Bool BuildExecPath(char *execPath, // OUT: Buffer to store executable's path size_t execPathSize) // IN : size of execPath buffer { char tmpPath[MAXPATHLEN]; int execLen; /* * The locations database is the only path that's fixed, and it contains the * paths to all the other paths selected during Tools configuration. The * locations database file is only writable by root, so we can trust it. */ if (!QueryLocationsDB(LOCATIONS_PATH, QUERY_BINDIR, tmpPath, sizeof tmpPath)) { Error("could not obtain BINDIR\n"); return FALSE; } if (strlcat(tmpPath, "/vmware-user-wrapper", sizeof tmpPath) >= sizeof tmpPath) { Error("could not construct program filename\n"); return FALSE; } /* * From readlink(2), "The readlink() system call does not append a NUL * character to buf." (NB: This breaks if user ever replaces the symlink * with the target.) */ if ((execLen = readlink(tmpPath, execPath, execPathSize - 1)) == -1) { Error("could not resolve symlink: %s\n", strerror(errno)); return FALSE; } execPath[execLen] = '\0'; /* * Now make sure that the target is actually part of our "trusted" * directory. (Check that execPath has LIBDIR as a prefix and does * not contain "..".) */ if (!QueryLocationsDB(LOCATIONS_PATH, QUERY_LIBDIR, tmpPath, sizeof tmpPath)) { Error("could not obtain LIBDIR\n"); return FALSE; } if ((strncmp(execPath, tmpPath, strlen(tmpPath)) != 0) || (strstr(execPath, "..") != NULL)) { Error("vmware-user path untrusted\n"); return FALSE; } return TRUE; }
Bool BuildExecPath(char *execPath, // OUT: Path to executable for isaexec() size_t execPathSize) // IN : size of execPath buffer { /* * The locations database is the only path that's fixed, and it contains the * paths to all the other paths selected during Tools configuration. The * locations database file is only writable by root, so we can trust it. */ if (!QueryLocationsDB(LOCATIONS_PATH, QUERY_LIBDIR, execPath, execPathSize)) { Error("could not obtain LIBDIR\n"); return FALSE; } /* * The wrapper script now emulates the work done by the isaexec command hence * we will simply call execve(2) below and allow the wrapper to do the rest. */ if (strlcat(execPath, "/bin/vmware-user-wrapper", execPathSize) >= execPathSize) { Error("could not construct program filename\n"); return FALSE; } return TRUE; }