configure.ac: check for sandbox-shell's FEATURE_SH_STANDALONE

See also: https://bugs.archlinux.org/task/73998. Busybox's FEATURE_SH_STANDALONE feature causes other busybox applets to leak into the sandbox, where system() calls will start preferring them over tools in $PATH. On arch, this even includes `ar`. Let's check for this evil feature and disallow using this as a sandbox shell.
author: Yorick van Pelt <yorick@yorickvanpelt.nl> 2022-05-24 16:26:40 +0200
committer: Yorick van Pelt <yorick@yorickvanpelt.nl> 2022-05-24 16:26:40 +0200
commit: cbf60bec6ff900e6759b439b782c8cef163b3046 (patch)
tree: 077f7a5257c2dcd0f0034106b025906d69f702a0 /configure.ac
parent: 4f98bc29ffe5d7007eb919ae4dbbe0adc4a07745 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index 8a01c33ec..715c70de1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -294,6 +294,17 @@ esac
 AC_ARG_WITH(sandbox-shell, AS_HELP_STRING([--with-sandbox-shell=PATH],[path of a statically-linked shell to use as /bin/sh in sandboxes]),
   sandbox_shell=$withval)
 AC_SUBST(sandbox_shell)
+if ! test -z ${sandbox_shell+x}; then
+  AC_MSG_CHECKING([whether sandbox-shell has the standalone feature])
+  # busybox shell sometimes allows executing other busybox applets,
+  # even if they are not in the path, breaking our sandbox
+  if PATH= $sandbox_shell -c "busybox" 2>&1 | grep -qv "not found"; then
+    AC_MSG_RESULT(enabled)
+    AC_MSG_ERROR([Please disable busybox FEATURE_SH_STANDALONE])
+  else
+    AC_MSG_RESULT(disabled)
+  fi
+fi
 
 # Expand all variables in config.status.
 test "$prefix" = NONE && prefix=$ac_default_prefix
author	Yorick van Pelt <yorick@yorickvanpelt.nl>	2022-05-24 16:26:40 +0200
committer	Yorick van Pelt <yorick@yorickvanpelt.nl>	2022-05-24 16:26:40 +0200
commit	cbf60bec6ff900e6759b439b782c8cef163b3046 (patch)
tree	077f7a5257c2dcd0f0034106b025906d69f702a0 /configure.ac
parent	4f98bc29ffe5d7007eb919ae4dbbe0adc4a07745 (diff)