abrt-action-install-debuginfo: prevent $PATH attack

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>

1 files changed, 7 insertions, 2 deletions

diff --git a/src/plugins/abrt-action-install-debuginfo.c b/src/plugins/abrt-action-install-debuginfo.c
index 39915e59..77cd370b 100644
--- a/src/plugins/abrt-action-install-debuginfo.c
+++ b/src/plugins/abrt-action-install-debuginfo.c
@@ -1,7 +1,8 @@
 #include <unistd.h>
 #include <string.h>
 
-#define EXECUTABLE "abrt-action-install-debuginfo.py"
+// TODO: honor configure --prefix here:
+#define EXECUTABLE "/usr/bin/abrt-action-install-debuginfo.py"
 
 static void error_msg_and_die(const char *msg, const char *arg)
 {
@@ -38,6 +39,10 @@ int main(int argc, char **argv)
             error_msg_and_die("bad option", arg);
     }
 
-    execvp(EXECUTABLE, argv);
+    /* We use full path, and execv instead of execvp in order to
+     * disallow user to execute his own abrt-action-install-debuginfo.py
+     * in his dir by setting up corresponding malicious $PATH.
+     */
+    execv(EXECUTABLE, argv);
     error_msg_and_die("Can't execute", EXECUTABLE);
 }