core: warn if a generator is world-writable

lnykryn · bluca · commit d3683fffd6c5 · 2024-10-10T10:33:40.000+01:00
... because that is obviously a security risk. (cherry picked from commit da32cac) (cherry picked from commit 7ac5894) (cherry picked from commit 3b0731b) (cherry picked from commit 7c72562)
diff --git a/src/core/manager.c b/src/core/manager.c
@@ -3826,7 +3826,7 @@ static int manager_execute_generators(Manager *m, char **paths, bool remount_ro)
                         /* callbacks= */ NULL, /* callback_args= */ NULL,
                         (char**) argv,
                         ge,
-                        EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS | EXEC_DIR_SET_SYSTEMD_EXEC_PID);
+                        EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS | EXEC_DIR_SET_SYSTEMD_EXEC_PID | EXEC_DIR_WARN_WORLD_WRITABLE);
 }
 
 static int manager_run_generators(Manager *m) {
diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c
@@ -149,6 +149,18 @@ static int do_execute(
                         log_debug("About to execute %s%s%s", t, argv ? " " : "", argv ? strnull(args) : "");
                 }
 
+                if (FLAGS_SET(flags, EXEC_DIR_WARN_WORLD_WRITABLE)) {
+                        struct stat st;
+
+                        r = stat(t, &st);
+                        if (r < 0)
+                                log_warning_errno(errno, "Failed to stat '%s', ignoring: %m", t);
+                        else if (S_ISREG(st.st_mode) && (st.st_mode & 0002))
+                                log_warning("'%s' is marked world-writable, which is a security risk as it "
+                                            "is executed with privileges. Please remove world writability "
+                                            "permission bits. Proceeding anyway.", t);
+                }
+
                 r = do_spawn(t, argv, fd, &pid, FLAGS_SET(flags, EXEC_DIR_SET_SYSTEMD_EXEC_PID));
                 if (r <= 0)
                         continue;
diff --git a/src/shared/exec-util.h b/src/shared/exec-util.h
@@ -19,6 +19,7 @@ typedef enum {
         EXEC_DIR_PARALLEL             = 1 << 0, /* Execute scripts in parallel, if possible */
         EXEC_DIR_IGNORE_ERRORS        = 1 << 1, /* Ignore non-zero exit status of scripts */
         EXEC_DIR_SET_SYSTEMD_EXEC_PID = 1 << 2, /* Set $SYSTEMD_EXEC_PID environment variable */
+        EXEC_DIR_WARN_WORLD_WRITABLE  = 1 << 3, /* Warn if world writable files are found */
 } ExecDirFlags;
 
 typedef enum ExecCommandFlags {

Original file line number	Diff line number	Diff line change
`@@ -3826,7 +3826,7 @@ static int manager_execute_generators(Manager m, char *paths, bool remount_ro)`
`3826`	`3826`	`/* callbacks= / NULL, / callback_args= */ NULL,`
`3827`	`3827`	`(char**) argv,`
`3828`	`3828`	`ge,`
`3829`		`- EXEC_DIR_PARALLEL \| EXEC_DIR_IGNORE_ERRORS \| EXEC_DIR_SET_SYSTEMD_EXEC_PID);`
	`3829`	`+ EXEC_DIR_PARALLEL \| EXEC_DIR_IGNORE_ERRORS \| EXEC_DIR_SET_SYSTEMD_EXEC_PID \| EXEC_DIR_WARN_WORLD_WRITABLE);`
`3830`	`3830`	`}`
`3831`	`3831`
`3832`	`3832`	`static int manager_run_generators(Manager *m) {`