cpt

[ARCHIVED] Carbs Packaging Tools
git clone git://git.ckyln.com/~cem/cpt.git
Log | Files | Refs | README | LICENSE

commit a7eda66fb00b675614b9e27410d59f5e95715788
parent 2acd3691c8de0561b948d45b350d7518c2660a11
Author: Cem Keylan <cem@ckyln.com>
Date:   Mon, 18 May 2020 03:12:30 +0300

kiss: prevent privilige escalations through user defined hooks

During installation, the script is run as root, but out KISS_HOOK
variable stays the same. This is a critical bug since a user can
only have permissions to install packages as root, but not for any
other privilige escalation. A user can abuse the KISS_HOOK in order
to become root, possibly with a `/sbin/login` command on the hook file.

This change checks for a fourth argument and overrides the KISS_HOOK
to `$KISS_ROOT/etc/kiss-hook`

Diffstat:
MCHANGELOG.md | 12+++++++++++-
Mkiss | 13+++++++++----
2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md @@ -7,7 +7,8 @@ this project _somewhat_ adheres to [Semantic Versioning]. [Keep a Changelog]: https://keepachangelog.com/en/1.0.0/ [Semantic Versioning]: https://semver.org/spec/v2.0.0.html -1.22.2 - 2020-05-16 + +1.22.3 - 2020-05-18 ------------------- **NOTE:** `1.22.x` is the last minor version before `2.0.0`, meaning I will not be doing any @@ -15,6 +16,15 @@ releases except for patches and fixes. My attention is now on implementing binar I will be doing some 'release candidates' before release, as binary repositories will need user feedback. +### SECURITY +- Fixed a bug regarding privilige escalation using `$KISS_HOOK`. `kiss` will now use + `$KISS_ROOT/etc/kiss-hook` on installation operations (which are run by root) so that the hooks + are defined by the system administrator rather than the user. + + +1.22.2 - 2020-05-16 +------------------- + ### Fixed - Fixed an issue where `pkg_conflicts` would abort if `kiss-readlink` failed due to missing components. It now fallbacks to the original directory name. diff --git a/kiss b/kiss @@ -81,9 +81,14 @@ pop() { } run_hook() { + # If a fourth parameter 'root' is specified, source + # the hook from a predefined location to avoid privilige + # escalation through user scripts. + [ "$4" ] && KISS_HOOK=$KISS_ROOT/etc/kiss-hook + # This is not a misspelling, can be ignored safely. # shellcheck disable=2153 - [ "$KISS_HOOK" ] || return 0 + [ -f "$KISS_HOOK" ] || return 0 log "$2" "Running $1 hook" @@ -1114,7 +1119,7 @@ pkg_install() { [ "$install_dep" ] && die "$1" "Package requires ${install_dep%, }" - run_hook pre-install "$pkg_name" "$tar_dir/$pkg_name" + run_hook pre-install "$pkg_name" "$tar_dir/$pkg_name" root pkg_conflicts "$pkg_name" @@ -1180,7 +1185,7 @@ pkg_install() { "$sys_db/$pkg_name/post-install" ||: fi - run_hook post-install "$pkg_name" "$sys_db/$pkg_name" + run_hook post-install "$pkg_name" "$sys_db/$pkg_name" root log "$pkg_name" "Installed successfully" } @@ -1518,7 +1523,7 @@ args() { l|list) pkg_list "$@" ;; u|update) pkg_updates ;; s|search) for pkg do pkg_find "$pkg" all; done ;; - v|version) log kiss 1.22.2 ;; + v|version) log kiss 1.22.3 ;; h|help|-h|--help|'') exec 2>&1