Skip to content

Commit e257561

Browse files
committed
Ensure 'sudo' binary used for permission checks isn't user supplied
1 parent 09b9e5e commit e257561

File tree

5 files changed

+9
-5
lines changed

5 files changed

+9
-5
lines changed

Diff for: CHANGELOG.md

+4
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
66

77
## [Unreleased]
88

9+
## [0.9.5] - 2022-09-25
10+
### Security
11+
- Ensure `sudo` binary used for permission checks isn't one supplied by the user in the `PATH` variable.
12+
913
## [0.9.4] - 2022-09-25
1014
### Fixed
1115
- Ensure cache directories exist before they're used.

Diff for: Cargo.lock

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: Cargo.toml

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "mist"
3-
version = "0.9.4"
3+
version = "0.9.5"
44
authors = ["Hunter Wittenborn <hunter@hunterwittenborn.com"]
55
description = "The official command-line interface for the makedeb Package Repository"
66
edition = "2021"

Diff for: makedeb/PKGBUILD

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
# `-H 'MPR-Package: yes'` to your `makedeb` call if you want Mist to be able to
55
# automatically update itself.
66
pkgname=mist
7-
pkgver=0.9.4
7+
pkgver=0.9.5
88
pkgrel=1
99
pkgdesc='The official command-line interface for the makedeb Package Repository'
1010
arch=('any')

Diff for: src/util.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -335,7 +335,7 @@ pub mod sudo {
335335
pub fn check_perms() {
336336
super::message::info("Obtaining root permissions...\n");
337337

338-
let mut cmd = self::run_as_normal_user("sudo");
338+
let mut cmd = self::run_as_normal_user("/usr/bin/sudo");
339339
cmd.arg("true");
340340

341341
if !cmd.spawn().unwrap().wait().unwrap().success() {
@@ -351,7 +351,7 @@ pub mod sudo {
351351

352352
// Run a command as the normal user declared by [`NORMAL_UID`].
353353
pub fn run_as_normal_user<P: AsRef<super::OsStr>>(program: P) -> super::ProcCommand {
354-
let mut cmd = super::ProcCommand::new("sudo");
354+
let mut cmd = super::ProcCommand::new("/usr/bin/sudo");
355355
cmd.args(["-E", "-n"]);
356356
cmd.arg(format!("-u#{}", *self::NORMAL_UID));
357357
cmd.arg("--");

0 commit comments

Comments
 (0)