On Mon, Oct 02, 2023 at 04:00:57PM -0400, Michael Jeanson wrote:
Hi,
> Can you open a bug upstream? I would prefer to go with a fix approved by
> upstream.
Sure, will do.
> Also I'm not sure I understand under which circumstances the content of
> '$value' could be controlled by an
Hi,
Can you open a bug upstream? I would prefer to go with a fix approved by
upstream.
Also I'm not sure I understand under which circumstances the content of
'$value' could be controlled by an 'adversary'? Can you explain shortly what
would be an exploitation scenario you envision?
OK, that quick fix will work for whitespace but still break on apostrophes.
How about using the escapeshellparam sub?
https://github.com/jimsalterjrs/sanoid/blob/61000c9da2f8762424ba2de8a49abb1b7ec5154d/syncoid#L2070
Or, better yet, replace that sub with this:
Package: sanoid
Version: 2.2.0-1
Severity: important
Tags: upstream patch
Hi,
line 496 of syncoid reads
$recvoptions .= " -o $key=$value";
this string is then apparently passed to a shell, which will split $value into
words on whitespace, causing the zfs command line to become invalid at best
4 matches
Mail list logo
