Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

qubes-rpc-multiplexer does not unset QREXEC_REQUESTED_TARGET and QREXEC_REQUESTED_TARGET_KEYWORD #9091

Closed
DemiMarie opened this issue Apr 4, 2024 · 0 comments · Fixed by QubesOS/qubes-core-qrexec#139
Closed

qubes-rpc-multiplexer does not unset QREXEC_REQUESTED_TARGET and QREXEC_REQUESTED_TARGET_KEYWORD #9091

DemiMarie opened this issue Apr 4, 2024 · 0 comments · Fixed by QubesOS/qubes-core-qrexec#139
Assignees
@DemiMarie
Labels
affects-4.1 This issue affects Qubes OS 4.1. affects-4.2 This issue affects Qubes OS 4.2. C: core diagnosed Technical diagnosis has been performed (see issue comments). P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. pr submitted A pull request has been submitted for this issue. T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists.

Comments

@DemiMarie
Copy link

How to file a helpful issue

Qubes OS release

R4.2 but R4.1 is almost certainly affected too.

Brief summary

qubes-rpc-multiplexer does not unset QREXEC_REQUESTED_TARGET and QREXEC_REQUESTED_TARGET_KEYWORD if they are not passed explicitly.

Steps to reproduce

Set them in the environment of qrexec-agent.

Expected behavior

Cleared.

Actual behavior

Not cleared.
@DemiMarie DemiMarie added T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists. P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. diagnosed Technical diagnosis has been performed (see issue comments). affects-4.1 This issue affects Qubes OS 4.1. affects-4.2 This issue affects Qubes OS 4.2. labels Apr 4, 2024
@DemiMarie DemiMarie self-assigned this Apr 4, 2024
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 5, 2024
@DemiMarie
Explicitly unset QREXEC_REQUESTED_TARGET and QREXEC_REQUESTED_TARGET_…
ac4cc67 
…KEYWORD

Neither should be in the environment of the child process unless
explicitly set by the qrexec call.

Fixes: QubesOS/qubes-issues#9091
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 5, 2024
@DemiMarie
Explicitly unset QREXEC_REQUESTED_TARGET and QREXEC_REQUESTED_TARGET_…
afd258c 
…KEYWORD

Neither should be in the environment of the child process unless
explicitly set by the qrexec call.

Fixes: QubesOS/qubes-issues#9091
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 6, 2024
@DemiMarie
Explicitly unset QREXEC_ variables
3d22aa6 
QREXEC_SERVICE_ARGUMENT, QREXEC_REQUESTED_TARGET and
QREXEC_REQUESTED_TARGET_KEYWORD should not be in the environment of the
child process unless explicitly set by the qrexec call.  Explicitly
unset them.

Also avoid relying on QREXEC_SERVICE_ARGUMENT not containing glob
characters or characters in $IFS.  Commands sent from a VM cannot have
them due to the sanitization in qrexec-daemon, but commands sent from
dom0 could.

Fixes: QubesOS/qubes-issues#9091
@DemiMarie DemiMarie mentioned this issue Apr 7, 2024
Merged
@andrewdavidwong andrewdavidwong added the pr submitted A pull request has been submitted for this issue. label Apr 11, 2024
This was referenced May 9, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DemiMarie DemiMarie

Labels
affects-4.1 This issue affects Qubes OS 4.1. affects-4.2 This issue affects Qubes OS 4.2. C: core diagnosed Technical diagnosis has been performed (see issue comments). P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. pr submitted A pull request has been submitted for this issue. T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Various bugfixes DemiMarie/qubes-core-qrexec
2 participants
@DemiMarie @andrewdavidwong