From c30febad8c4bf4a1fb073dda4c62888c4f2cbdbb Mon Sep 17 00:00:00 2001
From: Shashank Pandey <shashankp2022@gmail.com>
Date: Tue, 7 Jan 2025 18:29:59 +0530
Subject: [PATCH] Shell escape commands and sudo commands fix

- Fixed support for 'allowed_shell_escape' command.
- Allowing sudo commands to ask for password in the terminal.
Fixes ghantoos/lshell#256
---
 lshell/checkconfig.py |  3 +++
 lshell/utils.py       | 21 +++++++++++++++------
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/lshell/checkconfig.py b/lshell/checkconfig.py
index 1ab08ea..627738c 100644
--- a/lshell/checkconfig.py
+++ b/lshell/checkconfig.py
@@ -702,6 +702,9 @@ def set_noexec(self):
             # if sudo_noexec.so file is not found,  write error in log file,
             # but don't exit tp  prevent strict dependency on sudo noexec lib
             self.log.error("Error: noexec library not found")
+        else:
+            # setting the global level LD_PRELOAD env variable
+            os.environ["LD_PRELOAD"] = self.conf.get("path_noexec")
 
         self.conf["allowed"] += self.conf["allowed_shell_escape"]
 
diff --git a/lshell/utils.py b/lshell/utils.py
index e5f2a42..0ef612c 100644
--- a/lshell/utils.py
+++ b/lshell/utils.py
@@ -1,5 +1,6 @@
 """ Utils for lshell """
 
+import copy
 import re
 import subprocess
 import os
@@ -174,15 +175,23 @@ def cmd_parse_execute(command_line, shell_context=None):
             else:
                 retcode = getattr(builtincmd, executable)(shell_context.conf)
         else:
-            if "path_noexec" in shell_context.conf:
-                os.environ["LD_PRELOAD"] = shell_context.conf["path_noexec"]
             command = replace_exit_code(command, retcode)
-            retcode = exec_cmd(command)
+            # Create a set of allowed shell escape commands by removing builtins from the allowed list
+            shell_excape_commands = set(shell_context.conf["allowed_shell_escape"]) - \
+                set(variables.builtins_list)
+
+            # If the command is in the allowed shell escape list, modify the environment and execute it
+            if command.split()[0] in shell_excape_commands:
+                env = copy.deepcopy(os.environ)
+                env["LD_PRELOAD"] = ""
+                retcode = exec_cmd(command, env=env)
+            else:
+                retcode = exec_cmd(command)
 
     return retcode
 
 
-def exec_cmd(cmd):
+def exec_cmd(cmd, env=None):
     """Execute a command exactly as entered, with support for backgrounding via Ctrl+Z."""
 
     class CtrlZException(Exception):
@@ -223,7 +232,7 @@ def handle_sigcont(signum, frame):
                     stdin=devnull_in,  # Redirect input to /dev/null
                     stdout=sys.stdout,
                     stderr=sys.stderr,
-                    preexec_fn=os.setsid,
+                    env=env
                 )
             # add to background jobs and return
             builtincmd.BACKGROUND_JOBS.append(proc)
@@ -231,7 +240,7 @@ def handle_sigcont(signum, frame):
             print(f"[{job_id}] {cmd} (pid: {proc.pid})")
             retcode = 0
         else:
-            proc = subprocess.Popen(cmd_args, preexec_fn=os.setsid)
+            proc = subprocess.Popen(cmd_args, env=env)
             proc.communicate()
             retcode = proc.returncode if proc.returncode is not None else 0