From 1b0ac9fc815fd308057f253397723330e6fea376 Mon Sep 17 00:00:00 2001 From: Ron Yorston Date: Thu, 14 Mar 2019 08:42:17 +0000 Subject: su: canonicalise directory before elevating privileges If the current directory is in a drive mapped to a network share we may not be able to access it once we have elevated privileges. Avoid this by canonicalising the path before calling ShellExecuteEx(). --- loginutils/suw32.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/loginutils/suw32.c b/loginutils/suw32.c index 6396a7b88..e3c6d8744 100644 --- a/loginutils/suw32.c +++ b/loginutils/suw32.c @@ -28,7 +28,7 @@ int suw32_main(int argc UNUSED_PARAM, char **argv) { char *opt_command = NULL; SHELLEXECUTEINFO info; - char *bb_path, *s; + char *bb_path, *cwd, *s; getopt32(argv, "c:", &opt_command); if (argv[optind]) @@ -47,13 +47,19 @@ int suw32_main(int argc UNUSED_PARAM, char **argv) /* info.hwnd = NULL; */ info.lpVerb = "runas"; info.lpFile = bb_path; - /* It seems that when ShellExecuteEx() runs binaries residing in + /* + * It seems that when ShellExecuteEx() runs binaries residing in * certain 'system' directories it sets the current directory of * the process to %SYSTEMROOT%\System32. Override this by passing - * the directory we want to the shell. */ + * the directory we want to the shell. + * + * Canonicalise the directory now: if it's in a drive mapped to + * a network share it may not be available once we have elevated + * privileges. + */ + cwd = xmalloc_realpath(getcwd(NULL, 0)); info.lpParameters = - xasprintf("--busybox ash -d \"%s\" -t \"BusyBox ash (Admin)\" ", - getcwd(NULL, 0)); + xasprintf("--busybox ash -d \"%s\" -t \"BusyBox ash (Admin)\" ", cwd); if (opt_command) info.lpParameters = xasprintf("%s -s -c \"%s\"", info.lpParameters, opt_command); -- cgit v1.2.3-55-g6feb