mirror of
https://github.com/RGBCube/serenity
synced 2025-10-31 20:02:44 +00:00
998765a7a6
We should only execute the filename verbatim if it contains a slash (/) character somewhere. Otherwise, we need to look through the entries in the PATH environment variable. This fixes an issue where you could easily "override" system programs by placing them in a directory you control, and then waiting for someone to come there and run e.g "ls" :^) Test: LibC/exec-should-not-search-current-directory.cpp
20 lines
386 B
C++
20 lines
386 B
C++
#include <stdio.h>
|
|
#include <unistd.h>
|
|
#include <fcntl.h>
|
|
|
|
int main()
|
|
{
|
|
int fd = open("hax", O_CREAT | O_RDWR, 0755);
|
|
ftruncate(fd, 0);
|
|
close(fd);
|
|
|
|
int rc = execlp("hax", "hax", nullptr);
|
|
int saved_errno = errno;
|
|
unlink("hax");
|
|
if (rc == -1 && saved_errno == ENOEXEC) {
|
|
printf("FAIL\n");
|
|
return 1;
|
|
}
|
|
printf("PASS\n");
|
|
return 0;
|
|
}
|