zpool iostat/status -c is supposed to be restricted
by its search path, but currently isn't. To prevent
arbitrary scripts from being executed, disallow '/'
from commands.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: George Melikov <mail@gmelikov.ru>
Reviewed-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Giuseppe Di Natale <dinatale2@llnl.gov>
Closes #6353
Closes #6359
char *dir = NULL, *sp, *sprest;
char fullpath[MAXPATHLEN];
+ if (strchr(cmd, '/') != NULL)
+ continue;
+
sp = zpool_get_cmd_search_path();
if (sp == NULL)
continue;
.Pa ~/.zpool.d
directory or from the system
.Pa /etc/zfs/zpool.d
-directory. The default search path can be overridden by setting the
+directory. Script names containing the slash (/) character are not allowed.
+The default search path can be overridden by setting the
ZPOOL_SCRIPTS_PATH environment variable. A privileged user can run
.Fl c
if they have the ZPOOL_SCRIPTS_AS_ROOT