systemd/SOURCES/9000-core-reorder-systemd-arguments-on-reexec.patch

From dcc55e1b0930c6db277e87b8a521e82f3d0f74c3 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@almalinux.org>
Date: Thu, 17 Oct 2024 10:19:25 +0000
Subject: [PATCH] core: reorder systemd arguments on reexec

When reexecuting system let's put our arguments carrying deserialization
info first followed by any existing arguments to make sure they get
parsed in case we get weird stuff from the kernel cmdline (like --).

See: https://github.com/systemd/systemd/issues/28184
---
 src/core/main.c            | 6 +++++-
 test/TEST-01-BASIC/test.sh | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/core/main.c b/src/core/main.c
index e7b8e98..6df29f3 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1813,13 +1813,17 @@ static int do_reexecute(
                 xsprintf(sfd, "%i", fileno(arg_serialization));
 
                 i = 1;         /* Leave args[0] empty for now. */
-                filter_args(args, &i, argv, argc);
 
+                /* Put our stuff first to make sure it always gets parsed in case
+                 * we get weird stuff from the kernel cmdline (like --) */
                 if (switch_root_dir)
                         args[i++] = "--switched-root";
                 args[i++] = arg_system ? "--system" : "--user";
                 args[i++] = "--deserialize";
                 args[i++] = sfd;
+
+                filter_args(args, &i, argv, argc);
+
                 args[i++] = NULL;
 
                 assert(i <= args_size);
diff --git a/test/TEST-01-BASIC/test.sh b/test/TEST-01-BASIC/test.sh
index cc6d065..d0e714a 100755
--- a/test/TEST-01-BASIC/test.sh
+++ b/test/TEST-01-BASIC/test.sh
@@ -8,6 +8,11 @@ RUN_IN_UNPRIVILEGED_CONTAINER=${RUN_IN_UNPRIVILEGED_CONTAINER:-yes}
 TEST_REQUIRE_INSTALL_TESTS=0
 TEST_SUPPORTING_SERVICES_SHOULD_BE_MASKED=0
 
+# Check if we can correctly deserialize if the kernel cmdline contains "weird" stuff
+# like an invalid argument, "end of arguments" separator, or a sysvinit argument (-z)
+# See: https://github.com/systemd/systemd/issues/28184
+KERNEL_APPEND="foo -- -z bar --- baz $KERNEL_APPEND"
+
 # shellcheck source=test/test-functions
 . "${TEST_BASE_DIR:?}/test-functions"
 
-- 
2.43.5
core: reorder systemd arguments on reexec 2024-10-17 10:21:44 +00:00			`From dcc55e1b0930c6db277e87b8a521e82f3d0f74c3 Mon Sep 17 00:00:00 2001`
			`From: Andrew Lukoshko <alukoshko@almalinux.org>`
			`Date: Thu, 17 Oct 2024 10:19:25 +0000`
			`Subject: [PATCH] core: reorder systemd arguments on reexec`

			`When reexecuting system let's put our arguments carrying deserialization`
			`info first followed by any existing arguments to make sure they get`
			`parsed in case we get weird stuff from the kernel cmdline (like --).`

			`See: https://github.com/systemd/systemd/issues/28184`
			`---`
			`src/core/main.c \| 6 +++++-`
			`test/TEST-01-BASIC/test.sh \| 5 +++++`
			`2 files changed, 10 insertions(+), 1 deletion(-)`

			`diff --git a/src/core/main.c b/src/core/main.c`
			`index e7b8e98..6df29f3 100644`
			`--- a/src/core/main.c`
			`+++ b/src/core/main.c`
			`@@ -1813,13 +1813,17 @@ static int do_reexecute(`
			`xsprintf(sfd, "%i", fileno(arg_serialization));`

			`i = 1; /* Leave args[0] empty for now. */`
			`- filter_args(args, &i, argv, argc);`

			`+ /* Put our stuff first to make sure it always gets parsed in case`
			`+ * we get weird stuff from the kernel cmdline (like --) */`
			`if (switch_root_dir)`
			`args[i++] = "--switched-root";`
			`args[i++] = arg_system ? "--system" : "--user";`
			`args[i++] = "--deserialize";`
			`args[i++] = sfd;`
			`+`
			`+ filter_args(args, &i, argv, argc);`
			`+`
			`args[i++] = NULL;`

			`assert(i <= args_size);`
			`diff --git a/test/TEST-01-BASIC/test.sh b/test/TEST-01-BASIC/test.sh`
			`index cc6d065..d0e714a 100755`
			`--- a/test/TEST-01-BASIC/test.sh`
			`+++ b/test/TEST-01-BASIC/test.sh`
			`@@ -8,6 +8,11 @@ RUN_IN_UNPRIVILEGED_CONTAINER=${RUN_IN_UNPRIVILEGED_CONTAINER:-yes}`
			`TEST_REQUIRE_INSTALL_TESTS=0`
			`TEST_SUPPORTING_SERVICES_SHOULD_BE_MASKED=0`

			`+# Check if we can correctly deserialize if the kernel cmdline contains "weird" stuff`
			`+# like an invalid argument, "end of arguments" separator, or a sysvinit argument (-z)`
			`+# See: https://github.com/systemd/systemd/issues/28184`
			`+KERNEL_APPEND="foo -- -z bar --- baz $KERNEL_APPEND"`
			`+`
			`# shellcheck source=test/test-functions`
			`. "${TEST_BASE_DIR:?}/test-functions"`

			`--`
			`2.43.5`