From e12c404e13e8bc0eaab4b1aeeb3a6af0cc79dd49 Mon Sep 17 00:00:00 2001 From: merakor Date: Mon, 18 May 2020 00:12:29 +0000 Subject: kiss: prevent privilige escalations through user defined hooks During installation, the script is run as root, but out KISS_HOOK variable stays the same. This is a critical bug since a user can only have permissions to install packages as root, but not for any other privilige escalation. A user can abuse the KISS_HOOK in order to become root, possibly with a `/sbin/login` command on the hook file. This change checks for a fourth argument and overrides the KISS_HOOK to `$KISS_ROOT/etc/kiss-hook` FossilOrigin-Name: 67041b182d9524fcfa8292e7167f249b99851129cda0d7fe9e4fdff8388063b6 --- kiss | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'kiss') diff --git a/kiss b/kiss index 25288bb..6d3657a 100755 --- a/kiss +++ b/kiss @@ -81,9 +81,14 @@ pop() { } run_hook() { + # If a fourth parameter 'root' is specified, source + # the hook from a predefined location to avoid privilige + # escalation through user scripts. + [ "$4" ] && KISS_HOOK=$KISS_ROOT/etc/kiss-hook + # This is not a misspelling, can be ignored safely. # shellcheck disable=2153 - [ "$KISS_HOOK" ] || return 0 + [ -f "$KISS_HOOK" ] || return 0 log "$2" "Running $1 hook" @@ -1114,7 +1119,7 @@ pkg_install() { [ "$install_dep" ] && die "$1" "Package requires ${install_dep%, }" - run_hook pre-install "$pkg_name" "$tar_dir/$pkg_name" + run_hook pre-install "$pkg_name" "$tar_dir/$pkg_name" root pkg_conflicts "$pkg_name" @@ -1180,7 +1185,7 @@ pkg_install() { "$sys_db/$pkg_name/post-install" ||: fi - run_hook post-install "$pkg_name" "$sys_db/$pkg_name" + run_hook post-install "$pkg_name" "$sys_db/$pkg_name" root log "$pkg_name" "Installed successfully" } @@ -1518,7 +1523,7 @@ args() { l|list) pkg_list "$@" ;; u|update) pkg_updates ;; s|search) for pkg do pkg_find "$pkg" all; done ;; - v|version) log kiss 1.22.2 ;; + v|version) log kiss 1.22.3 ;; h|help|-h|--help|'') exec 2>&1 -- cgit v1.2.3