]> granicus.if.org Git - zfs/commitdiff
Restrict zpool iostat/status -c to search path
authorGiuseppe Di Natale <dinatale2@users.noreply.github.com>
Mon, 24 Jul 2017 18:53:59 +0000 (11:53 -0700)
committerBrian Behlendorf <behlendorf1@llnl.gov>
Mon, 24 Jul 2017 18:53:59 +0000 (11:53 -0700)
zpool iostat/status -c is supposed to be restricted
by its search path, but currently isn't. To prevent
arbitrary scripts from being executed, disallow '/'
from commands.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: George Melikov <mail@gmelikov.ru>
Reviewed-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Giuseppe Di Natale <dinatale2@llnl.gov>
Closes #6353
Closes #6359

cmd/zpool/zpool_iter.c
man/man8/zpool.8

index abb1b179881f856875b2cd4ef1d8029f9f644040..e55c2f10297d93d8ca48f99b36c5ed9623ab0d4d 100644 (file)
@@ -565,6 +565,9 @@ vdev_run_cmd_thread(void *cb_cmd_data)
                char *dir = NULL, *sp, *sprest;
                char fullpath[MAXPATHLEN];
 
+               if (strchr(cmd, '/') != NULL)
+                       continue;
+
                sp = zpool_get_cmd_search_path();
                if (sp == NULL)
                        continue;
index 78a6542d758ee07552029d5f7881792950abf52c..02853342c2df7a0f1b831aa6cb98154c12f6ed87 100644 (file)
@@ -1464,7 +1464,8 @@ output. Users can run any script found in their
 .Pa ~/.zpool.d
 directory or from the system
 .Pa /etc/zfs/zpool.d
-directory. The default search path can be overridden by setting the
+directory. Script names containing the slash (/) character are not allowed.
+The default search path can be overridden by setting the
 ZPOOL_SCRIPTS_PATH environment variable. A privileged user can run
 .Fl c
 if they have the ZPOOL_SCRIPTS_AS_ROOT