From 6b745e0dc3a669640d7ec9b70b5d666c56dc6706 Mon Sep 17 00:00:00 2001 From: Julian Blake Kongslie Date: Sat, 29 Sep 2018 15:10:10 -0700 Subject: Always treat commands as relative to the current working directory. --- main.cc | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/main.cc b/main.cc index 8448f3f..fef5c54 100644 --- a/main.cc +++ b/main.cc @@ -283,12 +283,20 @@ int main( int argc, char *argv[] ) { return 1; }; + char *cwd = getcwd( nullptr, 0 ); + if ( not cwd ) + assert_perror( errno ); + char *user = argv[1]; char *group = argv[2]; - char *cmd = argv[3]; + char *relcmd = argv[3]; char **args = argv + 3; - DEBUG( "insecuresuexec user=%s group=%s cmd=%s\n", user, group, cmd ); + std::string cmd = cwd; + cmd += '/'; + cmd += relcmd; + + DEBUG( "insecuresuexec user=%s group=%s cwd=%s cmd=%s\n", user, group, cwd, cmd.c_str() ); uid_t uid; gid_t gid; @@ -297,7 +305,7 @@ int main( int argc, char *argv[] ) { bool did_override = false; for ( auto i = override->begin( ); i != override->end( ); ++i ) { - if ( i->match( cmd ) ) { + if ( i->match( cmd.c_str() ) ) { DEBUG( " cmd matched, now uid=%u gid=%u\n", i->uid, i->gid ); @@ -351,7 +359,7 @@ int main( int argc, char *argv[] ) { if ( setreuid( uid, uid ) != 0 ) assert_perror( errno ); - execv( cmd, args ); + execv( cmd.c_str(), args ); assert_perror( errno ); } -- cgit v1.2.3