diff options
author | Simon McVittie <smcv@collabora.com> | 2017-09-22 14:31:36 +0100 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-04-23 21:06:05 +0000 |
commit | fbee75d5515540a030b264192bd0dbf089939904 (patch) | |
tree | cfa8d791f69bfcb566941f72b47a7796449586da | |
parent | 5f27455af6e5e36d5f8b06c41214e1a71c054acb (diff) | |
download | bubblewrap-fbee75d5515540a030b264192bd0dbf089939904.tar.gz |
Add "--" pseudo-argument to end option parsing
This shouldn't matter unless someone wants to run an inadvisably-named
executable, but it's best-practice for commands that pass on some
of their arguments to a subsequent command.
It allows an invocation like:
bwrap --ro-bind /container / -- "$@"
to search PATH in the container for an executable named according to
"$1", even if $1 has a pathological value like
"--this-has-a-stupid-name--", or even a value that might be
deliberately trying to break bwrap's parsing like "--bind".
Fixes: #259
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #261
Approved by: cgwalters
-rw-r--r-- | bubblewrap.c | 8 | ||||
-rwxr-xr-x | tests/test-run.sh | 17 |
2 files changed, 23 insertions, 2 deletions
diff --git a/bubblewrap.c b/bubblewrap.c index dced164..7766c61 100644 --- a/bubblewrap.c +++ b/bubblewrap.c @@ -182,7 +182,7 @@ lock_file_new (const char *path) static void usage (int ecode, FILE *out) { - fprintf (out, "usage: %s [OPTIONS...] COMMAND [ARGS...]\n\n", argv0); + fprintf (out, "usage: %s [OPTIONS...] [--] COMMAND [ARGS...]\n\n", argv0); fprintf (out, " --help Print this help\n" @@ -1885,6 +1885,12 @@ parse_args_recurse (int *argcp, argv += 1; argc -= 1; } + else if (strcmp (arg, "--") == 0) + { + argv += 1; + argc -= 1; + break; + } else if (*arg == '-') { die ("Unknown option %s", arg); diff --git a/tests/test-run.sh b/tests/test-run.sh index 0dae450..2dcc5ce 100755 --- a/tests/test-run.sh +++ b/tests/test-run.sh @@ -53,7 +53,7 @@ if ! $RUN true; then skip Seems like bwrap is not working at all. Maybe setuid is not working fi -echo "1..33" +echo "1..36" # Test help ${BWRAP} --help > help.txt @@ -199,4 +199,19 @@ printf '%s--dir\0/tmp/hello/world\0' '' > test.args $RUN --args 3 test -d /tmp/hello/world 3<test.args echo "ok - we can parse arguments from a fd" +mkdir bin +echo "#!/bin/sh" > bin/--inadvisable-executable-name-- +echo "echo hello" >> bin/--inadvisable-executable-name-- +chmod +x bin/--inadvisable-executable-name-- +PATH="${srcd}:$PATH" $RUN -- sh -c "echo hello" > stdout +assert_file_has_content stdout hello +echo "ok - we can run with --" +PATH="$(pwd)/bin:$PATH" $RUN -- --inadvisable-executable-name-- > stdout +assert_file_has_content stdout hello +echo "ok - we can run an inadvisable executable name with --" +if $RUN -- --dev-bind /dev /dev sh -c 'echo should not have run'; then + assert_not_reached "'--dev-bind' should have been interpreted as a (silly) executable name" +fi +echo "ok - options like --dev-bind are defanged by --" + echo "ok - End of test" |