On 11/09/17 at 11:05am, Bhupesh Sharma wrote:
On Thu, Nov 9, 2017 at 10:46 AM, Dave Young <dyoung(a)redhat.com>
wrote:
> Since we call dracut directly on current working directory "." so it is
> possible to trick root to call fake code.
>
> Thus move to use abosolute path instead.
^^^^^^^^
Minor nitpick: absolute
Will fix the typo when I apply it, thanks!
>
> >
> > Signed-off-by: Dave Young <dyoung(a)redhat.com>
> > ---
> > mkdumprd | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > Index: kexec-tools/mkdumprd
> > ===================================================================
> > --- kexec-tools.orig/mkdumprd
> > +++ kexec-tools/mkdumprd
> > @@ -17,6 +17,7 @@ SAVE_PATH=$(grep ^path $conf_file| cut -
> > [ -z "$SAVE_PATH" ] && SAVE_PATH=$DEFAULT_PATH
> > # strip the duplicated "/"
> > SAVE_PATH=$(echo $SAVE_PATH | tr -s /)
> > +DRACUT_PATH=/usr/bin
> >
> > is_wdt_addition_needed() {
> > local active
> > @@ -457,7 +458,7 @@ if ! is_fadump_capable; then
> > add_dracut_arg "--no-hostonly-default-device"
> > fi
> >
> > -dracut "${dracut_args[@]}" "$@"
> > +${DRACUT_PATH}/dracut "${dracut_args[@]}" "$@"
> > _rc=$?
> > sync
> > exit $_rc
> >
>
> Good catch. This should be fixed as local users can trick the
> administrator into executing code as root.
>
> Acked-by: Bhupesh Sharma <bhsharma(a)redhat.com>
>
> Regards,
> Bhupesh