Skip to content

Commit

Permalink
Merge pull request #730 from oneElectron/724-resolve-editor-path
Browse files Browse the repository at this point in the history
Added resolve_path to EDITOR and fix resolve_path test
  • Loading branch information
squell authored Sep 19, 2023
2 parents 6d72783 + ca14c76 commit fbfbabd
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 16 deletions.
2 changes: 2 additions & 0 deletions build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,6 @@ fn main() {
println!("cargo:rerun-if-changed=build.rs");

println!("cargo:rustc-link-lib=pam");

println!("cargo:rustc-env=DEFAULT_PATH=\"/bin/:/usr/bin/:/usr/local/bin:/sbin/:/usr/sbin\"")
}
34 changes: 18 additions & 16 deletions src/common/resolve.rs
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ pub(crate) fn is_valid_executable(path: &PathBuf) -> bool {
/// When resolving a path, this code checks whether the target file is
/// a regular file and has any executable bits set. It does not specifically
/// check for user, group, or others' executable bit.
pub(super) fn resolve_path(command: &Path, path: &str) -> Option<PathBuf> {
pub(crate) fn resolve_path(command: &Path, path: &str) -> Option<PathBuf> {
// To prevent command spoofing, sudo checks "." and "" (both denoting current directory)
// last when searching for a command in the user's PATH (if one or both are in the PATH).
// Depending on the security policy, the user's PATH environment variable may be modified,
Expand Down Expand Up @@ -200,25 +200,27 @@ pub(crate) fn expand_tilde_in_path(
mod tests {
use std::path::PathBuf;

use super::resolve_path;
use super::{resolve_current_user, resolve_target_user_and_group, NameOrId};
use super::{
is_valid_executable, resolve_current_user, resolve_path, resolve_target_user_and_group,
NameOrId,
};

// this test is platform specific -> should be changed when targetting different platforms
#[test]
fn test_resolve_path() {
// Assume any linux distro has utilities in this PATH
let path = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin";
assert_eq!(
resolve_path(&PathBuf::from("yes"), path),
Some(PathBuf::from("/usr/bin/yes"))
);
assert_eq!(
resolve_path(&PathBuf::from("whoami"), path),
Some(PathBuf::from("/usr/bin/whoami"))
);
assert_eq!(
resolve_path(&PathBuf::from("env"), path),
Some(PathBuf::from("/usr/bin/env"))
);

assert!(is_valid_executable(
&resolve_path(&PathBuf::from("yes"), path).unwrap()
));

assert!(is_valid_executable(
&resolve_path(&PathBuf::from("whoami"), path).unwrap()
));

assert!(is_valid_executable(
&resolve_path(&PathBuf::from("env"), path).unwrap()
));
assert_eq!(
resolve_path(&PathBuf::from("thisisnotonyourfs"), path),
None
Expand Down
8 changes: 8 additions & 0 deletions src/sudoers/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ use std::collections::{HashMap, HashSet};
use std::path::{Path, PathBuf};
use std::{io, mem};

use crate::common::resolve::resolve_path;
use crate::log::auth_warn;
use crate::system::can_execute;
use crate::system::interface::{UnixGroup, UnixUser};
Expand Down Expand Up @@ -188,6 +189,13 @@ impl Sudoers {
if can_execute(path) {
return Some(path.to_owned());
}
let path = resolve_path(
path,
&std::env::var("PATH").unwrap_or(env!("DEFAULT_PATH").to_string()),
);
if let Some(path) = path {
return Some(path);
}
}
}
}
Expand Down

0 comments on commit fbfbabd

Please sign in to comment.