| Jon Salz | 3d1d507 | 2013-12-20 07:29:26 +0800 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | |
| 3 | # Copyright (c) 2014 The Chromium OS Authors. All rights reserved. |
| 4 | # Use of this source code is governed by a BSD-style license that can be |
| 5 | # found in the LICENSE file. |
| 6 | |
| 7 | # Opens "less" securely as the "nobody" user. Only piping from stdin |
| 8 | # is supported (there may be no command line arguments). |
| 9 | |
| Mike Frysinger | 20b6234 | 2016-09-13 14:17:38 -0400 | [diff] [blame] | 10 | set -e |
| Jon Salz | 3d1d507 | 2013-12-20 07:29:26 +0800 | [diff] [blame] | 11 | |
| 12 | if [ $# -ne 0 ]; then |
| 13 | echo "Usage: secure_less.sh" >& 2 |
| 14 | echo "(no command-line arguments are allowed)" >& 2 |
| 15 | exit 1 |
| 16 | fi |
| 17 | |
| 18 | # Disable EDITOR and SHELL, just in case. Always use busybox less, |
| 19 | # since it has no fancy features that could enable exploits. |
| Mike Frysinger | a7ff892 | 2016-09-12 01:49:12 -0400 | [diff] [blame] | 20 | |
| 21 | # We can switch back to only su if either of these bugs get fixed: |
| 22 | # https://bugs.debian.org/663200 |
| 23 | # https://bugs.busybox.net/9231 |
| 24 | if sudo -h >/dev/null 2>&1; then |
| 25 | set -x |
| 26 | exec sudo -u nobody -s /bin/sh \ |
| 27 | -c "EDITOR=/bin/false SHELL=/bin/false busybox less" |
| 28 | else |
| 29 | set -x |
| 30 | exec su -s /bin/sh \ |
| 31 | -c "EDITOR=/bin/false SHELL=/bin/false busybox less" - nobody |
| 32 | fi |