From 9c65888e823a1d54b7198f6e75919e7a13867bca Mon Sep 17 00:00:00 2001 From: Sami Kerola Date: Wed, 27 Jul 2016 19:47:38 +0100 Subject: [PATCH] hwclock: make --date=argument less prone to injection This change should not improve security much. One hopes hwclock --set is restricted for root only. Where hwclock is allowed to run via sudo, or has setuid setup, there is a pretty easy privilege escalation via subshell. $ sudo ./hwclock --set --date='2000-10-20$(touch /tmp/hwclock.inject)' Reviewed-by: J William Piggott Signed-off-by: Sami Kerola --- sys-utils/hwclock.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sys-utils/hwclock.c b/sys-utils/hwclock.c index 98933316f0..8716946d63 100644 --- a/sys-utils/hwclock.c +++ b/sys-utils/hwclock.c @@ -672,10 +672,12 @@ static int interpret_date_string(const struct hwclock_control *ctl, } /* Quotes in date_opt would ruin the date command we construct. */ - if (strchr(ctl->date_opt, '"') != NULL) { + if (strchr(ctl->date_opt, '"') != NULL || + strchr(ctl->date_opt, '`') != NULL || + strchr(ctl->date_opt, '$') != NULL) { warnx(_ ("The value of the --date option is not a valid date.\n" - "In particular, it contains quotation marks.")); + "In particular, it contains illegal character(s).")); return retcode; } -- 2.47.3