From d03112673760998553da58082743511f839ea75f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 10 Feb 2015 01:42:52 +0100 Subject: [PATCH] Add "--" to separate options from (untrusted) non-options arguments This will prevent passing an option instead of command (qvm-run) / domain name (qrexec-policy). In both cases when VM tries to pass some option it would fail because missing argument then - VM can not pass additional arguments, so if one act as an option, one argument will be missing). --- appmenus-scripts/qubes-receive-appmenus | 2 +- qrexec/qrexec-daemon.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/appmenus-scripts/qubes-receive-appmenus b/appmenus-scripts/qubes-receive-appmenus index 4257164..baf47a5 100755 --- a/appmenus-scripts/qubes-receive-appmenus +++ b/appmenus-scripts/qubes-receive-appmenus @@ -207,7 +207,7 @@ def create_template(path, values): if values.has_key(key): desktop_file.write("{0}={1}\n".format(key, values[key])) - desktop_file.write("Exec=qvm-run -q --tray -a %VMNAME% {0}\n".format(pipes.quote(values['Exec']))) + desktop_file.write("Exec=qvm-run -q --tray -a %VMNAME% -- {0}\n".format(pipes.quote(values['Exec']))) desktop_file.close() diff --git a/qrexec/qrexec-daemon.c b/qrexec/qrexec-daemon.c index 291e2e5..298ef9a 100644 --- a/qrexec/qrexec-daemon.c +++ b/qrexec/qrexec-daemon.c @@ -674,7 +674,7 @@ static void handle_execute_service(void) signal(SIGPIPE, SIG_DFL); snprintf(remote_domain_id_str, sizeof(remote_domain_id_str), "%d", remote_domain_id); - execl("/usr/lib/qubes/qrexec-policy", "qrexec-policy", + execl("/usr/lib/qubes/qrexec-policy", "qrexec-policy", "--", remote_domain_id_str, remote_domain_name, params.target_domain, params.service_name, params.request_id.ident, NULL); perror("execl");