Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkexec: enforce absolute shell paths #422

Merged
merged 1 commit into from
Jun 25, 2024
Merged

pkexec: enforce absolute shell paths #422

merged 1 commit into from
Jun 25, 2024

Conversation

stoeckmann
Copy link
Contributor

Reading /etc/shells file directly has the effect that comments are parsed as well. If a user sets environment variable SHELL to a value which matches one of these comments, it is passed through pkexec.

The shadow tools would not allow such a login shell, so be as strict as shadow when it comes to parsing /etc/shell.

Proof of Concept:

  1. Add a comment to /etc/shells (if it does not already exist)
# Begin /etc/shells

/bin/sh
/bin/bash

# End /etc/shells
  1. For sake of completeness, try to add a comment line through latest chsh of shadow:
$ chsh -s '# Begin /etc/shells'
chsh: # Begin /etc/shells is an invalid shell
  1. Run pkexec with SHELL being one of the comment lines
$ SHELL="# Begin /etc/shells" pkexec

You can see:

==== AUTHENTICATING FOR org.freedesktop.policykit.exec ====
Authentication is needed to run `/bin/bash' as the super user
Authenticating as: root
Password:

What should be seen:

The value for the SHELL variable was not found in the /etc/shells file

This incident has been reported.

jrybar-rh
jrybar-rh reviewed Jun 25, 2024
View reviewed changes
src/programs/pkexec.c Outdated Show resolved Hide resolved
@stoeckmann
pkexec: enforce absolute shell paths
e753fc9 
Reading /etc/shells file directly has the effect that comments are
parsed as well. If a user sets environment variable SHELL to a value
which matches one of these comments, it is passed through pkexec.

The shadow tools would not allow such a login shell, so be as strict
as shadow when it comes to parsing /etc/shell.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
@jrybar-rh jrybar-rh merged commit 00be0af into polkit-org:main Jun 25, 2024
25 of 27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jrybar-rh jrybar-rh jrybar-rh left review comments

Assignees
No one assigned
Labels
waiting_on_author
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@stoeckmann @jrybar-rh