1 files changed, 112 insertions, 0 deletions

diff --git a/debian/patches/0002-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch b/debian/patches/0002-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch
new file mode 100644
index 0000000..4b4ccc3
--- /dev/null
+++ b/debian/patches/0002-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch
@@ -0,0 +1,112 @@
+From 47bf4e7c6be2f73ecc8cfd8732920987df09e487 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 31 Aug 2020 19:37:13 +0200
+Subject: pager: set $LESSSECURE whenver we invoke a pager
+
+Some extra safety when invoked via "sudo". With this we address a
+genuine design flaw of sudo, and we shouldn't need to deal with this.
+But it's still a good idea to disable this surface given how exotic it
+is.
+
+Prompted by #5666
+---
+ man/less-variables.xml |  9 +++++++++
+ man/systemctl.xml      |  1 +
+ man/systemd.xml        |  1 +
+ src/shared/pager.c     | 23 +++++++++++++++++++++--
+ 4 files changed, 32 insertions(+), 2 deletions(-)
+
+diff --git a/man/less-variables.xml b/man/less-variables.xml
+index 334eb19871..fed4178b01 100644
+--- a/man/less-variables.xml
++++ b/man/less-variables.xml
+@@ -60,5 +60,14 @@
+       </listitem>
+     </varlistentry>
+ 
++    <varlistentry id='lesssecure'>
++      <term><varname>$SYSTEMD_LESSSECURE</varname></term>
++
++      <listitem><para>Takes a boolean argument. Overrides the <varname>$LESSSECURE</varname> environment
++      variable when invoking the pager, which controls the "secure" mode of less (which disables commands
++      such as <literal>|</literal> which allow to easily shell out to external command lines). By default
++      less secure mode is enabled, with this setting it may be disabled.</para></listitem>
++    </varlistentry>
++
+   </variablelist>
+ </refsect1>
+diff --git a/man/systemctl.xml b/man/systemctl.xml
+index 08aacd8f41..22b26d3607 100644
+--- a/man/systemctl.xml
++++ b/man/systemctl.xml
+@@ -2039,6 +2039,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
+     <xi:include href="less-variables.xml" xpointer="pager"/>
+     <xi:include href="less-variables.xml" xpointer="less"/>
+     <xi:include href="less-variables.xml" xpointer="lesscharset"/>
++    <xi:include href="less-variables.xml" xpointer="lesssecure"/>
+   </refsect1>
+ 
+   <refsect1>
+diff --git a/man/systemd.xml b/man/systemd.xml
+index 1ff1f34dbe..d0d847c353 100644
+--- a/man/systemd.xml
++++ b/man/systemd.xml
+@@ -875,6 +875,7 @@
+ 
+       <xi:include href="less-variables.xml" xpointer="colors" />
+       <xi:include href="less-variables.xml" xpointer="urlify" />
++      <xi:include href="less-variables.xml" xpointer="lesssecure"/>
+ 
+       <varlistentry>
+         <term><varname>$LISTEN_PID</varname></term>
+diff --git a/src/shared/pager.c b/src/shared/pager.c
+index bf2597e65a..7a56271760 100644
+--- a/src/shared/pager.c
++++ b/src/shared/pager.c
+@@ -11,6 +11,7 @@
+ #include <unistd.h>
+ 
+ #include "copy.h"
++#include "env-util.h"
+ #include "fd-util.h"
+ #include "fileio.h"
+ #include "io-util.h"
+@@ -152,8 +153,7 @@ int pager_open(PagerFlags flags) {
+                         _exit(EXIT_FAILURE);
+                 }
+ 
+-                /* Initialize a good charset for less. This is
+-                 * particularly important if we output UTF-8
++                /* Initialize a good charset for less. This is particularly important if we output UTF-8
+                  * characters. */
+                 less_charset = getenv("SYSTEMD_LESSCHARSET");
+                 if (!less_charset && is_locale_utf8())
+@@ -164,6 +164,25 @@ int pager_open(PagerFlags flags) {
+                         _exit(EXIT_FAILURE);
+                 }
+ 
++                /* People might invoke us from sudo, don't needlessly allow less to be a way to shell out
++                 * privileged stuff. */
++                r = getenv_bool("SYSTEMD_LESSSECURE");
++                if (r == 0) { /* Remove env var if off */
++                        if (unsetenv("LESSSECURE") < 0) {
++                                log_error_errno(errno, "Failed to uset environment variable LESSSECURE: %m");
++                                _exit(EXIT_FAILURE);
++                        }
++                } else {
++                        /* Set env var otherwise */
++                        if (r < 0)
++                                log_warning_errno(r, "Unable to parse $SYSTEMD_LESSSECURE, ignoring: %m");
++
++                        if (setenv("LESSSECURE", "1", 1) < 0) {
++                                log_error_errno(errno, "Failed to set environment variable LESSSECURE: %m");
++                                _exit(EXIT_FAILURE);
++                        }
++                }
++
+                 if (pager_args) {
+                         r = loop_write(exe_name_pipe[1], pager_args[0], strlen(pager_args[0]) + 1, false);
+                         if (r < 0) {
+-- 
+2.30.2
+