Refuse executable service with skip-service-descriptor=true

DemiMarie · DemiMarie · commit c801cf3b0c62 · 2024-04-27T21:46:51.000-04:00
The fork server will not be used in this case, so the behavior would be
inconsistent with skip-service-descriptor=false (the default).
diff --git a/libqrexec/exec.c b/libqrexec/exec.c
@@ -737,6 +737,11 @@ int find_qrexec_service(
 
     if (euidaccess(path_buffer.data, X_OK) == 0) {
         /* Executable-based service. */
+        if (!cmd->send_service_descriptor) {
+            LOG(ERROR, "Refusing to execute executable service %s with skip-service-descriptor=true",
+                path_buffer.data);
+            return -2;
+        }
         return 0;
     }
 
diff --git a/qrexec/tests/socket/agent.py b/qrexec/tests/socket/agent.py
@@ -580,6 +580,10 @@ def test_exec_service_with_invalid_config_5(self):
     def test_exec_service_with_invalid_config_6(self):
         self.exec_service_with_invalid_config(None)
 
+    def test_exec_service_with_invalid_config_7(self):
+        # skip-service-descriptor not allowed with executable service
+        self.exec_service_with_invalid_config("skip-service-descriptor = true\n")
+
     def test_exec_service_with_arg(self):
         self.make_executable_service(
             "local-rpc",
