[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] util: honor anchored names when searching for executables



On 07/12/2011 08:51 PM, Daniel Veillard wrote:
> On Tue, Jul 12, 2011 at 04:51:51PM -0600, Eric Blake wrote:
>> I got bit in a debugging session on an uninstalled libvirtd; the
>> code tried to call out to the installed $LIBEXECDIR/libvirt_iohelper
>> instead of my just-built version.  So I set a breakpoint and altered
>> the binary name to be "./src/libvirt_iohelper", and it still failed
>> because I don't have "." on my PATH.
>>
>> According to POSIX, execvp only searches PATH if the name does
>> not contain a slash.  Since we are trying to mimic that behavior,
>> an anchored name should be relative to the current working dir.
>>

>>
>> +    /* If we are passed an anchored path (containing a /), then there
>> +     * is no path search - it must exist in the current directory
>> +     */
>> +    if (strchr(file, '/')) {
>> +        virFileAbsPath(file, &path);
>> +        return path;
>> +    }
>> +
>>      /* copy PATH env so we can tweak it */
>>      path = getenv("PATH");
> 
> That sounds right. The only issue is that the slight change of semantic
> may suddenly allow to run binaries outside of $PATH which may be a
> security concern.

You can already run binaries outside of $PATH by giving an absolute
name.  All this does is actually avoid the PATH search on anchored
relative names.

> But virFindFileInPath() shouldn't be the place to
> implement such a security control, so ACK,

I realized that I missed two pieces - virFileAbsPath is
attribute-warn-unused, and the file also has to be executable.  I
squashed this in, then pushed.

diff --git i/src/util/util.c w/src/util/util.c
index 1654cc2..08c8050 100644
--- i/src/util/util.c
+++ w/src/util/util.c
@@ -578,7 +578,7 @@ int virFileResolveLink(const char *linkpath,
  */
 char *virFindFileInPath(const char *file)
 {
-    char *path;
+    char *path = NULL;
     char *pathiter;
     char *pathseg;
     char *fullpath = NULL;
@@ -600,7 +600,8 @@ char *virFindFileInPath(const char *file)
      * is no path search - it must exist in the current directory
      */
     if (strchr(file, '/')) {
-        virFileAbsPath(file, &path);
+        if (virFileIsExecutable(file))
+            ignore_value(virFileAbsPath(file, &path));
         return path;
     }


-- 
Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]