1 |
pinkbyte 14/09/02 07:07:02 |
2 |
|
3 |
Added: proot-4.0.1-argv.patch |
4 |
Log: |
5 |
Version bump, wrt bug #520050 with fix for bug #517496. Thanks to Joakim Tjernlund <Joakim.Tjernlund AT transmode.se> for discovering this issues. Drop old version |
6 |
|
7 |
(Portage version: 2.2.12/cvs/Linux x86_64, signed Manifest commit with key 0x1F357D42) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 sys-apps/proot/files/proot-4.0.1-argv.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/proot/files/proot-4.0.1-argv.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/proot/files/proot-4.0.1-argv.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: proot-4.0.1-argv.patch |
16 |
=================================================================== |
17 |
commit 520fa3601c36dd0a3c84e310bd2a1189259000bd |
18 |
Author: Cédric VINCENT <cedric.vincent@××.com> |
19 |
Date: Thu Aug 7 14:29:37 2014 +0200 |
20 |
|
21 |
Don't dereference argv[0] when launching a script through a symlink. |
22 |
|
23 |
Reported-by: Joakim Tjernlund <Joakim.Tjernlund@×××××××××.se> |
24 |
Ref: https://bugs.gentoo.org/show_bug.cgi?id=517496 |
25 |
|
26 |
Also, don't complain about non-regular or non-executable files that |
27 |
are not explicitely candidates. |
28 |
|
29 |
diff --git a/src/path/path.c b/src/path/path.c |
30 |
index 4225876..ecdef70 100644 |
31 |
--- a/src/path/path.c |
32 |
+++ b/src/path/path.c |
33 |
@@ -219,17 +219,21 @@ int which(Tracee *tracee, const char *paths, char host_path[PATH_MAX], char *con |
34 |
/* Is the command available without any $PATH look-up? */ |
35 |
status = realpath2(tracee, host_path, command, true); |
36 |
if (status == 0 && stat(host_path, &statr) == 0) { |
37 |
- if (!S_ISREG(statr.st_mode)) { |
38 |
+ if (is_explicit && !S_ISREG(statr.st_mode)) { |
39 |
notice(tracee, ERROR, USER, "'%s' is not a regular file", command); |
40 |
return -EACCES; |
41 |
} |
42 |
|
43 |
- if ((statr.st_mode & S_IXUSR) == 0) { |
44 |
+ if (is_explicit && (statr.st_mode & S_IXUSR) == 0) { |
45 |
notice(tracee, ERROR, USER, "'%s' is not executable", command); |
46 |
return -EACCES; |
47 |
} |
48 |
|
49 |
found = true; |
50 |
+ |
51 |
+ /* Don't dereference the final component to preserve |
52 |
+ * argv0 in case it is a symlink to script. */ |
53 |
+ (void) realpath2(tracee, host_path, command, false); |
54 |
} |
55 |
else |
56 |
found = false; |
57 |
@@ -274,8 +278,12 @@ int which(Tracee *tracee, const char *paths, char host_path[PATH_MAX], char *con |
58 |
if (status == 0 |
59 |
&& stat(host_path, &statr) == 0 |
60 |
&& S_ISREG(statr.st_mode) |
61 |
- && (statr.st_mode & S_IXUSR) != 0) |
62 |
- return 0; |
63 |
+ && (statr.st_mode & S_IXUSR) != 0) { |
64 |
+ /* Don't dereference the final component to preserve |
65 |
+ * argv0 in case it is a symlink to script. */ |
66 |
+ (void) realpath2(tracee, host_path, path, false); |
67 |
+ return 0; |
68 |
+ } |
69 |
} while (*(cursor - 1) != '\0'); |
70 |
|
71 |
not_found: |
72 |
diff --git a/src/tracee/event.c b/src/tracee/event.c |
73 |
index 70668d6..5905c43 100644 |
74 |
--- a/src/tracee/event.c |
75 |
+++ b/src/tracee/event.c |
76 |
@@ -92,7 +92,7 @@ int launch_process(Tracee *tracee) |
77 |
* guest rootfs. Note: Valgrind can't handle execve(2) on |
78 |
* "foreign" binaries (ENOEXEC) but can handle execvp(3) on such |
79 |
* binaries. */ |
80 |
- execvp(tracee->exe, tracee->cmdline); |
81 |
+ execv(tracee->exe, tracee->cmdline); |
82 |
return -errno; |
83 |
|
84 |
default: /* parent */ |
85 |
diff --git a/tests/test-713b6910.sh b/tests/test-713b6910.sh |
86 |
new file mode 100644 |
87 |
index 0000000..82e01fd |
88 |
--- /dev/null |
89 |
+++ b/tests/test-713b6910.sh |
90 |
@@ -0,0 +1,51 @@ |
91 |
+if [ -z `which mcookie` ] || [ -z `which rm` ] || [ -z `which cat` ] || [ -z `which chmod` ] || [ -z `which ln` ] || [ -z `which grep` ] || [ -z `which mkdir` ] || [ ! -x ${ROOTFS}/bin/readlink ]; then |
92 |
+ exit 125; |
93 |
+fi |
94 |
+ |
95 |
+###################################################################### |
96 |
+ |
97 |
+TMP1=/tmp/$(mcookie) |
98 |
+TMP2=/tmp/$(mcookie) |
99 |
+TMP3=/tmp/$(mcookie) |
100 |
+TMP4=/tmp/$(mcookie) |
101 |
+ |
102 |
+rm -fr ${TMP1} ${TMP2} ${TMP3} ${TMP4} |
103 |
+ |
104 |
+###################################################################### |
105 |
+ |
106 |
+cat > ${TMP1} <<'EOF' |
107 |
+#!/bin/sh |
108 |
+echo $0 |
109 |
+EOF |
110 |
+ |
111 |
+chmod +x ${TMP1} |
112 |
+ln -s ${TMP1} ${TMP2} |
113 |
+ |
114 |
+${PROOT} ${TMP2} | grep -v ${TMP1} |
115 |
+${PROOT} ${TMP2} | grep ${TMP2} |
116 |
+ |
117 |
+###################################################################### |
118 |
+ |
119 |
+mkdir -p ${TMP3} |
120 |
+cd ${TMP3} |
121 |
+ |
122 |
+ln -s $(which true) false |
123 |
+! ${PROOT} false |
124 |
+ |
125 |
+echo "#!$(which false)" > true |
126 |
+chmod a-x true |
127 |
+${PROOT} true |
128 |
+ |
129 |
+###################################################################### |
130 |
+ |
131 |
+ln -s ${ROOTFS}/bin/readlink ${TMP4} |
132 |
+ |
133 |
+TEST1=$(${PROOT} ${ROOTFS}/bin/readlink /proc/self/exe) |
134 |
+TEST2=$(${PROOT} ${TMP4} /proc/self/exe) |
135 |
+ |
136 |
+test "${TEST1}" = "${TEST2}" |
137 |
+ |
138 |
+###################################################################### |
139 |
+ |
140 |
+cd / |
141 |
+rm -fr ${TMP1} ${TMP2} ${TMP3} ${TMP4} |