ipsec: Only allow specific commands to be executed via ipsec script
authorTobias Brunner <tobias@strongswan.org>
Wed, 18 Jan 2017 14:44:06 +0000 (15:44 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 18 Jan 2017 15:15:48 +0000 (16:15 +0100)
The previous fallback allowed running any executable as root if executing
ipsec via sudo was allowed, by using e.g. `sudo ipsec ../../../bin/sh`.

src/ipsec/_ipsec.in

index a002614..ea399b8 100644 (file)
@@ -44,6 +44,8 @@ export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCR
 
 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
 
+command_dir="$IPSEC_DIR"
+
 case "$1" in
 '')
        echo "$IPSEC_SCRIPT command [arguments]"
@@ -94,10 +96,6 @@ case "$1" in
        echo "$IPSEC_PIDDIR"
        exit 0
        ;;
-copyright|--copyright)
-       set _copyright
-       # and fall through, invoking "ipsec _copyright"
-       ;;
 down)
        shift
        if [ "$#" -ne 1 ]
@@ -307,13 +305,19 @@ update)
                exit 7
        fi
        ;;
-pki)
-       shift
-       exec $IPSEC_BINDIR/pki "$@"
+aikgen|pki)
+       # programs in BINDIR may be called directly, these two are listed for legacy reasons
+       command_dir="$IPSEC_BINDIR"
+       # fall through
        ;;
-aikgen)
-       shift
-       exec $IPSEC_BINDIR/aikgen "$@"
+attest|conftest|dumm|irdumm|pacman|pool|pt-tls-client|scepclient|stroke|\
+duplicheck|error-notify|imv_policy_manager|load-tester|lookip|whitelist|\
+_updown|_imv_policy)
+       # fall through
+       ;;
+copyright|--copyright)
+       set _copyright
+       # fall through
        ;;
 version|--version)
        printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n"
@@ -325,16 +329,20 @@ version|--version)
        echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
        exit 2
        ;;
+*)
+       echo "$0: unknown command \`$1' (\`$IPSEC_SCRIPT --help' for list)" >&2
+       exit 2
+       ;;
 esac
 
 cmd="$1"
 shift
 
-path="$IPSEC_DIR/$cmd"
+path="$command_dir/$cmd"
 
 if [ ! -x "$path" ]
 then
-       echo "$0: unknown IPsec command \`$cmd' (\`$IPSEC_SCRIPT --help' for list)" >&2
+       echo "$0: unknown command \`$cmd' (\`$IPSEC_SCRIPT --help' for list)" >&2
        exit 2
 fi