aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormerakor <cem@ckyln.com>2020-05-18 00:12:29 +0000
committermerakor <cem@ckyln.com>2020-05-18 00:12:29 +0000
commite12c404e13e8bc0eaab4b1aeeb3a6af0cc79dd49 (patch)
tree8a4e05e479d9c1e4c8c2aa171b02f2d8df06d2a8
parent91aaf984c843df030b33c2dc9419dfecc5da95a5 (diff)
downloadcpt-e12c404e13e8bc0eaab4b1aeeb3a6af0cc79dd49.tar.gz
kiss: prevent privilige escalations through user defined hooks1.22.3
During installation, the script is run as root, but out KISS_HOOK variable stays the same. This is a critical bug since a user can only have permissions to install packages as root, but not for any other privilige escalation. A user can abuse the KISS_HOOK in order to become root, possibly with a `/sbin/login` command on the hook file. This change checks for a fourth argument and overrides the KISS_HOOK to `$KISS_ROOT/etc/kiss-hook` FossilOrigin-Name: 67041b182d9524fcfa8292e7167f249b99851129cda0d7fe9e4fdff8388063b6
-rw-r--r--CHANGELOG.md12
-rwxr-xr-xkiss13
2 files changed, 20 insertions, 5 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6bee04c..edc0948 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,7 +7,8 @@ this project _somewhat_ adheres to [Semantic Versioning].
[Keep a Changelog]: https://keepachangelog.com/en/1.0.0/
[Semantic Versioning]: https://semver.org/spec/v2.0.0.html
-1.22.2 - 2020-05-16
+
+1.22.3 - 2020-05-18
-------------------
**NOTE:** `1.22.x` is the last minor version before `2.0.0`, meaning I will not be doing any
@@ -15,6 +16,15 @@ releases except for patches and fixes. My attention is now on implementing binar
I will be doing some 'release candidates' before release, as binary repositories will need user
feedback.
+### SECURITY
+- Fixed a bug regarding privilige escalation using `$KISS_HOOK`. `kiss` will now use
+ `$KISS_ROOT/etc/kiss-hook` on installation operations (which are run by root) so that the hooks
+ are defined by the system administrator rather than the user.
+
+
+1.22.2 - 2020-05-16
+-------------------
+
### Fixed
- Fixed an issue where `pkg_conflicts` would abort if `kiss-readlink` failed due to missing
components. It now fallbacks to the original directory name.
diff --git a/kiss b/kiss
index 25288bb..6d3657a 100755
--- a/kiss
+++ b/kiss
@@ -81,9 +81,14 @@ pop() {
}
run_hook() {
+ # If a fourth parameter 'root' is specified, source
+ # the hook from a predefined location to avoid privilige
+ # escalation through user scripts.
+ [ "$4" ] && KISS_HOOK=$KISS_ROOT/etc/kiss-hook
+
# This is not a misspelling, can be ignored safely.
# shellcheck disable=2153
- [ "$KISS_HOOK" ] || return 0
+ [ -f "$KISS_HOOK" ] || return 0
log "$2" "Running $1 hook"
@@ -1114,7 +1119,7 @@ pkg_install() {
[ "$install_dep" ] && die "$1" "Package requires ${install_dep%, }"
- run_hook pre-install "$pkg_name" "$tar_dir/$pkg_name"
+ run_hook pre-install "$pkg_name" "$tar_dir/$pkg_name" root
pkg_conflicts "$pkg_name"
@@ -1180,7 +1185,7 @@ pkg_install() {
"$sys_db/$pkg_name/post-install" ||:
fi
- run_hook post-install "$pkg_name" "$sys_db/$pkg_name"
+ run_hook post-install "$pkg_name" "$sys_db/$pkg_name" root
log "$pkg_name" "Installed successfully"
}
@@ -1518,7 +1523,7 @@ args() {
l|list) pkg_list "$@" ;;
u|update) pkg_updates ;;
s|search) for pkg do pkg_find "$pkg" all; done ;;
- v|version) log kiss 1.22.2 ;;
+ v|version) log kiss 1.22.3 ;;
h|help|-h|--help|'')
exec 2>&1