Removed Popen shell handling and catch OSError

2024-11-27 19:04:15 +01:00 · 2021-09-21 02:33:33 -04:00 · 2021-09-21 02:33:33 -04:00 · 62d274918b
commit 62d274918b
parent bf1cc19873
2 changed files with 11 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -21,12 +21,14 @@ and simply didn't have the time to go back and retroactively create one.
 - Forced `Stream.RAW` for all GTFOBins interaction ([#195](https://github.com/calebstewart/pwncat/issues/195)).
 - Added custom `which` implementation for linux when `which` is not available ([#193](https://github.com/calebstewart/pwncat/issues/193)).
 - Correctly handle `--listen` argument ([#201](https://github.com/calebstewart/pwncat/issues/201))
+- Added handler for `OSError` when attempting to detect the running shell ([#179](https://github.com/calebstewart/pwncat/issues/179))
 ### Added
 - Added alternatives to `bash` to be used during _shell upgrade_ for a _better shell_
 - Added a warning message when a `KeyboardInterrupt` is caught
 - Added `--verbose/-V` for argument parser
 - Added `OSError` for `bind` protocol to show appropriate error messages
 ### Changed
+- Removed handling of `shell` argument to `Popen` to prevent `euid` problems ([#179](https://github.com/calebstewart/pwncat/issues/179))
 - Changed some 'red' warning message color to 'yellow'
 - Leak private keys for all users w/ file-read ability as UID=0 ([#181](https://github.com/calebstewart/pwncat/issues/181))
 - Raise `PermissionError` when underlying processes terminate unsuccessfully for `LinuxReader` and `LinuxWriter`
--- a/pwncat/platform/linux.py
+++ b/pwncat/platform/linux.py
@ -1127,9 +1127,12 @@ class Linux(Platform):
                f"attempting to run {repr(command)} during execution of {self.command_running.args}!"
            )

-        if shell:
-            # Ensure this works normally
-            command = shlex.join(["/bin/sh", "-c", command])
+        # This breaks `euid` situations. Not all shells support -p, so I think just not
+        # using this is a better option. I'm leaving it here just in case removing it
+        # causes problems in the future. Tests seem positive so far.
+        # if shell:
+        #     # Ensure this works normally
+        #     command = shlex.join(["/bin/sh", "-c", command])

        if cwd is not None:
            command = f"(cd {cwd} && {command})"
@ -1664,9 +1667,11 @@ class Linux(Platform):
                pid = self.getenv("$")
                # Grab the path to the executable representing the shell
                self.shell = self.Path("/proc", pid, "exe").readlink()
-            except (FileNotFoundError, PermissionError):
+            except (FileNotFoundError, PermissionError, OSError):
                # Fall back to SHELL even though it's not really trustworthy
                self.shell = self.getenv("SHELL")
+                if self.shell is None or self.shell == "":
+                    self.shell = "/bin/sh"
        else:

            # Going interactive requires a pty