base-files: don't evaluate block-device uevent

Backport commits fixing the detection of GPT partition names during preinit and sysupgrade, closing a shell-injection vulnerability. da52dd0c83 ("base-files: quote values when evaluating uevent") 267873ac9b ("base-files: don't evaluate block-device uevent") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2025-03-11 06:54:21 +00:00 · 2018-02-02 01:57:46 +01:00 · 2018-02-02 01:57:46 +01:00 · f60be72077
commit f60be72077
parent 623cdc4ffe
1 changed files with 8 additions and 5 deletions
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@ -208,7 +208,7 @@ get_magic_long() {
 }

 export_bootdevice() {
-	local cmdline uuid disk uevent
+	local cmdline uuid disk uevent line
 	local MAJOR MINOR DEVNAME DEVTYPE

 	if read cmdline < /proc/cmdline; then
@ -241,8 +241,9 @@ export_bootdevice() {
 		esac

 		if [ -e "$uevent" ]; then
-			. "$uevent"
-
+			while read line; do
+				export -n "$line"
+			done < "$uevent"
 			export BOOTDEV_MAJOR=$MAJOR
 			export BOOTDEV_MINOR=$MINOR
 			return 0
@ -254,10 +255,12 @@ export_bootdevice() {

 export_partdevice() {
 	local var="$1" offset="$2"
-	local uevent MAJOR MINOR DEVNAME DEVTYPE
+	local uevent line MAJOR MINOR DEVNAME DEVTYPE

 	for uevent in /sys/class/block/*/uevent; do
-		. "$uevent"
+		while read line; do
+			export -n "$line"
+		done < "$uevent"
 		if [ $BOOTDEV_MAJOR = $MAJOR -a $(($BOOTDEV_MINOR + $offset)) = $MINOR -a -b "/dev/$DEVNAME" ]; then
 			export "$var=$DEVNAME"
 			return 0