[Interp] CVE-2022-30688: Anchor interpreter regex to prevent local pr…

…ivilege escalation (reported by Jakub Wilk).
liske · May 17, 2022 · e6e5813 · e6e5813
1 parent f54d85c
commit e6e5813
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/perl/lib/NeedRestart/Interp/Perl.pm b/perl/lib/NeedRestart/Interp/Perl.pm
@@ -43,7 +43,7 @@ sub isa {
     my $pid = shift;
     my $bin = shift;
 
-    return 1 if($bin =~ m@/usr/(local/)?bin/perl@);
+    return 1 if($bin =~ m@^/usr/(local/)?bin/perl(5[.\d]*)?$@);
 
     return 0;
 }

diff --git a/perl/lib/NeedRestart/Interp/Python.pm b/perl/lib/NeedRestart/Interp/Python.pm
@@ -42,7 +42,7 @@ sub isa {
     my $pid = shift;
     my $bin = shift;
 
-    return 1 if($bin =~ m@/usr/(local/)?bin/python@);
+    return 1 if($bin =~ m@^/usr/(local/)?bin/python([23][.\d]*)?$@);
 
     return 0;
 }

diff --git a/perl/lib/NeedRestart/Interp/Ruby.pm b/perl/lib/NeedRestart/Interp/Ruby.pm
@@ -42,7 +42,7 @@ sub isa {
     my $pid = shift;
     my $bin = shift;
 
-    return 1 if($bin =~ m@/usr/(local/)?bin/ruby@);
+    return 1 if($bin =~ m@^/usr/(local/)?bin/ruby$@);
 
     return 0;
 }