41 lines
2.0 KiB
Diff
41 lines
2.0 KiB
Diff
From b1b3716efebb7c52254b7029a05b1ec0c8d317bd Mon Sep 17 00:00:00 2001
|
|
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
|
Date: Wed, 6 Oct 2021 00:19:41 +0900
|
|
Subject: [PATCH] core/service: also check path in exec commands
|
|
|
|
(cherry picked from commit 8688a389cabdff61efe187bb85cc1776de03c460)
|
|
(cherry picked from commit b3978cf401306a793c7531299a5e9b3c63e53a27)
|
|
|
|
Conflict:different code contexts, manual synchronization path
|
|
Reference:https://github.com/systemd/systemd-stable/commit/bf7eedbf8f8c83d9e775c80275f98f506ec963c6
|
|
---
|
|
src/core/service.c | 8 +++++++-
|
|
1 file changed, 7 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/core/service.c b/src/core/service.c
|
|
index 8c6f9837a7..3e1c0ddb5b 100644
|
|
--- a/src/core/service.c
|
|
+++ b/src/core/service.c
|
|
@@ -551,11 +551,17 @@ static int service_verify(Service *s) {
|
|
for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
|
|
ExecCommand *command;
|
|
|
|
- LIST_FOREACH(command, command, s->exec_command[c])
|
|
+ LIST_FOREACH(command, command, s->exec_command[c]) {
|
|
+ if (!path_is_absolute(command->path) && !filename_is_valid(command->path))
|
|
+ return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC),
|
|
+ "Service %s= binary path \"%s\" is neither a valid executable name nor an absolute path. Refusing.",
|
|
+ command->path,
|
|
+ service_exec_command_to_string(c));
|
|
if (strv_isempty(command->argv))
|
|
return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC),
|
|
"Service has an empty argv in %s=. Refusing.",
|
|
service_exec_command_to_string(c));
|
|
+ }
|
|
}
|
|
|
|
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]
|
|
--
|
|
2.27.0
|
|
|