mirror of
https://gitlab.alpinelinux.org/alpine/abuild.git
synced 2025-01-12 01:39:45 +00:00
abuild-sudo: don't allow --keys-dir
Not allowing --allow-untrusted is obviously a good idea, but it can be trivially bypassed if --keys-dir is allowed: $ abuild-apk add foo-1-r0.apk ERROR: foo-1-r0.apk: UNTRUSTED signature $ abuild-apk --allow-untrusted add foo-1-r0.apk abuild-apk: --allow-untrusted: not allowed option $ cp -rp /etc/apk/keys /tmp/keys $ cp untrusted.pub /tmp/keys $ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk (1/1) Installing foo (1-r0) OK: 4319 MiB in 806 packages If both --allow-untrusted and --keys-dir are not allowed, then it should no longer be possible for an unprivileged member of the abuild group to add an untrusted package. $ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk abuild-apk: --keys-dir: not allowed option
This commit is contained in:
parent
0b3f983772
commit
297de93aef
@ -32,6 +32,12 @@ static const char* valid_cmds[] = {
|
|||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static const char* invalid_opts[] = {
|
||||||
|
"--allow-untrusted",
|
||||||
|
"--keys-dir",
|
||||||
|
NULL,
|
||||||
|
};
|
||||||
|
|
||||||
const char *get_command_path(const char *cmd)
|
const char *get_command_path(const char *cmd)
|
||||||
{
|
{
|
||||||
const char *p;
|
const char *p;
|
||||||
@ -46,6 +52,14 @@ const char *get_command_path(const char *cmd)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void check_option(const char *opt)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
for (i = 0; invalid_opts[i] != NULL; i++)
|
||||||
|
if (strcmp(opt, invalid_opts[i]) == 0)
|
||||||
|
errx(1, "%s: not allowed option", opt);
|
||||||
|
}
|
||||||
|
|
||||||
int is_in_group(gid_t group)
|
int is_in_group(gid_t group)
|
||||||
{
|
{
|
||||||
int ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
|
int ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
|
||||||
@ -105,10 +119,8 @@ int main(int argc, const char *argv[])
|
|||||||
if (path == NULL)
|
if (path == NULL)
|
||||||
errx(1, "%s: Not a valid subcommand", cmd);
|
errx(1, "%s: Not a valid subcommand", cmd);
|
||||||
|
|
||||||
/* we dont allow --allow-untrusted option */
|
|
||||||
for (i = 1; i < argc; i++)
|
for (i = 1; i < argc; i++)
|
||||||
if (strcmp(argv[i], "--allow-untrusted") == 0)
|
check_option(argv[i]);
|
||||||
errx(1, "%s: not allowed option", "--allow-untrusted");
|
|
||||||
|
|
||||||
argv[0] = path;
|
argv[0] = path;
|
||||||
/* set our uid to root so bbsuid --install works */
|
/* set our uid to root so bbsuid --install works */
|
||||||
|
Loading…
Reference in New Issue
Block a user