Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
From:   cgel.zte@gmail.com
To:     linux-kernel@vger.kernel.org
Cc:     Xu Panda <xu.panda@zte.com.cn>, Zeal Robot <zealci@zte.com.cn>
Subject: [PATCH linux-next] scripts/get_dvb_firmware: use absolute path when using system()
Date:   Thu, 22 Sep 2022 11:47:17 +0000
Message-Id: <20220922114715.237279-1-xu.panda@zte.com.cn>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

From: Xu Panda <xu.panda@zte.com.cn>

Not using absolute path when using system() which can lead to serious
security issues.
---
FYI:
We have to abide by strict rules. When we send out emails, it
will be forwarded by the unified mailbox. When we want to send emails in
personal name to anyone outside the company, we must apply for it, which
is far more difficult than modifying patches. I'm really sorry I can't
reply to you guys.
I used ./scripts/get_maintainer.pl scripts/get_dvb_firmware and only got
linux-kernel@vger.kernel.org (open list), so I didn't add -cc.
Can cause serious problems when using system(), maybe there's a better
way than using absolute paths, but there's no reason for a serious bug
to stay in the kernel.
Please give me some inspiration, thanks a lot.
---
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Xu Panda <xu.panda@zte.com.cn>
---
 scripts/get_dvb_firmware | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/scripts/get_dvb_firmware b/scripts/get_dvb_firmware
index 1a90802410bc..4ca5aef4203b 100755
--- a/scripts/get_dvb_firmware
+++ b/scripts/get_dvb_firmware
@@ -807,19 +807,19 @@ sub si2165 {
 # Utilities
 
 sub checkstandard {
-    if (system("which unzip > /dev/null 2>&1")) {
+    if (system("/usr/bin/which unzip > /dev/null 2>&1")) {
 	die "This firmware requires the unzip command - see ftp://ftp.info-zip.org/pub/infozip/UnZip.html\n";
     }
-    if (system("which md5sum > /dev/null 2>&1")) {
+    if (system("/usr/bin/which md5sum > /dev/null 2>&1")) {
 	die "This firmware requires the md5sum command - see http://www.gnu.org/software/coreutils/\n";
     }
-    if (system("which wget > /dev/null 2>&1")) {
+    if (system("/usr/bin/which wget > /dev/null 2>&1")) {
 	die "This firmware requires the wget command - see http://wget.sunsite.dk/\n";
     }
 }
 
 sub checkunshield {
-    if (system("which unshield > /dev/null 2>&1")) {
+    if (system("/usr/bin/which unshield > /dev/null 2>&1")) {
 	die "This firmware requires the unshield command - see http://sourceforge.net/projects/synce/\n";
     }
 }
@@ -828,14 +828,14 @@ sub wgetfile {
     my ($sourcefile, $url) = @_;
 
     if (! -f $sourcefile) {
-	system("wget -O \"$sourcefile\" \"$url\"") and die "wget failed - unable to download firmware";
+	system("/usr/bin/wget -O \"$sourcefile\" \"$url\"") and die "wget failed - unable to download firmware";
     }
 }
 
 sub unzip {
     my ($sourcefile, $todir) = @_;
 
-    $status = system("unzip -q -o -d \"$todir\" \"$sourcefile\" 2>/dev/null" );
+    $status = system("/usr/bin/unzip -q -o -d \"$todir\" \"$sourcefile\" 2>/dev/null" );
     if ((($status >> 8) > 2) || (($status & 0xff) != 0)) {
 	die ("unzip failed - unable to extract firmware");
     }
@@ -862,7 +862,7 @@ sub verify {
 sub copy {
     my ($from, $to) = @_;
 
-    system("cp -f \"$from\" \"$to\"") and die ("cp failed");
+    system("/usr/bin/cp -f \"$from\" \"$to\"") and die ("cp failed");
 }
 
 sub extract {
-- 
2.15.2