QubesOS/qubes-core-admin-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add "--" to separate options from (untrusted) non-options arguments

Browse Source 
This will prevent passing an option instead of command (qvm-run) /
domain name (qrexec-policy). In both cases when VM tries to pass some
option it would fail because missing argument then - VM can not pass
additional arguments, so if one act as an option, one argument will be
missing).

(cherry picked from commit d031126737)

Conflicts:
	qrexec/qrexec-daemon.c
This commit is contained in:
Marek Marczykowski-Górecki 2015-02-10 01:42:52 +01:00
parent 423bd89069
commit 49c1fe9004
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
appmenus-scripts/qubes-receive-appmenus
View File

@ -207,7 +207,7 @@ def create_template(path, values):
if values.has_key(key): if values.has_key(key):
desktop_file.write("{0}={1}\n".format(key, values[key])) desktop_file.write("{0}={1}\n".format(key, values[key]))
desktop_file.write("Exec=qvm-run -q --tray -a %VMNAME% {0}\n".format(pipes.quote(values['Exec']))) desktop_file.write("Exec=qvm-run -q --tray -a %VMNAME% -- {0}\n".format(pipes.quote(values['Exec'])))
desktop_file.close() desktop_file.close()

2
qrexec/qrexec-daemon.c
View File

@ -519,7 +519,7 @@ void handle_execute_predefined_command(void)
close(i); close(i);
signal(SIGCHLD, SIG_DFL); signal(SIGCHLD, SIG_DFL);
signal(SIGPIPE, SIG_DFL); signal(SIGPIPE, SIG_DFL);
execl("/usr/lib/qubes/qrexec-policy", "qrexec-policy", execl("/usr/lib/qubes/qrexec-policy", "qrexec-policy", "--",
remote_domain_name, params.target_vmname, remote_domain_name, params.target_vmname,
params.exec_index, params.process_fds.ident, NULL); params.exec_index, params.process_fds.ident, NULL);
perror("execl"); perror("execl");