shared/pager: enable support for more(1) secure mode at build-time#41981
shared/pager: enable support for more(1) secure mode at build-time#41981cgoesche wants to merge 1 commit into
Conversation
Commit 81d23b5 added more(1) (from util-linux) to the list of trusted pagers, as it supports a secure mode similar to less(1) ever since util-linux version 2.42. This same version was used to bump the baseline runtime requirement of util-linux. However, this can cause security issues in cases where the literal version require- ment is not respected and an older util-linux version is installed on the system. The least we can do is to enforce a version check at build time and turn support on/off depending on the installed version. Note that this only affects the list of trusted pagers, more(1) remains available for output when no secure pager is required, as determined by the pager selection logic. The behavior changes as follows: Systems with more(1) version < 2.42: Usable only when no trusted pager is needed or SYSTEMD_PAGERSECURE=0 Systems with more(1) version >= 2.42 Usable in all cases Addresses: 81d23b5 Signed-off-by: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>
github-actions
Bot
added
build-system
util-lib
meson
please-review
bluca
added
the
rc-blocker 🚧
keszybz
left a comment
keszybz
left a comment
There was a problem hiding this comment.
Checking at build time is not useful. Any check like this must be at run time.
|
This circles us back to #41503 (comment) . And checking both at build and run time seems like good enough depth of security, no ? Edit: If a user wants to deliberately build with more(1) secure support even if at build time the required version is not available, a meson option can enable it. |
|
yeah this requires a build option, disabled by default, I don't see alternatives, other than reverting and waiting for the current LTS distros to go EOL |
bluca
added
reviewed/needs-rework 🔨
This was reverted to unlock the release for now, so a way to make it work safely can be found with no time pressure |
3 participants
Commit 81d23b5 added more(1) (from util-linux) to the list of trusted pagers, as it supports a secure mode similar to less(1) ever since util-linux version 2.42. This same version was used to bump the baseline runtime requirement of util-linux. However, this can cause security issues in cases where the literal version requirement is not respected and an older util-linux version is installed on the system. The least we can do is to enforce a version check at build time and turn support on/off depending on the installed version.
Note that this only affects the list of trusted pagers, more(1) remains available for output when no secure pager is required, as determined by the pager selection logic.
The behavior changes as follows:
Systems with more(1) version < 2.42:
Systems with more(1) version >= 2.42
Addresses: 81d23b5
Following the discussion with @bluca here.