From: Dmitry Kovalenko <d.kovalenko@samsung.com>
Date: Fri, 1 Jul 2016 04:37:14 +0000 (+0300)
Subject: Add strict PATH environment variable into init scripts
X-Git-Tag: accepted/tizen/common/20160701.193153^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=704a0dfcdb20b758c132a23e50ffae83b355289c;p=platform%2Fcore%2Fsystem%2Fswap-manager.git

Add strict PATH environment variable into init scripts

This change guarantee execution aux programs only from trusted paths.
Even most of programs has absolute path in scripts this change
will prevent security issues in further changes.

Change-Id: I108f5246c6af29eb8f3f4bff278b38941ad208f8
Signed-off-by: Dmitry Kovalenko <d.kovalenko@samsung.com>
---

diff --git a/scripts/gen_loader_header.sh b/scripts/gen_loader_header.sh
index 007d8ab..2d88950 100755
--- a/scripts/gen_loader_header.sh
+++ b/scripts/gen_loader_header.sh
@@ -15,8 +15,10 @@ output=$1
 function print_header()
 {
     filename=$1
-    echo -e "#!/bin/bash\n"\
-            "#Loader\n" > $filename
+    echo "#!/bin/bash
+#Loader
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+" > $filename
 }
 
 function print_loader()
diff --git a/scripts/gen_preload_header.sh b/scripts/gen_preload_header.sh
index 48b1b63..ce26470 100755
--- a/scripts/gen_preload_header.sh
+++ b/scripts/gen_preload_header.sh
@@ -10,8 +10,10 @@ output=$1
 function print_header()
 {
     filename=$1
-    echo -e "#!/bin/bash\n"\
-            "#Preload\n" > $filename
+    echo "#!/bin/bash
+#Preload
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+" > $filename
 }
 
 function print_probe_lib()
diff --git a/scripts/gen_uihv_header.sh b/scripts/gen_uihv_header.sh
old mode 100644
new mode 100755
index 3289f4a..e21b489
--- a/scripts/gen_uihv_header.sh
+++ b/scripts/gen_uihv_header.sh
@@ -7,8 +7,10 @@ output=$1
 function print_header()
 {
     filename=$1
-    echo -e "#!/bin/bash\n"\
-            "#Preload\n" > $filename
+    echo "#!/bin/bash
+#Preload
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+" > $filename
 }
 
 function print_ui_viewer_lib()
diff --git a/scripts/gen_wsp_data.sh b/scripts/gen_wsp_data.sh
index a8432f0..01fe413 100755
--- a/scripts/gen_wsp_data.sh
+++ b/scripts/gen_wsp_data.sh
@@ -163,7 +163,7 @@ function gen_script_out()
 		#!/bin/bash
 
 		#WSP initialze autogenerated script
-
+		PATH=/bin:/usr/bin:/sbin:/usr/sbin
 		/bin/echo "$path_webapp" > $webapp_path
 		/bin/echo "$path_libewebkit2" > $ewebkit_path
 
diff --git a/scripts/swap_start.sh b/scripts/swap_start.sh
index 279b5b4..a6fbe4a 100755
--- a/scripts/swap_start.sh
+++ b/scripts/swap_start.sh
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
 #ERROR CODES
 ERR_CONTAINER_NOT_SUPPORTED=1
 ERR_NO=0
@@ -12,7 +14,6 @@ if [ "$1" != "" ];then
     exit $1
 fi
 
-PATH=$PATH:/usr/sbin/
 
 config_file="/etc/config/model-config.xml"
 if [ -e $config_file ]; then
diff --git a/scripts/swap_stop.sh b/scripts/swap_stop.sh
index 90fe763..47d8549 100755
--- a/scripts/swap_stop.sh
+++ b/scripts/swap_stop.sh
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
 # swap disabling
 /bin/echo 0 > /sys/kernel/debug/swap/enable