systemd/backport-CVE-2023-26604-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch

From 612ebf6c913dd0e4197c44909cb3157f5c51a2f0 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 31 Aug 2020 19:37:13 +0200
Subject: [PATCH 1/3] pager: set $LESSSECURE whenver we invoke a pager

Some extra safety when invoked via "sudo". With this we address a
genuine design flaw of sudo, and we shouldn't need to deal with this.
But it's still a good idea to disable this surface given how exotic it
is.

Prompted by #5666
---
 man/less-variables.xml |  9 +++++++++
 man/systemctl.xml      |  1 +
 man/systemd.xml        |  1 +
 src/shared/pager.c     | 23 +++++++++++++++++++++--
 4 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/man/less-variables.xml b/man/less-variables.xml
index 08e513c99f..c52511ca8e 100644
--- a/man/less-variables.xml
+++ b/man/less-variables.xml
@@ -64,6 +64,15 @@
       the invoking terminal is determined to be UTF-8 compatible).</para></listitem>
     </varlistentry>
 
+    <varlistentry id='lesssecure'>
+      <term><varname>$SYSTEMD_LESSSECURE</varname></term>
+
+      <listitem><para>Takes a boolean argument. Overrides the <varname>$LESSSECURE</varname> environment
+      variable when invoking the pager, which controls the "secure" mode of less (which disables commands
+      such as <literal>|</literal> which allow to easily shell out to external command lines). By default
+      less secure mode is enabled, with this setting it may be disabled.</para></listitem>
+    </varlistentry>
+
     <varlistentry id='colors'>
       <term><varname>$SYSTEMD_COLORS</varname></term>
 
diff --git a/man/systemctl.xml b/man/systemctl.xml
index 1c55028837..a3f0c3041a 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -2240,6 +2240,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
     <xi:include href="less-variables.xml" xpointer="pager"/>
     <xi:include href="less-variables.xml" xpointer="less"/>
     <xi:include href="less-variables.xml" xpointer="lesscharset"/>
+    <xi:include href="less-variables.xml" xpointer="lesssecure"/>
     <xi:include href="less-variables.xml" xpointer="colors"/>
     <xi:include href="less-variables.xml" xpointer="urlify"/>
   </refsect1>
diff --git a/man/systemd.xml b/man/systemd.xml
index a9040545c2..c92cfef776 100644
--- a/man/systemd.xml
+++ b/man/systemd.xml
@@ -692,6 +692,7 @@
       <xi:include href="less-variables.xml" xpointer="pager"/>
       <xi:include href="less-variables.xml" xpointer="less"/>
       <xi:include href="less-variables.xml" xpointer="lesscharset"/>
+      <xi:include href="less-variables.xml" xpointer="lesssecure"/>
       <xi:include href="less-variables.xml" xpointer="colors"/>
       <xi:include href="less-variables.xml" xpointer="urlify"/>
 
diff --git a/src/shared/pager.c b/src/shared/pager.c
index e03be6d23b..9c21881241 100644
--- a/src/shared/pager.c
+++ b/src/shared/pager.c
@@ -9,6 +9,7 @@
 #include <unistd.h>
 
 #include "copy.h"
+#include "env-util.h"
 #include "fd-util.h"
 #include "fileio.h"
 #include "io-util.h"
@@ -152,8 +153,7 @@ int pager_open(PagerFlags flags) {
                         _exit(EXIT_FAILURE);
                 }
 
-                /* Initialize a good charset for less. This is
-                 * particularly important if we output UTF-8
+                /* Initialize a good charset for less. This is particularly important if we output UTF-8
                  * characters. */
                 less_charset = getenv("SYSTEMD_LESSCHARSET");
                 if (!less_charset && is_locale_utf8())
@@ -164,6 +164,25 @@ int pager_open(PagerFlags flags) {
                         _exit(EXIT_FAILURE);
                 }
 
+                /* People might invoke us from sudo, don't needlessly allow less to be a way to shell out
+                 * privileged stuff. */
+                r = getenv_bool("SYSTEMD_LESSSECURE");
+                if (r == 0) { /* Remove env var if off */
+                        if (unsetenv("LESSSECURE") < 0) {
+                                log_error_errno(errno, "Failed to uset environment variable LESSSECURE: %m");
+                                _exit(EXIT_FAILURE);
+                        }
+                } else {
+                        /* Set env var otherwise */
+                        if (r < 0)
+                                log_warning_errno(r, "Unable to parse $SYSTEMD_LESSSECURE, ignoring: %m");
+
+                        if (setenv("LESSSECURE", "1", 1) < 0) {
+                                log_error_errno(errno, "Failed to set environment variable LESSSECURE: %m");
+                                _exit(EXIT_FAILURE);
+                        }
+                }
+
                 if (pager_args) {
                         r = loop_write(exe_name_pipe[1], pager_args[0], strlen(pager_args[0]) + 1, false);
                         if (r < 0) {
-- 
2.33.0