pager: set $LESSSECURE whenver we invoke a pager

Some extra safety when invoked via "sudo". With this we address a genuine design flaw of sudo, and we shouldn't need to deal with this. But it's still a good idea to disable this surface given how exotic it is. Prompted by #5666
author: Lennart Poettering <lennart@poettering.net> 2020-08-31 19:37:13 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2020-10-07 09:23:07 +0200
commit: 612ebf6c913dd0e4197c44909cb3157f5c51a2f0 (patch)
tree: c6c18f8593c47cfba8850b68718bc3157c960ea3 /src/shared
parent: 5b49641015adcc7e8edbb9e8e54d5ac5ddf3bf52 (diff)
download: systemd-612ebf6c913dd0e4197c44909cb3157f5c51a2f0.tar.gz
1 files changed, 21 insertions, 2 deletions
diff --git a/src/shared/pager.c b/src/shared/pager.c
index e03be6d23b..9c21881241 100644
--- a/src/shared/pager.c
+++ b/src/shared/pager.c
@@ -9,6 +9,7 @@
 #include <unistd.h>
 
 #include "copy.h"
+#include "env-util.h"
 #include "fd-util.h"
 #include "fileio.h"
 #include "io-util.h"
@@ -152,8 +153,7 @@ int pager_open(PagerFlags flags) {
                         _exit(EXIT_FAILURE);
                 }
 
-                /* Initialize a good charset for less. This is
-                 * particularly important if we output UTF-8
+                /* Initialize a good charset for less. This is particularly important if we output UTF-8
                  * characters. */
                 less_charset = getenv("SYSTEMD_LESSCHARSET");
                 if (!less_charset && is_locale_utf8())
@@ -164,6 +164,25 @@ int pager_open(PagerFlags flags) {
                         _exit(EXIT_FAILURE);
                 }
 
+                /* People might invoke us from sudo, don't needlessly allow less to be a way to shell out
+                 * privileged stuff. */
+                r = getenv_bool("SYSTEMD_LESSSECURE");
+                if (r == 0) { /* Remove env var if off */
+                        if (unsetenv("LESSSECURE") < 0) {
+                                log_error_errno(errno, "Failed to uset environment variable LESSSECURE: %m");
+                                _exit(EXIT_FAILURE);
+                        }
+                } else {
+                        /* Set env var otherwise */
+                        if (r < 0)
+                                log_warning_errno(r, "Unable to parse $SYSTEMD_LESSSECURE, ignoring: %m");
+
+                        if (setenv("LESSSECURE", "1", 1) < 0) {
+                                log_error_errno(errno, "Failed to set environment variable LESSSECURE: %m");
+                                _exit(EXIT_FAILURE);
+                        }
+                }
+
                 if (pager_args) {
                         r = loop_write(exe_name_pipe[1], pager_args[0], strlen(pager_args[0]) + 1, false);
                         if (r < 0) {
author	Lennart Poettering <lennart@poettering.net>	2020-08-31 19:37:13 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2020-10-07 09:23:07 +0200
commit	612ebf6c913dd0e4197c44909cb3157f5c51a2f0 (patch)
tree	c6c18f8593c47cfba8850b68718bc3157c960ea3 /src/shared
parent	5b49641015adcc7e8edbb9e8e54d5ac5ddf3bf52 (diff)
download	systemd-612ebf6c913dd0e4197c44909cb3157f5c51a2f0.tar.gz