Skip to content

Commit

Permalink
pager: set $LESSSECURE whenver we invoke a pager
Browse files Browse the repository at this point in the history 
Some extra safety when invoked via "sudo". With this we address a
genuine design flaw of sudo, and we shouldn't need to deal with this.
But it's still a good idea to disable this surface given how exotic it
is.

Prompted by #5666

(cherry picked from commit 612ebf6)

Related: RHEL-18791
  • Loading branch information
@poettering @brozs
poettering authored and brozs committed Jan 18, 2024
1 parent 93ee614 commit 698aba1
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 2 deletions.
8 changes: 8 additions & 0 deletions man/less-variables.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,5 +36,13 @@
the invoking terminal is determined to be UTF-8 compatible).</para></listitem>
</varlistentry>

<varlistentry id='lesssecure'>
<term><varname>$SYSTEMD_LESSSECURE</varname></term>

<listitem><para>Takes a boolean argument. Overrides the <varname>$LESSSECURE</varname> environment
variable when invoking the pager, which controls the "secure" mode of less (which disables commands
such as <literal>|</literal> which allow to easily shell out to external command lines). By default
less secure mode is enabled, with this setting it may be disabled.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
1 change: 1 addition & 0 deletions man/systemctl.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2010,6 +2010,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
<xi:include href="less-variables.xml" xpointer="pager"/>
<xi:include href="less-variables.xml" xpointer="less"/>
<xi:include href="less-variables.xml" xpointer="lesscharset"/>
<xi:include href="less-variables.xml" xpointer="lesssecure"/>
</refsect1>

<refsect1>
Expand Down
2 changes: 2 additions & 0 deletions man/systemd.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -862,6 +862,8 @@
</listitem>
</varlistentry>

<xi:include href="less-variables.xml" xpointer="lesssecure"/>

<varlistentry>
<term><varname>$LISTEN_PID</varname></term>
<term><varname>$LISTEN_FDS</varname></term>
Expand Down
23 changes: 21 additions & 2 deletions src/basic/pager.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
#include <unistd.h>

#include "copy.h"
#include "env-util.h"
#include "fd-util.h"
#include "locale-util.h"
#include "log.h"
Expand Down Expand Up @@ -94,8 +95,7 @@ int pager_open(bool no_pager, bool jump_to_end) {
if (setenv("LESS", less_opts, 1) < 0)
_exit(EXIT_FAILURE);

/* Initialize a good charset for less. This is
* particularly important if we output UTF-8
/* Initialize a good charset for less. This is particularly important if we output UTF-8
* characters. */
less_charset = getenv("SYSTEMD_LESSCHARSET");
if (!less_charset && is_locale_utf8())
Expand All @@ -104,6 +104,25 @@ int pager_open(bool no_pager, bool jump_to_end) {
setenv("LESSCHARSET", less_charset, 1) < 0)
_exit(EXIT_FAILURE);

/* People might invoke us from sudo, don't needlessly allow less to be a way to shell out
* privileged stuff. */
r = getenv_bool("SYSTEMD_LESSSECURE");
if (r == 0) { /* Remove env var if off */
if (unsetenv("LESSSECURE") < 0) {
log_error_errno(errno, "Failed to uset environment variable LESSSECURE: %m");
_exit(EXIT_FAILURE);
}
} else {
/* Set env var otherwise */
if (r < 0)
log_warning_errno(r, "Unable to parse $SYSTEMD_LESSSECURE, ignoring: %m");

if (setenv("LESSSECURE", "1", 1) < 0) {
log_error_errno(errno, "Failed to set environment variable LESSSECURE: %m");
_exit(EXIT_FAILURE);
}
}

if (pager) {
execlp(pager, pager, NULL);
execl("/bin/sh", "sh", "-c", pager, NULL);
Expand Down

0 comments on commit 698aba1

Please sign in to comment.