On Mon, Oct 02, 2023 at 04:00:57PM -0400, Michael Jeanson wrote:
Hi,
> Can you open a bug upstream? I would prefer to go with a fix approved by
> upstream.
Sure, will do.
> Also I'm not sure I understand under which circumstances the content of
> '$value' could be controlled by an 'adversary'? Can you explain shortly what
> would be an exploitation scenario you envision?
It doesn't have to be an adversary; you could also have some free-text comment
in a zfs user property that, if passed to a shell unescaped, does something you
don't want. My examples were perhaps extreme.
That said, at least two feasible scenarios exist:
1. the admin could be delegating the permission to set properties to users
(using zfs allow), who would then potentially be adversaries. If "userprop" is
delegated, the user can create their own free-text properties.
2. you could be working with a zfs pool created by an adversary (e.g. as part
of a forensic examination).
AndrĂ¡s
--
Crawlers never stumble.
