From e753fc9067e51f6a7531c690ebcad8f3a7768243 Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Sat, 3 Feb 2024 10:38:09 +0100 Subject: [PATCH] pkexec: enforce absolute shell paths Reading /etc/shells file directly has the effect that comments are parsed as well. If a user sets environment variable SHELL to a value which matches one of these comments, it is passed through pkexec. The shadow tools would not allow such a login shell, so be as strict as shadow when it comes to parsing /etc/shell. Signed-off-by: Tobias Stoeckmann --- src/programs/pkexec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 78c8879b..6477a318 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -372,7 +372,7 @@ is_valid_shell (const gchar *shell) shells = g_strsplit (contents, "\n", 0); for (n = 0; shells != NULL && shells[n] != NULL; n++) { - if (g_strcmp0 (shell, shells[n]) == 0) + if (shells[n][0] == '/' && g_strcmp0 (shell, shells[n]) == 0) { ret = TRUE; goto out;