naccyde / rpms / systemd

Forked from rpms/systemd a year ago
Clone
b8c242
From 71ebbd2da606c9cb4da694bbcc925078f253f496 Mon Sep 17 00:00:00 2001
b8c242
From: Yu Watanabe <watanabe.yu+github@gmail.com>
b8c242
Date: Wed, 6 Oct 2021 00:19:41 +0900
b8c242
Subject: [PATCH] core/service: also check path in exec commands
b8c242
b8c242
(cherry picked from commit 8688a389cabdff61efe187bb85cc1776de03c460)
b8c242
b8c242
Related: #2020239
b8c242
---
b8c242
 src/core/service.c | 10 +++++++++-
b8c242
 1 file changed, 9 insertions(+), 1 deletion(-)
b8c242
b8c242
diff --git a/src/core/service.c b/src/core/service.c
b8c242
index 12adf89dd4..ae31973774 100644
b8c242
--- a/src/core/service.c
b8c242
+++ b/src/core/service.c
b8c242
@@ -539,13 +539,21 @@ static int service_verify(Service *s) {
b8c242
         for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
b8c242
                 ExecCommand *command;
b8c242
 
b8c242
-                LIST_FOREACH(command, command, s->exec_command[c])
b8c242
+                LIST_FOREACH(command, command, s->exec_command[c]) {
b8c242
+                        if (!path_is_absolute(command->path) && !filename_is_valid(command->path)) {
b8c242
+                                log_unit_error(UNIT(s),
b8c242
+                                               "Service %s= binary path \"%s\" is neither a valid executable name nor an absolute path. Refusing.",
b8c242
+                                               command->path,
b8c242
+                                               service_exec_command_to_string(c));
b8c242
+                                return -ENOEXEC;
b8c242
+                        }
b8c242
                         if (strv_isempty(command->argv)) {
b8c242
                                 log_unit_error(UNIT(s),
b8c242
                                                "Service has an empty argv in %s=. Refusing.",
b8c242
                                                service_exec_command_to_string(c));
b8c242
                                 return -ENOEXEC;
b8c242
                         }
b8c242
+                }
b8c242
         }
b8c242
 
b8c242
         if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]) {