richardphibel / rpms / systemd

Forked from rpms/systemd 2 years ago
Clone
17aa40
From 71ebbd2da606c9cb4da694bbcc925078f253f496 Mon Sep 17 00:00:00 2001
17aa40
From: Yu Watanabe <watanabe.yu+github@gmail.com>
17aa40
Date: Wed, 6 Oct 2021 00:19:41 +0900
17aa40
Subject: [PATCH] core/service: also check path in exec commands
17aa40
17aa40
(cherry picked from commit 8688a389cabdff61efe187bb85cc1776de03c460)
17aa40
17aa40
Related: #2020239
17aa40
---
17aa40
 src/core/service.c | 10 +++++++++-
17aa40
 1 file changed, 9 insertions(+), 1 deletion(-)
17aa40
17aa40
diff --git a/src/core/service.c b/src/core/service.c
17aa40
index 12adf89dd4..ae31973774 100644
17aa40
--- a/src/core/service.c
17aa40
+++ b/src/core/service.c
17aa40
@@ -539,13 +539,21 @@ static int service_verify(Service *s) {
17aa40
         for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
17aa40
                 ExecCommand *command;
17aa40
 
17aa40
-                LIST_FOREACH(command, command, s->exec_command[c])
17aa40
+                LIST_FOREACH(command, command, s->exec_command[c]) {
17aa40
+                        if (!path_is_absolute(command->path) && !filename_is_valid(command->path)) {
17aa40
+                                log_unit_error(UNIT(s),
17aa40
+                                               "Service %s= binary path \"%s\" is neither a valid executable name nor an absolute path. Refusing.",
17aa40
+                                               command->path,
17aa40
+                                               service_exec_command_to_string(c));
17aa40
+                                return -ENOEXEC;
17aa40
+                        }
17aa40
                         if (strv_isempty(command->argv)) {
17aa40
                                 log_unit_error(UNIT(s),
17aa40
                                                "Service has an empty argv in %s=. Refusing.",
17aa40
                                                service_exec_command_to_string(c));
17aa40
                                 return -ENOEXEC;
17aa40
                         }
17aa40
+                }
17aa40
         }
17aa40
 
17aa40
         if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]) {