summaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/abrt-action-install-debuginfo.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/plugins/abrt-action-install-debuginfo.c b/src/plugins/abrt-action-install-debuginfo.c
index 39915e59..77cd370b 100644
--- a/src/plugins/abrt-action-install-debuginfo.c
+++ b/src/plugins/abrt-action-install-debuginfo.c
@@ -1,7 +1,8 @@
#include <unistd.h>
#include <string.h>
-#define EXECUTABLE "abrt-action-install-debuginfo.py"
+// TODO: honor configure --prefix here:
+#define EXECUTABLE "/usr/bin/abrt-action-install-debuginfo.py"
static void error_msg_and_die(const char *msg, const char *arg)
{
@@ -38,6 +39,10 @@ int main(int argc, char **argv)
error_msg_and_die("bad option", arg);
}
- execvp(EXECUTABLE, argv);
+ /* We use full path, and execv instead of execvp in order to
+ * disallow user to execute his own abrt-action-install-debuginfo.py
+ * in his dir by setting up corresponding malicious $PATH.
+ */
+ execv(EXECUTABLE, argv);
error_msg_and_die("Can't execute", EXECUTABLE);
}
generated by cgit (git 2.34.1) at 2026-03-11 21:00:52 +0000