LibC: The exec() family of functions should not search "." by default

We should only execute the filename verbatim if it contains a slash (/) character somewhere. Otherwise, we need to look through the entries in the PATH environment variable. This fixes an issue where you could easily "override" system programs by placing them in a directory you control, and then waiting for someone to come there and run e.g "ls" :^) Test: LibC/exec-should-not-search-current-directory.cpp
luteresa · Feb 1, 2020 · 998765a · 998765a
1 parent 268000e
commit 998765a
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 6 deletions.
diff --git a/Libraries/LibC/unistd.cpp b/Libraries/LibC/unistd.cpp
@@ -111,13 +111,10 @@ int execve(const char* filename, char* const argv[], char* const envp[])
 
 int execvpe(const char* filename, char* const argv[], char* const envp[])
 {
+ if (strchr(filename, '/'))
+ return execve(filename, argv, envp);
+
  ScopedValueRollback errno_rollback(errno);
- int rc = execve(filename, argv, envp);
- if (rc < 0 && errno != ENOENT) {
- errno_rollback.set_override_rollback_value(errno);
- dbg() << "execvpe() failed on first with" << strerror(errno);
- return rc;
- }
  String path = getenv("PATH");
  if (path.is_empty())
  path = "/bin:/usr/bin";

diff --git a/Tests/LibC/exec-should-not-search-current-directory.cpp b/Tests/LibC/exec-should-not-search-current-directory.cpp
@@ -0,0 +1,20 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+int main()
+{
+ int fd = open("hax", O_CREAT | O_RDWR, 0755);
+ ftruncate(fd, 0);
+ close(fd);
+
+ int rc = execlp("hax", "hax", nullptr);
+ int saved_errno = errno;
+ unlink("hax");
+ if (rc == -1 && saved_errno == ENOEXEC) {
+ printf("FAIL\n");
+ return 1;
+ }
+ printf("PASS\n");
+ return 0;
+}