diff options
| author | Sami Kerola | 2016-07-27 20:47:38 +0200 |
|---|---|---|
| committer | Sami Kerola | 2017-02-05 00:39:38 +0100 |
| commit | 9c65888e823a1d54b7198f6e75919e7a13867bca (patch) | |
| tree | b9d1dca6a309cbd988dac56bf4327419cc1cb7c4 /sys-utils/hwclock.c | |
| parent | hwclock: fix rtc atexit registration (diff) | |
| download | kernel-qcow2-util-linux-9c65888e823a1d54b7198f6e75919e7a13867bca.tar.gz kernel-qcow2-util-linux-9c65888e823a1d54b7198f6e75919e7a13867bca.tar.xz kernel-qcow2-util-linux-9c65888e823a1d54b7198f6e75919e7a13867bca.zip | |
hwclock: make --date=argument less prone to injection
This change should not improve security much. One hopes hwclock --set is
restricted for root only. Where hwclock is allowed to run via sudo, or has
setuid setup, there is a pretty easy privilege escalation via subshell.
$ sudo ./hwclock --set --date='2000-10-20$(touch /tmp/hwclock.inject)'
Reviewed-by: J William Piggott <elseifthen@gmx.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Diffstat (limited to 'sys-utils/hwclock.c')
| -rw-r--r-- | sys-utils/hwclock.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys-utils/hwclock.c b/sys-utils/hwclock.c index 98933316f..8716946d6 100644 --- a/sys-utils/hwclock.c +++ b/sys-utils/hwclock.c @@ -672,10 +672,12 @@ static int interpret_date_string(const struct hwclock_control *ctl, } /* Quotes in date_opt would ruin the date command we construct. */ - if (strchr(ctl->date_opt, '"') != NULL) { + if (strchr(ctl->date_opt, '"') != NULL || + strchr(ctl->date_opt, '`') != NULL || + strchr(ctl->date_opt, '$') != NULL) { warnx(_ ("The value of the --date option is not a valid date.\n" - "In particular, it contains quotation marks.")); + "In particular, it contains illegal character(s).")); return retcode; } |