Prevent execution of arbitrary scripts

Disables the execution of shell scripts or lua code when parsing the spec file. Replaces the script output with static text "UNEXPANDEDSHELLSCRIPT" or "UNEXPANDEDLUASCRIPT". Change-Id: I7d43785715c4b518040463ae70bddd46734e824e Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
author: Markus Lehtonen <markus.lehtonen@linux.intel.com> 2013-06-25 16:25:42 +0300
committer: Markus Lehtonen <markus.lehtonen@linux.intel.com> 2014-06-11 17:48:03 +0300
commit: f06cdf9f3bfc38a2b2b8b77327d547f34ceeec26 (patch)
tree: 001da4a5fd51e6419625096a1ca7b2edf7bdae7d /rpmio/macro.c
parent: b741dc9cac9b9e9a71427391f9bbfe703776724f (diff)
download: librpm-tizen-f06cdf9f3bfc38a2b2b8b77327d547f34ceeec26.tar.gz
librpm-tizen-f06cdf9f3bfc38a2b2b8b77327d547f34ceeec26.tar.bz2
librpm-tizen-f06cdf9f3bfc38a2b2b8b77327d547f34ceeec26.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/rpmio/macro.c b/rpmio/macro.c
index 5362512f6..aeedb4725 100644
--- a/rpmio/macro.c
+++ b/rpmio/macro.c
@@ -472,6 +472,9 @@ doShellEscape(MacroBuf mb, const char * cmd, size_t clen)
     int rc = 0;
     int c;
 
+    rpmlog(RPMLOG_INFO, _("Refusing to run shell code: %s\n"), cmd);
+    mbAppendStr(mb, "UNEXPANDEDSHELLSCRIPT");
+#if 0
     rc = expandThis(mb, cmd, clen, &buf);
     if (rc)
 	goto exit;
@@ -493,6 +496,7 @@ doShellEscape(MacroBuf mb, const char * cmd, size_t clen)
 
 exit:
     _free(buf);
+#endif
     return rc;
 }
author	Markus Lehtonen <markus.lehtonen@linux.intel.com>	2013-06-25 16:25:42 +0300
committer	Markus Lehtonen <markus.lehtonen@linux.intel.com>	2014-06-11 17:48:03 +0300
commit	f06cdf9f3bfc38a2b2b8b77327d547f34ceeec26 (patch)
tree	001da4a5fd51e6419625096a1ca7b2edf7bdae7d /rpmio/macro.c
parent	b741dc9cac9b9e9a71427391f9bbfe703776724f (diff)
download	librpm-tizen-f06cdf9f3bfc38a2b2b8b77327d547f34ceeec26.tar.gz librpm-tizen-f06cdf9f3bfc38a2b2b8b77327d547f34ceeec26.tar.bz2 librpm-tizen-f06cdf9f3bfc38a2b2b8b77327d547f34ceeec26.zip