From da32cac8a014ddf048fc7bad84dafdbc204d4dc8 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Fri, 4 Oct 2024 10:51:02 +0200
Subject: [PATCH] core: warn if a generator is world-writable

... because that is obviously a security risk.
---
 src/core/manager.c     |  2 +-
 src/shared/exec-util.c | 12 ++++++++++++
 src/shared/exec-util.h |  1 +
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/core/manager.c b/src/core/manager.c
index 18fb8fdaf8c..2789f0e3d0c 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -4151,7 +4151,7 @@ static int manager_execute_generators(Manager *m, char **paths, bool remount_ro)
                         /* callbacks= */ NULL, /* callback_args= */ NULL,
                         (char**) argv,
                         ge,
-                        EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS | EXEC_DIR_SET_SYSTEMD_EXEC_PID);
+                        EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS | EXEC_DIR_SET_SYSTEMD_EXEC_PID | EXEC_DIR_WARN_WORLD_WRITABLE);
 }
 
 static int manager_run_generators(Manager *m) {
diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c
index 870f8f66d82..628e777da17 100644
--- a/src/shared/exec-util.c
+++ b/src/shared/exec-util.c
@@ -156,6 +156,18 @@ static int do_execute(
                         log_debug("About to execute %s%s%s", t, argv ? " " : "", argv ? strnull(args) : "");
                 }
 
+                if (FLAGS_SET(flags, EXEC_DIR_WARN_WORLD_WRITABLE)) {
+                        struct stat st;
+
+                        r = stat(t, &st);
+                        if (r < 0)
+                                log_warning_errno(errno, "Failed to stat '%s', ignoring: %m", t);
+                        else if (S_ISREG(st.st_mode) && (st.st_mode & 0002))
+                                log_warning("'%s' is marked world-writable, which is a security risk as it "
+                                            "is executed with privileges. Please remove world writability "
+                                            "permission bits. Proceeding anyway.", t);
+                }
+
                 r = do_spawn(t, argv, fd, FLAGS_SET(flags, EXEC_DIR_SET_SYSTEMD_EXEC_PID), &pid);
                 if (r <= 0)
                         continue;
diff --git a/src/shared/exec-util.h b/src/shared/exec-util.h
index 3940a286aea..4565ddbee08 100644
--- a/src/shared/exec-util.h
+++ b/src/shared/exec-util.h
@@ -20,6 +20,7 @@ typedef enum {
         EXEC_DIR_IGNORE_ERRORS        = 1 << 1, /* Ignore non-zero exit status of scripts */
         EXEC_DIR_SET_SYSTEMD_EXEC_PID = 1 << 2, /* Set $SYSTEMD_EXEC_PID environment variable */
         EXEC_DIR_SKIP_REMAINING       = 1 << 3, /* Ignore remaining executions when one exit with 77. */
+        EXEC_DIR_WARN_WORLD_WRITABLE  = 1 << 4, /* Warn if world writable files are found */
 } ExecDirFlags;
 
 typedef enum ExecCommandFlags {
-- 
2.47.3