From 5096e0040f3c231393fc8a2b2fa2d344de354158 Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Fri, 5 Sep 2025 11:46:16 +0100
Subject: mk: hardened PWD check (deny symlinks)

we check if the first argument is "./mk" and bail if not,
which forces you to be in the xbmk work directory.

however, this check is flawed because symlinks were still
possible.

this patch prevents a same-named symlink "mk" pointing to
the real mk from being used.

this hardening is necessary, due to several built-in
assumptions inherent within the design of xbmk.

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 mk | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'mk')

diff --git a/mk b/mk
index 9dc743c5..cdcb03c8 100755
--- a/mk
+++ b/mk
@@ -5,7 +5,10 @@
 
 set -u -e
 
-if [ "$0" != "./mk" ]; then
+ispwd="true"
+[ "$0" = "./mk" ] || ispwd="false"
+[ "$ispwd" = "true" ] && [ -L "mk" ] && ispwd="false"
+if [ "$ispwd" = "false" ]; then
 	printf "You must run this in the proper work directory.\n" 1>&2
 	exit 1
 fi
-- 
cgit v1.2.1