naccyde / rpms / systemd

Forked from rpms/systemd a year ago
Clone
be0c12
From 71ebbd2da606c9cb4da694bbcc925078f253f496 Mon Sep 17 00:00:00 2001
be0c12
From: Yu Watanabe <watanabe.yu+github@gmail.com>
be0c12
Date: Wed, 6 Oct 2021 00:19:41 +0900
be0c12
Subject: [PATCH] core/service: also check path in exec commands
be0c12
be0c12
(cherry picked from commit 8688a389cabdff61efe187bb85cc1776de03c460)
be0c12
be0c12
Related: #2020239
be0c12
---
be0c12
 src/core/service.c | 10 +++++++++-
be0c12
 1 file changed, 9 insertions(+), 1 deletion(-)
be0c12
be0c12
diff --git a/src/core/service.c b/src/core/service.c
be0c12
index 12adf89dd4..ae31973774 100644
be0c12
--- a/src/core/service.c
be0c12
+++ b/src/core/service.c
be0c12
@@ -539,13 +539,21 @@ static int service_verify(Service *s) {
be0c12
         for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
be0c12
                 ExecCommand *command;
be0c12
 
be0c12
-                LIST_FOREACH(command, command, s->exec_command[c])
be0c12
+                LIST_FOREACH(command, command, s->exec_command[c]) {
be0c12
+                        if (!path_is_absolute(command->path) && !filename_is_valid(command->path)) {
be0c12
+                                log_unit_error(UNIT(s),
be0c12
+                                               "Service %s= binary path \"%s\" is neither a valid executable name nor an absolute path. Refusing.",
be0c12
+                                               command->path,
be0c12
+                                               service_exec_command_to_string(c));
be0c12
+                                return -ENOEXEC;
be0c12
+                        }
be0c12
                         if (strv_isempty(command->argv)) {
be0c12
                                 log_unit_error(UNIT(s),
be0c12
                                                "Service has an empty argv in %s=. Refusing.",
be0c12
                                                service_exec_command_to_string(c));
be0c12
                                 return -ENOEXEC;
be0c12
                         }
be0c12
+                }
be0c12
         }
be0c12
 
be0c12
         if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]) {