Skip to content

Commit

Permalink
Merge pull request #18300 from yuwata/analyze-verify-18252
Browse files Browse the repository at this point in the history 
analyze: resolve executable path if it is relative
  • Loading branch information
@keszybz
keszybz committed Jan 19, 2021
2 parents 29d65a4 + b9b442a commit f1fb046
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 31 deletions.
7 changes: 5 additions & 2 deletions src/analyze/analyze-verify.c
View file
Expand Up @@ -115,14 +115,17 @@ static int verify_socket(Unit *u) {
}

int verify_executable(Unit *u, const ExecCommand *exec) {
int r;

if (!exec)
return 0;

if (exec->flags & EXEC_COMMAND_IGNORE_FAILURE)
return 0;

if (access(exec->path, X_OK) < 0)
return log_unit_error_errno(u, errno, "Command %s is not executable: %m", exec->path);
r = find_executable_full(exec->path, false, NULL, NULL);
if (r < 0)
return log_unit_error_errno(u, r, "Command %s is not executable: %m", exec->path);

return 0;
}
Expand Down
57 changes: 28 additions & 29 deletions src/basic/path-util.c
View file
Expand Up @@ -586,10 +586,11 @@ char* path_join_internal(const char *first, ...) {
}

static int check_x_access(const char *path, int *ret_fd) {
if (ret_fd) {
_cleanup_close_ int fd = -1;
int r;
_cleanup_close_ int fd = -1;
const char *with_dash;
int r;

if (ret_fd) {
/* We need to use O_PATH because there may be executables for which we have only exec
* permissions, but not read (usually suid executables). */
fd = open(path, O_PATH|O_CLOEXEC);
Expand All @@ -599,14 +600,24 @@ static int check_x_access(const char *path, int *ret_fd) {
r = access_fd(fd, X_OK);
if (r < 0)
return r;

*ret_fd = TAKE_FD(fd);
} else {
/* Let's optimize things a bit by not opening the file if we don't need the fd. */
if (access(path, X_OK) < 0)
return -errno;
}

with_dash = strjoina(path, "/");

/* If this passes, it must be a directory. */
if (access(with_dash, X_OK) >= 0)
return -EISDIR;

if (errno != ENOTDIR)
return -errno;

if (ret_fd)
*ret_fd = TAKE_FD(fd);

return 0;
}

Expand Down Expand Up @@ -663,32 +674,20 @@ int find_executable_full(const char *name, bool use_path_envvar, char **ret_file
return -ENOMEM;

r = check_x_access(j, ret_fd ? &fd : NULL);
if (r >= 0) {
_cleanup_free_ char *with_dash;

with_dash = strjoin(j, "/");
if (!with_dash)
return -ENOMEM;

/* If this passes, it must be a directory, and so should be skipped. */
if (access(with_dash, X_OK) >= 0)
continue;

/* We can't just `continue` inverting this case, since we need to update last_error. */
if (errno == ENOTDIR) {
/* Found it! */
if (ret_filename)
*ret_filename = path_simplify(TAKE_PTR(j), false);
if (ret_fd)
*ret_fd = TAKE_FD(fd);

return 0;
}
if (r < 0) {
/* PATH entries which we don't have access to are ignored, as per tradition. */
if (r != -EACCES)
last_error = r;
continue;
}

/* PATH entries which we don't have access to are ignored, as per tradition. */
if (errno != EACCES)
last_error = -errno;
/* Found it! */
if (ret_filename)
*ret_filename = path_simplify(TAKE_PTR(j), false);
if (ret_fd)
*ret_fd = TAKE_FD(fd);

return 0;
}

return last_error;
Expand Down

0 comments on commit f1fb046

Please sign in to comment.