by default

Browse source 
We should only execute the filename verbatim if it contains a slash (/)
character somewhere. Otherwise, we need to look through the entries in
the PATH environment variable.

This fixes an issue where you could easily "override" system programs
by placing them in a directory you control, and then waiting for
someone to come there and run e.g "ls" :^)

Test: LibC/exec-should-not-search-current-directory.cpp
This commit is contained in:
Andreas Kling 2020-02-01 16:05:04 +01:00
parent 268000e166
commit 998765a7a6
2 changed files with 23 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

9
Libraries/LibC/unistd.cpp
View file

@ -111,13 +111,10 @@ int execve(const char* filename, char* const argv[], char* const envp[])
int execvpe(const char* filename, char* const argv[], char* const envp[])
{
if (strchr(filename, '/'))
return execve(filename, argv, envp);
ScopedValueRollback errno_rollback(errno);
int rc = execve(filename, argv, envp);
if (rc < 0 && errno != ENOENT) {
errno_rollback.set_override_rollback_value(errno);
dbg() << "execvpe() failed on first with" << strerror(errno);
return rc;
}
String path = getenv("PATH");
if (path.is_empty())
path = "/bin:/usr/bin";