Description : Fixed the security hole.

In case of "systemctl --user enable <path>", a application can insert
the malicious user service.

So systemctl can only enable the service with service name.

Change-Id: I570f45985516ee3636720f36787080590e6f90ef
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>

diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 869fefe..cb08208 100644 (file)
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -5710,6 +5710,21 @@ static int unit_exists(const char *unit) {
         return !streq_ptr(info.load_state, "not-found") || !streq_ptr(info.active_state, "inactive");
 }
 
+static int check_args_is_path(char **args)
+{
+        char **name;
+
+        STRV_FOREACH(name, args) {
+                if (is_path(*name))
+                {
+                        return 1;
+                }
+        }
+
+        return 0;
+}
+
+
 static int enable_unit(int argc, char *argv[], void *userdata) {
         _cleanup_strv_free_ char **names = NULL;
         const char *verb = argv[0];
@@ -5722,6 +5737,12 @@ static int enable_unit(int argc, char *argv[], void *userdata) {
         if (!argv[1])
                 return 0;
 
+        if (streq(verb, "enable")) {
+                if ( check_args_is_path(args+1) == 1 ) {
+                        return 0;
+                }
+        }
+
         r = mangle_names(strv_skip(argv, 1), &names);
         if (r < 0)
                 return r;