| 1 |
pinkbyte 14/09/02 07:07:02 |
| 2 |
|
| 3 |
Added: proot-4.0.1-argv.patch |
| 4 |
Log: |
| 5 |
Version bump, wrt bug #520050 with fix for bug #517496. Thanks to Joakim Tjernlund <Joakim.Tjernlund AT transmode.se> for discovering this issues. Drop old version |
| 6 |
|
| 7 |
(Portage version: 2.2.12/cvs/Linux x86_64, signed Manifest commit with key 0x1F357D42) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.1 sys-apps/proot/files/proot-4.0.1-argv.patch |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/proot/files/proot-4.0.1-argv.patch?rev=1.1&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/proot/files/proot-4.0.1-argv.patch?rev=1.1&content-type=text/plain |
| 14 |
|
| 15 |
Index: proot-4.0.1-argv.patch |
| 16 |
=================================================================== |
| 17 |
commit 520fa3601c36dd0a3c84e310bd2a1189259000bd |
| 18 |
Author: Cédric VINCENT <cedric.vincent@××.com> |
| 19 |
Date: Thu Aug 7 14:29:37 2014 +0200 |
| 20 |
|
| 21 |
Don't dereference argv[0] when launching a script through a symlink. |
| 22 |
|
| 23 |
Reported-by: Joakim Tjernlund <Joakim.Tjernlund@×××××××××.se> |
| 24 |
Ref: https://bugs.gentoo.org/show_bug.cgi?id=517496 |
| 25 |
|
| 26 |
Also, don't complain about non-regular or non-executable files that |
| 27 |
are not explicitely candidates. |
| 28 |
|
| 29 |
diff --git a/src/path/path.c b/src/path/path.c |
| 30 |
index 4225876..ecdef70 100644 |
| 31 |
--- a/src/path/path.c |
| 32 |
+++ b/src/path/path.c |
| 33 |
@@ -219,17 +219,21 @@ int which(Tracee *tracee, const char *paths, char host_path[PATH_MAX], char *con |
| 34 |
/* Is the command available without any $PATH look-up? */ |
| 35 |
status = realpath2(tracee, host_path, command, true); |
| 36 |
if (status == 0 && stat(host_path, &statr) == 0) { |
| 37 |
- if (!S_ISREG(statr.st_mode)) { |
| 38 |
+ if (is_explicit && !S_ISREG(statr.st_mode)) { |
| 39 |
notice(tracee, ERROR, USER, "'%s' is not a regular file", command); |
| 40 |
return -EACCES; |
| 41 |
} |
| 42 |
|
| 43 |
- if ((statr.st_mode & S_IXUSR) == 0) { |
| 44 |
+ if (is_explicit && (statr.st_mode & S_IXUSR) == 0) { |
| 45 |
notice(tracee, ERROR, USER, "'%s' is not executable", command); |
| 46 |
return -EACCES; |
| 47 |
} |
| 48 |
|
| 49 |
found = true; |
| 50 |
+ |
| 51 |
+ /* Don't dereference the final component to preserve |
| 52 |
+ * argv0 in case it is a symlink to script. */ |
| 53 |
+ (void) realpath2(tracee, host_path, command, false); |
| 54 |
} |
| 55 |
else |
| 56 |
found = false; |
| 57 |
@@ -274,8 +278,12 @@ int which(Tracee *tracee, const char *paths, char host_path[PATH_MAX], char *con |
| 58 |
if (status == 0 |
| 59 |
&& stat(host_path, &statr) == 0 |
| 60 |
&& S_ISREG(statr.st_mode) |
| 61 |
- && (statr.st_mode & S_IXUSR) != 0) |
| 62 |
- return 0; |
| 63 |
+ && (statr.st_mode & S_IXUSR) != 0) { |
