-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Update init to use full path to starship executable #224
Conversation
src/init.rs
Outdated
log::debug!("Shell name: {}", shell_name); | ||
|
||
let shell_basename = Path::new(shell_name).file_stem().and_then(OsStr::to_str); | ||
|
||
// let starship = get_starship_path()?.replace("\"", "\"'\"'\""); | ||
let starship = get_starship_path()?.replace("\"", "\"\\\"\""); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shellcheck whines about this one but not .replace("\"", "\"'\"'\"")
.
EDIT: After more discussion, I'm pretty sure I'm wrong, but I'll leave this up here for the future. The error below is in step 5: there's no way to switch the link on-the-fly. The problem in PA arises because of SUID, not because the link is switched during execution. Just for an illustration, let's say that the user being attacked isn't root, but has some juicy information (e.g. passwords) stored in a directory in their
Note that as long as the attacker can replace the executable between steps 4 and 7, they can trick the victim into executing anything. If the victim is root, they can drop an executable that prints Even if they miss their window between (4) and (7), the hardlink is going to persist, and the attacker's executable will now be executed by the victim's shell every time they draw a prompt (which is a fairly common operation). They can change the executable to read the victim's files, vandalize them, etc. etc. Granted I don't 100% understand the pulseaudio attack (in particular, this seems like a common-enough operation that most "user-friendly" linuxes should provide some sort of protection against it), but if that attack works, I think this one will too. If there are any security folk out there that wanna come in and tell me I've horribly misunderstood how this works, I'd be happy to hear it... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggesting lots of small changes, but overall I think this is very solid work. You've managed to make string replace look elegant, which I still can't ever seem to do.
The big two things for me are moving off of current_exe
and making sure that the STARSHIP_EXEC
in the init scripts can't be mistaken for a shell variable.
I wonder why direnv (a popular Go project) doesn't seem to care about it). https://github.com/direnv/direnv/blob/54cb3c5a91edb377b4b7387e2cda43dc39064a4a/config.go#L54-L61 https://github.com/direnv/direnv/blob/9c4aba849ba4ffe841bba57b05237dc97cfc9fda/shell_bash.go#L9-L18 |
Looking at the source of Rust's |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great!
// let starship = get_starship_path()?.replace("\"", "\"'\"'\"");
let starship = get_starship_path()?.replace("\"", "\"\\\"\""); @chipbuster it's me or I I saw you comment on those lines but I can't find it in all the resolved conversations. I'm thinking of using the first line to prevent shellcheck from whining. |
@bbigras I'm convinced that GitHub ate something on this thread last night, but it's possible I just fumbled the keystrokes . What's shellcheck complaining about? Some of the message it throws out are for bad practices in handwritten shell scripts, but not necessarily in autogenerated ones. (I think I did have a comment about potentially using raw-strings instead of escapes all over the place, but I think it's a sidegrade at best, as you end up trading "mentally parsing backslashes" for "trying to figure out how many double/single quotes there are here") |
with
with |
Looks like a shellcheck misfire to me (where the word |
@all-contributors, let's add @bbigras for the excellent code. Please and thanks! |
I've put up a pull request to add @bbigras! 🎉 |
Thanks for the merge and the all-contributors PR @chipbuster. |
Description
I didn't want to touch the big BASH_INIT, ZSH_INIT.. variable so I renamed the
starship
toSTARSHIP_EXEC
and used a replace. I wonder if it's less optimal than using the format macro or something else.Motivation and Context
Closes #220
Types of changes
Screenshots (if appropriate):
How Has This Been Tested?
Checklist: