When starting non-static command using bwrap use "--"

This ensures that the command is not taken to be a bwrap option.

Resolves: CVE-2024-32462
Resolves: GHSA-phv6-cpc2-2fgj
Signed-off-by: Alexander Larsson <alexl@redhat.com>
[smcv: Fix DISABLE_SANDBOXED_TRIGGERS code path]
[smcv: Make flatpak_run_maybe_start_dbus_proxy() more obviously correct]
Signed-off-by: Simon McVittie <smcv@collabora.com>
This commit is contained in:
Alexander Larsson
2024-04-15 16:10:36 +02:00
committed by Simon McVittie
parent d771946b01
commit 72016e3fce
3 changed files with 7 additions and 2 deletions

View File

@@ -576,7 +576,8 @@ flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError
if (!flatpak_bwrap_bundle_args (bwrap, 1, -1, FALSE, error))
return FALSE;
flatpak_bwrap_add_args (bwrap, command, NULL);
flatpak_bwrap_add_args (bwrap, "--", command, NULL);
flatpak_bwrap_append_argsv (bwrap,
&argv[rest_argv_start + 2],
rest_argc - 2);

View File

@@ -6653,6 +6653,7 @@ flatpak_dir_run_triggers (FlatpakDir *self,
"--proc", "/proc",
"--dev", "/dev",
"--bind", basedir, basedir,
"--",
NULL);
#endif
flatpak_bwrap_add_args (bwrap,

View File

@@ -1082,6 +1082,9 @@ add_bwrap_wrapper (FlatpakBwrap *bwrap,
if (!flatpak_bwrap_bundle_args (bwrap, 1, -1, FALSE, error))
return FALSE;
/* End of options: the next argument will be the executable name */
flatpak_bwrap_add_arg (bwrap, "--");
return TRUE;
}
@@ -4175,7 +4178,7 @@ flatpak_run_app (FlatpakDecomposed *app_ref,
if (!flatpak_bwrap_bundle_args (bwrap, 1, -1, FALSE, error))
return FALSE;
flatpak_bwrap_add_arg (bwrap, command);
flatpak_bwrap_add_args (bwrap, "--", command, NULL);
if (!add_rest_args (bwrap, app_id,
exports, (flags & FLATPAK_RUN_FLAG_FILE_FORWARDING) != 0,