c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2026-05-22 02:27:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Restrict zpool iostat/status -c to search path

Browse Source 
zpool iostat/status -c is supposed to be restricted
by its search path, but currently isn't. To prevent
arbitrary scripts from being executed, disallow '/'
from commands.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: George Melikov <mail@gmelikov.ru>
Reviewed-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Giuseppe Di Natale <dinatale2@llnl.gov>
Closes #6353 
Closes #6359
This commit is contained in:
Giuseppe Di Natale
2017-07-24 11:53:59 -07:00
committed by Brian Behlendorf
parent b6e5c40382
commit d6bcf7ff5e
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/zpool/zpool_iter.c
+3
View File
@@ -565,6 +565,9 @@ vdev_run_cmd_thread(void *cb_cmd_data)
char *dir = NULL, *sp, *sprest;
char fullpath[MAXPATHLEN];
if (strchr(cmd, '/') != NULL)
continue;
sp = zpool_get_cmd_search_path();
if (sp == NULL)
continue;