|
 |
b8c242 |
From 71ebbd2da606c9cb4da694bbcc925078f253f496 Mon Sep 17 00:00:00 2001
|
|
|
b8c242 |
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
|
|
b8c242 |
Date: Wed, 6 Oct 2021 00:19:41 +0900
|
|
|
b8c242 |
Subject: [PATCH] core/service: also check path in exec commands
|
|
|
b8c242 |
|
|
|
b8c242 |
(cherry picked from commit 8688a389cabdff61efe187bb85cc1776de03c460)
|
|
|
b8c242 |
|
|
|
b8c242 |
Related: #2020239
|
|
|
b8c242 |
---
|
|
|
b8c242 |
src/core/service.c | 10 +++++++++-
|
|
|
b8c242 |
1 file changed, 9 insertions(+), 1 deletion(-)
|
|
|
b8c242 |
|
|
|
b8c242 |
diff --git a/src/core/service.c b/src/core/service.c
|
|
|
b8c242 |
index 12adf89dd4..ae31973774 100644
|
|
|
b8c242 |
--- a/src/core/service.c
|
|
|
b8c242 |
+++ b/src/core/service.c
|
|
|
b8c242 |
@@ -539,13 +539,21 @@ static int service_verify(Service *s) {
|
|
|
b8c242 |
for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
|
|
|
b8c242 |
ExecCommand *command;
|
|
|
b8c242 |
|
|
|
b8c242 |
- LIST_FOREACH(command, command, s->exec_command[c])
|
|
|
b8c242 |
+ LIST_FOREACH(command, command, s->exec_command[c]) {
|
|
|
b8c242 |
+ if (!path_is_absolute(command->path) && !filename_is_valid(command->path)) {
|
|
|
b8c242 |
+ log_unit_error(UNIT(s),
|
|
|
b8c242 |
+ "Service %s= binary path \"%s\" is neither a valid executable name nor an absolute path. Refusing.",
|
|
|
b8c242 |
+ command->path,
|
|
|
b8c242 |
+ service_exec_command_to_string(c));
|
|
|
b8c242 |
+ return -ENOEXEC;
|
|
|
b8c242 |
+ }
|
|
|
b8c242 |
if (strv_isempty(command->argv)) {
|
|
|
b8c242 |
log_unit_error(UNIT(s),
|
|
|
b8c242 |
"Service has an empty argv in %s=. Refusing.",
|
|
|
b8c242 |
service_exec_command_to_string(c));
|
|
|
b8c242 |
return -ENOEXEC;
|
|
|
b8c242 |
}
|
|
|
b8c242 |
+ }
|
|
|
b8c242 |
}
|
|
|
b8c242 |
|
|
|
b8c242 |
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]) {
|