| 64 |
+ /* Don't dereference the final component to preserve |
| 65 |
+ * argv0 in case it is a symlink to script. */ |
| 66 |
+ (void) realpath2(tracee, host_path, path, false); |
| 67 |
+ return 0; |
| 68 |
+ } |
| 69 |
} while (*(cursor - 1) != '\0'); |
| 70 |
|
| 71 |
not_found: |
| 72 |
diff --git a/src/tracee/event.c b/src/tracee/event.c |
| 73 |
index 70668d6..5905c43 100644 |
| 74 |
--- a/src/tracee/event.c |
| 75 |
+++ b/src/tracee/event.c |
| 76 |
@@ -92,7 +92,7 @@ int launch_process(Tracee *tracee) |
| 77 |
* guest rootfs. Note: Valgrind can't handle execve(2) on |
| 78 |
* "foreign" binaries (ENOEXEC) but can handle execvp(3) on such |
| 79 |
* binaries. */ |
| 80 |
- execvp(tracee->exe, tracee->cmdline); |
| 81 |
+ execv(tracee->exe, tracee->cmdline); |
| 82 |
return -errno; |
| 83 |
|
| 84 |
default: /* parent */ |
| 85 |
diff --git a/tests/test-713b6910.sh b/tests/test-713b6910.sh |
| 86 |
new file mode 100644 |
| 87 |
index 0000000..82e01fd |
| 88 |
--- /dev/null |
| 89 |
+++ b/tests/test-713b6910.sh |
| 90 |
@@ -0,0 +1,51 @@ |
| 91 |
+if [ -z `which mcookie` ] || [ -z `which rm` ] || [ -z `which cat` ] || [ -z `which chmod` ] || [ -z `which ln` ] || [ -z `which grep` ] || [ -z `which mkdir` ] || [ ! -x ${ROOTFS}/bin/readlink ]; then |
| 92 |
+ exit 125; |
| 93 |
+fi |
| 94 |
+ |
| 95 |
+###################################################################### |
| 96 |
+ |
| 97 |
+TMP1=/tmp/$(mcookie) |
| 98 |
+TMP2=/tmp/$(mcookie) |
| 99 |
+TMP3=/tmp/$(mcookie) |
| 100 |
+TMP4=/tmp/$(mcookie) |
| 101 |
+ |
| 102 |
+rm -fr ${TMP1} ${TMP2} ${TMP3} ${TMP4} |
| 103 |
+ |
| 104 |
+###################################################################### |
| 105 |
+ |
| 106 |
+cat > ${TMP1} <<'EOF' |
| 107 |
+#!/bin/sh |
| 108 |
+echo $0 |
| 109 |
+EOF |
| 110 |
+ |
| 111 |
+chmod +x ${TMP1} |
| 112 |
+ln -s ${TMP1} ${TMP2} |
| 113 |
+ |
| 114 |
+${PROOT} ${TMP2} | grep -v ${TMP1} |
| 115 |
+${PROOT} ${TMP2} | grep ${TMP2} |
| 116 |
+ |
| 117 |
+###################################################################### |
| 118 |
+ |
| 119 |
+mkdir -p ${TMP3} |
| 120 |
+cd ${TMP3} |
| 121 |
+ |
| 122 |
+ln -s $(which true) false |
| 123 |
+! ${PROOT} false |
| 124 |
+ |
| 125 |
+echo "#!$(which false)" > true |
| 126 |
+chmod a-x true |
| 127 |
+${PROOT} true |
| 128 |
+ |
| 129 |
+###################################################################### |
| 130 |
+ |
| 131 |
+ln -s ${ROOTFS}/bin/readlink ${TMP4} |
| 132 |
+ |
| 133 |
+TEST1=$(${PROOT} ${ROOTFS}/bin/readlink /proc/self/exe) |
| 134 |
+TEST2=$(${PROOT} ${TMP4} /proc/self/exe) |
| 135 |
+ |
| 136 |
+test "${TEST1}" = "${TEST2}" |
| 137 |
+ |
| 138 |
+###################################################################### |
| 139 |
+ |
| 140 |
+cd / |
| 141 |
+rm -fr ${TMP1} ${TMP2} ${TMP3} ${TMP4} |
Archives