Skip to content

Commit

Permalink
feat(core): validate AppImage execution when env vars are set [TRI-…
Browse files Browse the repository at this point in the history
…041] (#17)
  • Loading branch information
lucasfernog committed Jan 9, 2022
1 parent 8259cd6 commit 6fbd6db
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 1 deletion.
5 changes: 5 additions & 0 deletions .changes/validate-appimage.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"tauri": patch
---

Validate the `std::env::current_exe` return value if `APPDIR` or `APPIMAGE` environment variables are set.
15 changes: 14 additions & 1 deletion core/tauri-utils/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ impl PackageInfo {

/// Information about environment variables.
#[derive(Debug, Clone)]
#[non_exhaustive]
pub struct Env {
/// The APPIMAGE environment variable.
#[cfg(target_os = "linux")]
Expand All @@ -51,12 +52,24 @@ pub struct Env {
#[allow(clippy::derivable_impls)]
impl Default for Env {
fn default() -> Self {
Self {
let env = Self {
#[cfg(target_os = "linux")]
appimage: std::env::var_os("APPIMAGE"),
#[cfg(target_os = "linux")]
appdir: std::env::var_os("APPDIR"),
};
if env.appimage.is_some() || env.appdir.is_some() {
// validate that we're actually running on an AppImage
// an AppImage is mounted to `/tmp/.mount_${appPrefix}${hash}`
// see https://github.com/AppImage/AppImageKit/blob/1681fd84dbe09c7d9b22e13cdb16ea601aa0ec47/src/runtime.c#L501
if !std::env::current_exe()
.map(|p| p.to_string_lossy().into_owned().starts_with("/tmp/.mount_"))
.unwrap_or(true)
{
panic!("`APPDIR` or `APPIMAGE` environment variable found but this application was not detected as an AppImage; this might be a security issue.");
}
}
env
}
}

Expand Down

0 comments on commit 6fbd6db

Please sign in to comment.