From patchwork Fri Sep 7 08:34:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrej Shadura X-Patchwork-Id: 10592275 X-Patchwork-Delegate: herbert@gondor.apana.org.au Delivered-To: konstantin@linuxfoundation.org Received: by 2002:a0c:fb06:0:0:0:0:0 with SMTP id c6-v6csp1459011qvp; Fri, 7 Sep 2018 01:34:40 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYDwQKWszU5uBsi/3ICmXv0GT7X8KyUWUOhLb1lTfHTRuLXY6UU1XAeA483q9T62cKCMGOu X-Received: by 2002:a17:902:d90a:: with SMTP id c10-v6mr6805344plz.35.1536309280542; Fri, 07 Sep 2018 01:34:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536309280; cv=none; d=google.com; s=arc-20160816; b=L+J/gkVqdOaqWSbOjPxDgnOgdVuhBj1i/RjSsv3Fy3EhX6UgHh3TUBFSniIs9hD3Gt KSUoUswFz5NGDENVDSW3KYOZ9tTNotBGK+om9oPFCUyyDmDXAMkhagYifMD7xqWrM4u/ ZoPAHV7pGUHFl3oiq+2+v/4JY4PhmTtR8Cyt8D1lIFTRJ8Tsuy+z4ESc4/gIzrrDApbU 9qzuEITzbsWBm6+A+5CFs5yiBxaShFmcgFJcy0SHBGxU78HvxwALmL7O9bObyPH55eeg Gke+4x1fajAViJeeHdjTPhGX7p1+zdRNJJGo72WTRu8Opc86IYEghfpOxWkMIC0f4GrS Vs7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:to:from; bh=l9usxYVZOKHagDIKsOF9BV1un6+qRGs0xdGACuD4JjI=; b=C7oY0eXddjB3Ul4bY9BT4PI17A+zdetBgMCLysj73vneYJOY6WU7Q1HX1ps0PA840C q6IMLSdwSu6qtegO+paKschj9De0FVNHP61X1N0tQSgJ+8zqMhu0JiNK7QB4j7y8YZ+/ AQyIACBjv4rYQYVg2bQCQfEdTACOURzoh69FfSMP4N2+Ss0vnmzaSBTiuBmacZO9BjWs iogYkZnBIRHh88b6cR2n1WjYujgMKCxN2Ck9IREjKRKj6IP3YolEwgwvN3X26ptx0X9R pIPBDctrzp5i/QyHwfsCrqAzedoREWnuqwxJWjqSz06E0e0btbWTBj/E3eAoIW9SxIc/ GJQQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of dash-owner@kernel.org designates 198.145.29.98 as permitted sender) smtp.mailfrom=dash-owner@kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=collabora.co.uk Return-Path: Received: from mail.wl.linuxfoundation.org (mail.wl.linuxfoundation.org. [198.145.29.98]) by mx.google.com with ESMTPS id p187-v6si8299635pfp.27.2018.09.07.01.34.40 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 Sep 2018 01:34:40 -0700 (PDT) Received-SPF: pass (google.com: domain of dash-owner@kernel.org designates 198.145.29.98 as permitted sender) client-ip=198.145.29.98; Authentication-Results: mx.google.com; spf=pass (google.com: domain of dash-owner@kernel.org designates 198.145.29.98 as permitted sender) smtp.mailfrom=dash-owner@kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=collabora.co.uk Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2C3C42ADD8 for ; Fri, 7 Sep 2018 08:34:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 207912ADE1; Fri, 7 Sep 2018 08:34:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C40782ADD8 for ; Fri, 7 Sep 2018 08:34:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B5CE22ADE1; Fri, 7 Sep 2018 08:34:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 050552ADD8 for ; Fri, 7 Sep 2018 08:34:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727985AbeIGNOa (ORCPT ); Fri, 7 Sep 2018 09:14:30 -0400 Received: from bhuna.collabora.co.uk ([46.235.227.227]:35234 "EHLO bhuna.collabora.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725843AbeIGNOa (ORCPT ); Fri, 7 Sep 2018 09:14:30 -0400 Received: from localhost (2a02-ab04-03b9-5e00-0000-0000-0000-0003.dynamic.v6.chello.sk [IPv6:2a02:ab04:3b9:5e00::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: andrewsh) by bhuna.collabora.co.uk (Postfix) with ESMTPSA id 39B1F27D872; Fri, 7 Sep 2018 09:34:36 +0100 (BST) From: Andrej Shadura To: dash@vger.kernel.org Subject: [PATCH 1/6] exec: Don't execute binary files if execve() returned ENOEXEC. Date: Fri, 7 Sep 2018 10:34:09 +0200 Message-Id: <20180907083414.14673-2-andrew.shadura@collabora.co.uk> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180907083414.14673-1-andrew.shadura@collabora.co.uk> References: <20180907083414.14673-1-andrew.shadura@collabora.co.uk> Sender: dash-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: dash@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP X-Virus-Scanned: ClamAV using ClamSMTP Status: O Content-Length: 2208 Lines: 73 From: Adam Borowski Both "dash -c foo" and "./foo" are supposed to be able to run hashbang-less scripts, but attempts to execute common binary files tend to be nasty: especially both ELF and PE tend to make dash create a bunch of files with unprintable names, that in turn confuse some tools up to causing data loss. Thus, let's read the first line and see if it looks like text. This is a variant of the approach used by bash and zsh; mksh instead checks for signatures of a bunch of common file types. POSIX says: "If the executable file is not a text file, the shell may bypass this command execution." Signed-off-by: Adam Borowski Signed-off-by: Andrej Shadura --- src/exec.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/src/exec.c b/src/exec.c index 9d0215a..6300001 100644 --- a/src/exec.c +++ b/src/exec.c @@ -148,6 +148,36 @@ shellexec(char **argv, const char *path, int idx) } +/* + * Check if an executable that just failed with ENOEXEC shouldn't be + * considered a script (wrong-arch ELF/PE, junk accidentally set +x, etc). + * We check only the first line to allow binaries encapsulated in a shell + * script without proper quoting. The first line, if not a hashbang, is + * likely to contain comments; even ancient encodings, at least popular + * ones, don't use 0x7f nor values below 0x1f other than whitespace (\t, + * \n, \v, \f, \r), ISO/IEC 2022 can have SI, SO and \e. + */ +STATIC int file_is_binary(const char *cmd) +{ + char buf[128]; + int fd = open(cmd, O_RDONLY|O_NOCTTY); + if (fd == -1) + return 1; + int len = read(fd, buf, sizeof(buf)); + close(fd); + for (int i = 0; i < len; ++i) { + char c = buf[i]; + if (c >= 0 && c <= 8 || + c >= 16 && c <= 31 && c != 27 || + c == 0x7f) + return 1; + if (c == '\n') + return 0; + } + return 0; +} + + STATIC void tryexec(char *cmd, char **argv, char **envp) { @@ -162,6 +192,8 @@ repeat: execve(cmd, argv, envp); #endif if (cmd != path_bshell && errno == ENOEXEC) { + if (file_is_binary(cmd)) + return; *argv-- = cmd; *argv = cmd = path_bshell; goto repeat;