git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8619bd1)
tests/fake_snap: sanitize paths
authorDavid Disseldorp via samba-technical <samba-technical@lists.samba.org>
Sat, 26 Aug 2017 21:40:37 +0000 (23:40 +0200)
committerKarolin Seeger <kseeger@samba.org>
Thu, 31 Aug 2017 07:48:14 +0000 (09:48 +0200)
Ensure fake_snap.pl can be run in taint mode (-T), by sanitizing paths
and the PATH env. This fixes the following samba3.rpc.fsrvp selftest
failures:
Insecure dependency in mkdir while running setgid at (eval 2) line 4.
snap create failed: NT_STATUS_UNSUCCESSFUL
snap create failed for shadow copy of /home/ddiss/isms/samba/st/nt4_dc/share

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12988

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 29 04:54:51 CEST 2017 on sn-devel-144

(cherry picked from commit f9d4158f0b002b482df0a919d4cb337cce81f9f8)

source3/script/tests/fake_snap.pl patch | blob | history

diff --git a/source3/script/tests/fake_snap.pl b/source3/script/tests/fake_snap.pl
index d1233f375b000ca06a961855a73e0dfa8b9ced57..18bbcb7142e4ceaa192cb88143dae9986cc5aa57 100755 (executable)
--- a/source3/script/tests/fake_snap.pl
+++ b/source3/script/tests/fake_snap.pl
@@ -5,14 +5,25 @@ use strict;
 use File::Path qw(rmtree);
 use POSIX ();
 
+sub _untaint_path
+{
+       my ($path) = @_;
+
+       if ($path =~ /^(.*)$/) {
+               return $1;
+       }
+       die "bad path";
+}
+
 sub _create_snapshot
 {
-       my ($base_path) = @_;
+       my ($base_path) = _untaint_path(shift);
        my $time_str = POSIX::strftime("%Y.%m.%d-%H.%M.%S" , localtime());
        my $snap_path = $base_path . "/.snapshots/\@GMT-" . $time_str;
        my $ret;
 
-       POSIX::mkdir($base_path . "/.snapshots", 0777);
+       $ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
+       POSIX::mkdir($base_path . "/.snapshots", 0755);
 
        # add trailing slash to src path to ensure that only contents is copied
        $ret = system("rsync", "-a", "--exclude=.snapshots/", "${base_path}/",
@@ -28,7 +39,8 @@ sub _create_snapshot
 
 sub _delete_snapshot
 {
-       my ($base_path, $snap_path) = @_;
+       my $base_path = _untaint_path(shift);
+       my $snap_path = _untaint_path(shift);
 
        # we're doing a recursive delete, so do some sanity checks
        if ((index($snap_path, $base_path) != 0) || (index($snap_path, ".snapshots") == -1)) {
@@ -36,6 +48,7 @@ sub _delete_snapshot
                return -1;
        }
 
+       $ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
        rmtree($snap_path, {error => \my $err});
        if (@$err) {
                for my $diag (@$err) {
Samba Shared Repository