Add "--" to separate options from (untrusted) non-options arguments

This will prevent passing an option instead of command (qvm-run) /
domain name (qrexec-policy). In both cases when VM tries to pass some
option it would fail because missing argument then - VM can not pass
additional arguments, so if one act as an option, one argument will be
missing).
This commit is contained in:
Marek Marczykowski-Górecki 2015-02-10 01:42:52 +01:00
parent 4449d51d98
commit d031126737
2 changed files with 2 additions and 2 deletions

View File

@ -207,7 +207,7 @@ def create_template(path, values):
if values.has_key(key): if values.has_key(key):
desktop_file.write("{0}={1}\n".format(key, values[key])) desktop_file.write("{0}={1}\n".format(key, values[key]))
desktop_file.write("Exec=qvm-run -q --tray -a %VMNAME% {0}\n".format(pipes.quote(values['Exec']))) desktop_file.write("Exec=qvm-run -q --tray -a %VMNAME% -- {0}\n".format(pipes.quote(values['Exec'])))
desktop_file.close() desktop_file.close()

View File

@ -674,7 +674,7 @@ static void handle_execute_service(void)
signal(SIGPIPE, SIG_DFL); signal(SIGPIPE, SIG_DFL);
snprintf(remote_domain_id_str, sizeof(remote_domain_id_str), "%d", snprintf(remote_domain_id_str, sizeof(remote_domain_id_str), "%d",
remote_domain_id); remote_domain_id);
execl("/usr/lib/qubes/qrexec-policy", "qrexec-policy", execl("/usr/lib/qubes/qrexec-policy", "qrexec-policy", "--",
remote_domain_id_str, remote_domain_name, params.target_domain, remote_domain_id_str, remote_domain_name, params.target_domain,
params.service_name, params.request_id.ident, NULL); params.service_name, params.request_id.ident, NULL);
perror("execl"); perror("execl");