diff options
Diffstat (limited to 'meta/recipes-core/systemd/systemd/CVE-2023-26604-1.patch')
-rw-r--r-- | meta/recipes-core/systemd/systemd/CVE-2023-26604-1.patch | 115 |
1 files changed, 115 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/CVE-2023-26604-1.patch b/meta/recipes-core/systemd/systemd/CVE-2023-26604-1.patch new file mode 100644 index 0000000000..39f9480cf8 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2023-26604-1.patch | |||
@@ -0,0 +1,115 @@ | |||
1 | From 612ebf6c913dd0e4197c44909cb3157f5c51a2f0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Lennart Poettering <lennart@poettering.net> | ||
3 | Date: Mon, 31 Aug 2020 19:37:13 +0200 | ||
4 | Subject: [PATCH] pager: set $LESSSECURE whenver we invoke a pager | ||
5 | |||
6 | Some extra safety when invoked via "sudo". With this we address a | ||
7 | genuine design flaw of sudo, and we shouldn't need to deal with this. | ||
8 | But it's still a good idea to disable this surface given how exotic it | ||
9 | is. | ||
10 | |||
11 | Prompted by #5666 | ||
12 | |||
13 | CVE: CVE-2023-26604 | ||
14 | Upstream-Status: Backport [https://github.com/systemd/systemd/pull/17270/commits/612ebf6c913dd0e4197c44909cb3157f5c51a2f0] | ||
15 | Comments: Hunk not refreshed | ||
16 | Signed-off-by: rajmohan r <rajmohan.r@kpit.com> | ||
17 | --- | ||
18 | man/less-variables.xml | 9 +++++++++ | ||
19 | man/systemctl.xml | 1 + | ||
20 | man/systemd.xml | 1 + | ||
21 | src/shared/pager.c | 23 +++++++++++++++++++++-- | ||
22 | 4 files changed, 32 insertions(+), 2 deletions(-) | ||
23 | |||
24 | diff --git a/man/less-variables.xml b/man/less-variables.xml | ||
25 | index 08e513c99f8e..c52511ca8e18 100644 | ||
26 | --- a/man/less-variables.xml | ||
27 | +++ b/man/less-variables.xml | ||
28 | @@ -64,6 +64,15 @@ | ||
29 | the invoking terminal is determined to be UTF-8 compatible).</para></listitem> | ||
30 | </varlistentry> | ||
31 | |||
32 | + <varlistentry id='lesssecure'> | ||
33 | + <term><varname>$SYSTEMD_LESSSECURE</varname></term> | ||
34 | + | ||
35 | + <listitem><para>Takes a boolean argument. Overrides the <varname>$LESSSECURE</varname> environment | ||
36 | + variable when invoking the pager, which controls the "secure" mode of less (which disables commands | ||
37 | + such as <literal>|</literal> which allow to easily shell out to external command lines). By default | ||
38 | + less secure mode is enabled, with this setting it may be disabled.</para></listitem> | ||
39 | + </varlistentry> | ||
40 | + | ||
41 | <varlistentry id='colors'> | ||
42 | <term><varname>$SYSTEMD_COLORS</varname></term> | ||
43 | |||
44 | diff --git a/man/systemctl.xml b/man/systemctl.xml | ||
45 | index 1c5502883700..a3f0c3041a57 100644 | ||
46 | --- a/man/systemctl.xml | ||
47 | +++ b/man/systemctl.xml | ||
48 | @@ -2240,6 +2240,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err | ||
49 | <xi:include href="less-variables.xml" xpointer="pager"/> | ||
50 | <xi:include href="less-variables.xml" xpointer="less"/> | ||
51 | <xi:include href="less-variables.xml" xpointer="lesscharset"/> | ||
52 | + <xi:include href="less-variables.xml" xpointer="lesssecure"/> | ||
53 | <xi:include href="less-variables.xml" xpointer="colors"/> | ||
54 | <xi:include href="less-variables.xml" xpointer="urlify"/> | ||
55 | </refsect1> | ||
56 | diff --git a/man/systemd.xml b/man/systemd.xml | ||
57 | index a9040545c2ab..c92cfef77689 100644 | ||
58 | --- a/man/systemd.xml | ||
59 | +++ b/man/systemd.xml | ||
60 | @@ -692,6 +692,7 @@ | ||
61 | <xi:include href="less-variables.xml" xpointer="pager"/> | ||
62 | <xi:include href="less-variables.xml" xpointer="less"/> | ||
63 | <xi:include href="less-variables.xml" xpointer="lesscharset"/> | ||
64 | + <xi:include href="less-variables.xml" xpointer="lesssecure"/> | ||
65 | <xi:include href="less-variables.xml" xpointer="colors"/> | ||
66 | <xi:include href="less-variables.xml" xpointer="urlify"/> | ||
67 | |||
68 | diff --git a/src/shared/pager.c b/src/shared/pager.c | ||
69 | index e03be6d23b2d..9c21881241f5 100644 | ||
70 | --- a/src/shared/pager.c | ||
71 | +++ b/src/shared/pager.c | ||
72 | @@ -9,6 +9,7 @@ | ||
73 | #include <unistd.h> | ||
74 | |||
75 | #include "copy.h" | ||
76 | +#include "env-util.h" | ||
77 | #include "fd-util.h" | ||
78 | #include "fileio.h" | ||
79 | #include "io-util.h" | ||
80 | @@ -152,8 +153,7 @@ int pager_open(PagerFlags flags) { | ||
81 | _exit(EXIT_FAILURE); | ||
82 | } | ||
83 | |||
84 | - /* Initialize a good charset for less. This is | ||
85 | - * particularly important if we output UTF-8 | ||
86 | + /* Initialize a good charset for less. This is particularly important if we output UTF-8 | ||
87 | * characters. */ | ||
88 | less_charset = getenv("SYSTEMD_LESSCHARSET"); | ||
89 | if (!less_charset && is_locale_utf8()) | ||
90 | @@ -164,6 +164,25 @@ int pager_open(PagerFlags flags) { | ||
91 | _exit(EXIT_FAILURE); | ||
92 | } | ||
93 | |||
94 | + /* People might invoke us from sudo, don't needlessly allow less to be a way to shell out | ||
95 | + * privileged stuff. */ | ||
96 | + r = getenv_bool("SYSTEMD_LESSSECURE"); | ||
97 | + if (r == 0) { /* Remove env var if off */ | ||
98 | + if (unsetenv("LESSSECURE") < 0) { | ||
99 | + log_error_errno(errno, "Failed to uset environment variable LESSSECURE: %m"); | ||
100 | + _exit(EXIT_FAILURE); | ||
101 | + } | ||
102 | + } else { | ||
103 | + /* Set env var otherwise */ | ||
104 | + if (r < 0) | ||
105 | + log_warning_errno(r, "Unable to parse $SYSTEMD_LESSSECURE, ignoring: %m"); | ||
106 | + | ||
107 | + if (setenv("LESSSECURE", "1", 1) < 0) { | ||
108 | + log_error_errno(errno, "Failed to set environment variable LESSSECURE: %m"); | ||
109 | + _exit(EXIT_FAILURE); | ||
110 | + } | ||
111 | + } | ||
112 | + | ||
113 | if (pager_args) { | ||
114 | r = loop_write(exe_name_pipe[1], pager_args[0], strlen(pager_args[0]) + 1, false); | ||
115 | if (r < 0) { | ||