In the message dated: Wed, 22 Feb 2006 17:17:21 EST,
The pithy ruminations from Dan Pritts on
<Re: [BackupPC-users] escaping command line options> were:
=> You might look into SELinux capabilities if you're running Linux.
=>
=> Solaris 10 has some similar features:
=> http://www.sun.com/bigadmin/xperts/sessions/16_prm/
=>
=> more as an answer to your question, try implementing this thing
=> in perl. It's better suited to the kind of string processing you're
=> doing.
=>
=> Maybe this:
=>
=> #!/usr/bin/perl -w
=>
=> $cmd=$ENV{'SSH_ORIGINAL_COMMAND'}
=>
=> if ( $cmd =~ /[*|?{~\(\[\$\`]/ ) {
=> die "error, unallowed character in command string\n"
It may be better to specify the list of allowed characters, rather than the
reverse. Try:
if ( $cmd !~ /^[\w\d\.-]+$/ ) {
to allow just letters, numbers, underscore (part of \w), dash, and period.
=> }
=>
=> if ( $cmd =~ /^\/usr\/bin\/rsync --server/ ) {
=> # for more security, split this into an array and exec
=> # the array, that will prevent it from being run by a subshell
=> exec "$cmd";
=> }
=>
=> die "error, command didn\'t start /usr/bin/rsync --server";
In thinking about this more, I'd like to get a clearer idea of the goal of the
script. If I understand it correctly, the intent is to allow untrusted users to
initiate backups of subsets of a client machine on which they have an account.
If this is correct, then here's an alternative proposal....
Have the wrapper script simply be something like:
#! /bin/sh
/usr/bin/rsync --server --port 10873 $*
(Obviously, the corresponding backup process on the BackupPC server will need
to include the same port specification.)
However, the ssh connection, and the script, will be run as the untrusted user,
not as root. In this case, the user will only be able to backup files that
they'd otherwise have permission to read from the shell.
The question of allowing users to restore only their own files, without the
ability to access files that they couldn't read from the shell, is another
problem...
Mark
=>
=> This probably has syntax errors and i've probably missed some
=> metacharacter that you should exclude.
=>
=> danno
=>
----
Mark Bergman
[EMAIL PROTECTED]
Seeking a Unix/Linux sysadmin position local to Philadelphia or via
telecommuting
http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=bergman%40merctech.com
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
