Prevent execution of arbitrary scripts

Disables the execution of shell scripts or lua code when parsing the
spec file. Replaces the script output with static text
"UNEXPANDEDSHELLSCRIPT".

Change-Id: I250bd753ec498a7bf03acf5436a8ed4f0ba28a31

diff --git a/rpmio/macro.c b/rpmio/macro.c
index 7858b10b22455f539d0dff1ff61346ce92a5263f..ac9fbdcf72eb0d8325505cda3829a8570d55690f 100644 (file)
--- a/rpmio/macro.c
+++ b/rpmio/macro.c
@@ -421,6 +421,10 @@ doShellEscape(MacroBuf mb, const char * cmd, size_t clen)
     FILE *shf;
     int c;
 
+#ifdef WITH_LUA
+    rpmlog(RPMLOG_WARNING, _("Refusing to run shell code: %s\n"), cmd);
+    mbAppendStr(mb, "UNEXPANDEDSHELLSCRIPT");
+#else
     if (expandThis(mb, cmd, clen, &buf))
        goto exit;
 
@@ -443,6 +447,7 @@ doShellEscape(MacroBuf mb, const char * cmd, size_t clen)
 
 exit:
     _free(buf);
+#endif
 }
 
 /**