core/service: also check path in exec commands

diff --git a/src/core/service.c b/src/core/service.c
index 4c75819a8fb18dc19701afdcf0e77b314ac20cc5..54d8d0c7607ab7649b22f1d31f5b69988da52366 100644 (file)
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -567,11 +567,17 @@ static int service_verify(Service *s) {
         for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
                 ExecCommand *command;
 
-                LIST_FOREACH(command, command, s->exec_command[c])
+                LIST_FOREACH(command, command, s->exec_command[c]) {
+                        if (!path_is_absolute(command->path) && !filename_is_valid(command->path))
+                                return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC),
+                                                            "Service %s= binary path \"%s\" is neither a valid executable name nor an absolute path. Refusing.",
+                                                            command->path,
+                                                            service_exec_command_to_string(c));
                         if (strv_isempty(command->argv))
                                 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC),
                                                             "Service has an empty argv in %s=. Refusing.",
                                                             service_exec_command_to_string(c));
+                }
         }
 
         if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP] &&