pkexec: enforce absolute shell paths

Reading /etc/shells file directly has the effect that comments are parsed as well. If a user sets environment variable SHELL to a value which matches one of these comments, it is passed through pkexec. The shadow tools would not allow such a login shell, so be as strict as shadow when it comes to parsing /etc/shell. Signed-off-by: Tobias Stoeckmann <[email protected]>
polkit-org · Jun 25, 2024 · e753fc9 · e753fc9
1 parent 5a0a3cf
commit e753fc9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
@@ -372,7 +372,7 @@ is_valid_shell (const gchar *shell)
   shells = g_strsplit (contents, "\n", 0);
   for (n = 0; shells != NULL && shells[n] != NULL; n++)
     {
-      if (g_strcmp0 (shell, shells[n]) == 0)
+      if (shells[n][0] == '/' && g_strcmp0 (shell, shells[n]) == 0)
         {
           ret = TRUE;
           goto out;